Fix a parser bug that was exposed when mixing different runas specs

and ! commands. For example: millert ALL=(daemon) /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root as well as daemon when it should just allow daemon. The problem was that comma-separated commands in a list shared the same entry on the matching stack. Now they get their own entry iff there is a full match. It may be better to just make the runas spec persistent across all commands in a list like the user and host entries of the matching stack. However, since that is a fairly major change it should gets its own minor rev increase.
author: Todd C. Miller <Todd.Miller@courtesan.com> 1999-03-29 00:05:15 +0000
committer: Todd C. Miller <Todd.Miller@courtesan.com> 1999-03-29 00:05:15 +0000
commit: b5b95cd6dcbf030902df74418dad261d3d4054a9 (patch)
tree: b5b06d44cc15d82752ccdff9341235cc3d936852 /parse.yacc
parent: 9f2b9718b2863003de0fadce6665469d2c370887 (diff)
download: sudo-b5b95cd6dcbf030902df74418dad261d3d4054a9.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/parse.yacc b/parse.yacc
index 731274870..db58d7df1 100644
--- a/parse.yacc
+++ b/parse.yacc
@@ -275,10 +275,15 @@ cmndspec	:	runasspec nopasswd opcmnd {
 				runas_matches = TRUE;
 				if ($2 == TRUE)
 				    no_passwd = TRUE;
+				push;
 			    } else if (printmatches == TRUE) {
 				cm_list[cm_list_len].runas_len = 0;
 				cm_list[cm_list_len].cmnd_len = 0;
 				cm_list[cm_list_len].nopasswd = FALSE;
+			    } else {
+				cmnd_matches = -1;
+				runas_matches = -1;
+				no_passwd = -1;
 			    }
 			}
 		;
author	Todd C. Miller <Todd.Miller@courtesan.com>	1999-03-29 00:05:15 +0000
committer	Todd C. Miller <Todd.Miller@courtesan.com>	1999-03-29 00:05:15 +0000
commit	b5b95cd6dcbf030902df74418dad261d3d4054a9 (patch)
tree	b5b06d44cc15d82752ccdff9341235cc3d936852 /parse.yacc
parent	9f2b9718b2863003de0fadce6665469d2c370887 (diff)
download	sudo-b5b95cd6dcbf030902df74418dad261d3d4054a9.tar.gz