From: Todd C. Miller Date: Tue, 30 Mar 1999 17:17:54 +0000 (+0000) Subject: Fix another parser bug. For a sudoers entry like this: X-Git-Tag: SUDO_1_5_9~3 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=49c5a12d8c4325ad219eb702dadb568aa5dad76a;p=sudo Fix another parser bug. For a sudoers entry like this: millert ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls as root. --- diff --git a/parse.c b/parse.c index fd3fba712..ace3f1d8d 100644 --- a/parse.c +++ b/parse.c @@ -166,8 +166,8 @@ int validate(check_cmnd) else while (top) { if (host_matches == TRUE) { - if (cmnd_matches == TRUE) { - if (runas_matches == TRUE) { + if (runas_matches == TRUE) { + if (cmnd_matches == TRUE) { /* * User was granted access to cmnd on host. * If no passwd required return as such. @@ -176,10 +176,10 @@ int validate(check_cmnd) return(VALIDATE_OK_NOPASS); else return(VALIDATE_OK); + } else if (cmnd_matches == FALSE) { + /* User was explicitly denied acces to cmnd on host. */ + return(VALIDATE_NOT_OK); } - } else if (cmnd_matches == FALSE) { - /* User was explicitly denied acces to cmnd on host. */ - return(VALIDATE_NOT_OK); } } top--; diff --git a/parse.yacc b/parse.yacc index e38e29d03..caa0c633d 100644 --- a/parse.yacc +++ b/parse.yacc @@ -278,11 +278,11 @@ cmndspec : { /* Push a new entry onto the stack if needed */ no_passwd = -1; } } runasspec nopasswd opcmnd { - if ($2 > 0 && $4 == TRUE) { + if ($2 > 0) runas_matches = TRUE; - if ($3 == TRUE) - no_passwd = TRUE; - } else if (printmatches == TRUE) { + if ($3 == TRUE) + no_passwd = TRUE; + if (($2 == -1 || $4 == -1) && printmatches == TRUE) { cm_list[cm_list_len].runas_len = 0; cm_list[cm_list_len].cmnd_len = 0; cm_list[cm_list_len].nopasswd = FALSE; diff --git a/sudo.tab.c b/sudo.tab.c index 17532c91e..657a6b6d5 100644 --- a/sudo.tab.c +++ b/sudo.tab.c @@ -1134,11 +1134,11 @@ break; case 23: #line 280 "parse.yacc" { - if (yyvsp[-2].BOOLEAN > 0 && yyvsp[0].BOOLEAN == TRUE) { + if (yyvsp[-2].BOOLEAN > 0) runas_matches = TRUE; - if (yyvsp[-1].BOOLEAN == TRUE) - no_passwd = TRUE; - } else if (printmatches == TRUE) { + if (yyvsp[-1].BOOLEAN == TRUE) + no_passwd = TRUE; + if ((yyvsp[-2].BOOLEAN == -1 || yyvsp[0].BOOLEAN == -1) && printmatches == TRUE) { cm_list[cm_list_len].runas_len = 0; cm_list[cm_list_len].cmnd_len = 0; cm_list[cm_list_len].nopasswd = FALSE;