diff options
| author | Todd C. Miller <Todd.Miller@courtesan.com> | 1999-08-19 16:30:09 +0000 |
|---|---|---|
| committer | Todd C. Miller <Todd.Miller@courtesan.com> | 1999-08-19 16:30:09 +0000 |
| commit | 92094b4140c31d524d91aa6152ee6807c9ccac8e (patch) | |
| tree | d64723d8ed6f14a9e638a85372ede7fef5cdc468 /parse.yacc | |
| parent | 87a0064777ffb845d141e6a8d33f28a6404bf4c3 (diff) | |
| download | sudo-92094b4140c31d524d91aa6152ee6807c9ccac8e.tar.gz | |
sudoers_lookup() now returns a bitmap instead of an int. This makes it
possible to express things like "failed to validate because user not listed
for this host". Some thigns that were previously VALIDATE_FOO are now
FLAG_FOO. This may change later on.
Reorganized code in log_auth() and sudo.c to deal with above changes.
Safer versions of push/pushcp with in the do { ... } while (0) style
parse.yacc now saves info on the stack to allow parse.c to determine
if a user was listed, but not for the host he/she tried to run on.
Added --with-mail-if-no-host option
Diffstat (limited to 'parse.yacc')
| -rw-r--r-- | parse.yacc | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/parse.yacc b/parse.yacc index f5c2398d9..9da4b0208 100644 --- a/parse.yacc +++ b/parse.yacc @@ -112,7 +112,7 @@ struct matchstack *match; int top = 0, stacksize = 0; #define push \ - { \ + do { \ if (top >= stacksize) { \ while ((stacksize += STACKINCREMENT) < top); \ match = (struct matchstack *) erealloc(match, sizeof(struct matchstack) * stacksize); \ @@ -123,10 +123,10 @@ int top = 0, stacksize = 0; match[top].runas = -1; \ match[top].nopass = pwdef; \ top++; \ - } + } while (0) #define pushcp \ - { \ + do { \ if (top >= stacksize) { \ while ((stacksize += STACKINCREMENT) < top); \ match = (struct matchstack *) erealloc(match, sizeof(struct matchstack) * stacksize); \ @@ -137,7 +137,7 @@ int top = 0, stacksize = 0; match[top].runas = match[top-1].runas; \ match[top].nopass = match[top-1].nopass; \ top++; \ - } + } while (0) #define pop \ { \ @@ -358,12 +358,20 @@ cmndspeclist : cmndspec cmndspec : runasspec nopasswd opcmnd { /* * Push the entry onto the stack if it is worth - * saving (or if nothing else is on the stack) - * and clear match status. + * saving and clear cmnd_matches for next cmnd. + * + * We need to save at least one entry on + * the stack so sudoers_lookup() can tell that + * the user was listed in sudoers. Also, we + * need to be able to tell whether or not a + * user was listed for this specific host. */ - if (user_matches == TRUE && host_matches == TRUE && - ((cmnd_matches != -1 && runas_matches != -1) || - top == 1)) + if (user_matches != -1 && host_matches != -1 && + cmnd_matches != -1 && runas_matches != -1) + pushcp; + else if (user_matches != -1 && (top == 1 || + (top == 2 && host_matches != -1 && + match[0].host == -1))) pushcp; cmnd_matches = -1; } |