Lines 170-184
Link Here
|
170 |
{ |
170 |
{ |
171 |
struct member *m; |
171 |
struct member *m; |
172 |
struct alias *a; |
172 |
struct alias *a; |
173 |
int rval, matched = UNSPEC; |
173 |
int rval; |
174 |
|
174 |
int user_matched = UNSPEC; |
175 |
if (runas_gr != NULL) { |
175 |
int group_matched = UNSPEC; |
176 |
if (tq_empty(group_list)) |
|
|
177 |
return(DENY); /* group was specified but none in sudoers */ |
178 |
if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) && |
179 |
tq_empty(user_list)) |
180 |
return(DENY); /* user was specified but none in sudoers */ |
181 |
} |
182 |
|
176 |
|
183 |
if (tq_empty(user_list) && tq_empty(group_list)) |
177 |
if (tq_empty(user_list) && tq_empty(group_list)) |
184 |
return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); |
178 |
return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); |
Lines 187-245
Link Here
|
187 |
tq_foreach_rev(user_list, m) { |
181 |
tq_foreach_rev(user_list, m) { |
188 |
switch (m->type) { |
182 |
switch (m->type) { |
189 |
case ALL: |
183 |
case ALL: |
190 |
matched = !m->negated; |
184 |
user_matched = !m->negated; |
191 |
break; |
185 |
break; |
192 |
case NETGROUP: |
186 |
case NETGROUP: |
193 |
if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) |
187 |
if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) |
194 |
matched = !m->negated; |
188 |
user_matched = !m->negated; |
195 |
break; |
189 |
break; |
196 |
case USERGROUP: |
190 |
case USERGROUP: |
197 |
if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) |
191 |
if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) |
198 |
matched = !m->negated; |
192 |
user_matched = !m->negated; |
199 |
break; |
193 |
break; |
200 |
case ALIAS: |
194 |
case ALIAS: |
201 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
195 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
202 |
rval = _runaslist_matches(&a->members, &empty); |
196 |
rval = _runaslist_matches(&a->members, &empty); |
203 |
if (rval != UNSPEC) |
197 |
if (rval != UNSPEC) |
204 |
matched = m->negated ? !rval : rval; |
198 |
user_matched = m->negated ? !rval : rval; |
205 |
break; |
199 |
break; |
206 |
} |
200 |
} |
207 |
/* FALLTHROUGH */ |
201 |
/* FALLTHROUGH */ |
208 |
case WORD: |
202 |
case WORD: |
209 |
if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) |
203 |
if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) |
210 |
matched = !m->negated; |
204 |
user_matched = !m->negated; |
211 |
break; |
205 |
break; |
212 |
} |
206 |
} |
213 |
if (matched != UNSPEC) |
207 |
if (user_matched != UNSPEC) |
214 |
break; |
208 |
break; |
215 |
} |
209 |
} |
216 |
} |
210 |
} |
217 |
|
211 |
|
218 |
if (runas_gr != NULL) { |
212 |
if (runas_gr != NULL) { |
|
|
213 |
if (user_matched == UNSPEC) { |
214 |
if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0) |
215 |
user_matched = ALLOW; /* only changing group */ |
216 |
} |
219 |
tq_foreach_rev(group_list, m) { |
217 |
tq_foreach_rev(group_list, m) { |
220 |
switch (m->type) { |
218 |
switch (m->type) { |
221 |
case ALL: |
219 |
case ALL: |
222 |
matched = !m->negated; |
220 |
group_matched = !m->negated; |
223 |
break; |
221 |
break; |
224 |
case ALIAS: |
222 |
case ALIAS: |
225 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
223 |
if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { |
226 |
rval = _runaslist_matches(&a->members, &empty); |
224 |
rval = _runaslist_matches(&a->members, &empty); |
227 |
if (rval != UNSPEC) |
225 |
if (rval != UNSPEC) |
228 |
matched = m->negated ? !rval : rval; |
226 |
group_matched = m->negated ? !rval : rval; |
229 |
break; |
227 |
break; |
230 |
} |
228 |
} |
231 |
/* FALLTHROUGH */ |
229 |
/* FALLTHROUGH */ |
232 |
case WORD: |
230 |
case WORD: |
233 |
if (group_matches(m->name, runas_gr)) |
231 |
if (group_matches(m->name, runas_gr)) |
234 |
matched = !m->negated; |
232 |
group_matched = !m->negated; |
235 |
break; |
233 |
break; |
236 |
} |
234 |
} |
237 |
if (matched != UNSPEC) |
235 |
if (group_matched != UNSPEC) |
238 |
break; |
236 |
break; |
239 |
} |
237 |
} |
240 |
} |
238 |
} |
241 |
|
239 |
|
242 |
return(matched); |
240 |
if (user_matched == DENY || group_matched == DENY) |
|
|
241 |
return(DENY); |
242 |
if (user_matched == group_matched || runas_gr == NULL) |
243 |
return(user_matched); |
244 |
return(UNSPEC); |
243 |
} |
245 |
} |
244 |
|
246 |
|
245 |
int |
247 |
int |