|
Lines 170-184
Link Here
|
| 170 |
{ |
170 |
{ |
| 171 |
struct member *m; |
171 |
struct member *m; |
| 172 |
struct alias *a; |
172 |
struct alias *a; |
| 173 |
int rval, matched = UNSPEC; |
173 |
int rval; |
| 174 |
|
174 |
int user_matched = UNSPEC; |
| 175 |
if (runas_gr != NULL) { |
175 |
int group_matched = UNSPEC; |
| 176 |
if (tq_empty(group_list)) |
|
|
| 177 |
return(DENY); /* group was specified but none in sudoers */ |
| 178 |
if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) && |
| 179 |
tq_empty(user_list)) |
| 180 |
return(DENY); /* user was specified but none in sudoers */ |
| 181 |
} |
| 182 |
|
176 |
|
| 183 |
if (tq_empty(user_list) && tq_empty(group_list)) |
177 |
if (tq_empty(user_list) && tq_empty(group_list)) |
| 184 |
return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); |
178 |
return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); |
|
Lines 187-245
Link Here
|
| 187 |
tq_foreach_rev(user_list, m) { |
181 |
tq_foreach_rev(user_list, m) { |
| 188 |
switch (m->type) { |
182 |
switch (m->type) { |
| 189 |
case ALL: |
183 |
case ALL: |
| 190 |
matched = !m->negated; |
184 |
user_matched = !m->negated; |
| 191 |
break; |
185 |
break; |
| 192 |
case NETGROUP: |
186 |
case NETGROUP: |
| 193 |
if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) |
187 |
if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) |
| 194 |
matched = !m->negated; |
188 |
user_matched = !m->negated; |
| 195 |
break; |
189 |
break; |
| 196 |
case USERGROUP: |
190 |
case USERGROUP: |
| 197 |
if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) |
191 |
if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) |
| 198 |
matched = !m->negated; |
192 |
user_matched = !m->negated; |
| 199 |
break; |
193 |
break; |
| 200 |
case ALIAS: |
194 |
case ALIAS: |
| 201 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
195 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
| 202 |
rval = _runaslist_matches(&a->members, &empty); |
196 |
rval = _runaslist_matches(&a->members, &empty); |
| 203 |
if (rval != UNSPEC) |
197 |
if (rval != UNSPEC) |
| 204 |
matched = m->negated ? !rval : rval; |
198 |
user_matched = m->negated ? !rval : rval; |
| 205 |
break; |
199 |
break; |
| 206 |
} |
200 |
} |
| 207 |
/* FALLTHROUGH */ |
201 |
/* FALLTHROUGH */ |
| 208 |
case WORD: |
202 |
case WORD: |
| 209 |
if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) |
203 |
if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) |
| 210 |
matched = !m->negated; |
204 |
user_matched = !m->negated; |
| 211 |
break; |
205 |
break; |
| 212 |
} |
206 |
} |
| 213 |
if (matched != UNSPEC) |
207 |
if (user_matched != UNSPEC) |
| 214 |
break; |
208 |
break; |
| 215 |
} |
209 |
} |
| 216 |
} |
210 |
} |
| 217 |
|
211 |
|
| 218 |
if (runas_gr != NULL) { |
212 |
if (runas_gr != NULL) { |
|
|
213 |
if (user_matched == UNSPEC) { |
| 214 |
if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0) |
| 215 |
user_matched = ALLOW; /* only changing group */ |
| 216 |
} |
| 219 |
tq_foreach_rev(group_list, m) { |
217 |
tq_foreach_rev(group_list, m) { |
| 220 |
switch (m->type) { |
218 |
switch (m->type) { |
| 221 |
case ALL: |
219 |
case ALL: |
| 222 |
matched = !m->negated; |
220 |
group_matched = !m->negated; |
| 223 |
break; |
221 |
break; |
| 224 |
case ALIAS: |
222 |
case ALIAS: |
| 225 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
223 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
| 226 |
rval = _runaslist_matches(&a->members, &empty); |
224 |
rval = _runaslist_matches(&a->members, &empty); |
| 227 |
if (rval != UNSPEC) |
225 |
if (rval != UNSPEC) |
| 228 |
matched = m->negated ? !rval : rval; |
226 |
group_matched = m->negated ? !rval : rval; |
| 229 |
break; |
227 |
break; |
| 230 |
} |
228 |
} |
| 231 |
/* FALLTHROUGH */ |
229 |
/* FALLTHROUGH */ |
| 232 |
case WORD: |
230 |
case WORD: |
| 233 |
if (group_matches(m->name, runas_gr)) |
231 |
if (group_matches(m->name, runas_gr)) |
| 234 |
matched = !m->negated; |
232 |
group_matched = !m->negated; |
| 235 |
break; |
233 |
break; |
| 236 |
} |
234 |
} |
| 237 |
if (matched != UNSPEC) |
235 |
if (group_matched != UNSPEC) |
| 238 |
break; |
236 |
break; |
| 239 |
} |
237 |
} |
| 240 |
} |
238 |
} |
| 241 |
|
239 |
|
| 242 |
return(matched); |
240 |
if (user_matched == DENY || group_matched == DENY) |
|
|
241 |
return(DENY); |
| 242 |
if (user_matched == group_matched || runas_gr == NULL) |
| 243 |
return(user_matched); |
| 244 |
return(UNSPEC); |
| 243 |
} |
245 |
} |
| 244 |
|
246 |
|
| 245 |
int |
247 |
int |
