go back to using explicit install calls in rules due to renaming required

[debian/sudo] / match.c

diff --git a/match.c b/match.c
index 64d413b3def63a4e2c384e8516eff38d608b086a..91ec315302c79e6f6250cd287f18a3ec79bbabc2 100644 (file)
--- a/match.c
+++ b/match.c
@@ -170,15 +170,9 @@ _runaslist_matches(user_list, group_list)
 {
     struct member *m;
     struct alias *a;
-    int rval, matched = UNSPEC;
-
-    if (runas_gr != NULL) {
-       if (tq_empty(group_list))
-           return(DENY); /* group was specified but none in sudoers */
-       if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) &&
-           tq_empty(user_list))
-           return(DENY); /* user was specified but none in sudoers */
-    }
+    int rval;
+    int user_matched = UNSPEC;
+    int group_matched = UNSPEC;
 
     if (tq_empty(user_list) && tq_empty(group_list))
        return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));
@@ -187,59 +181,67 @@ _runaslist_matches(user_list, group_list)
        tq_foreach_rev(user_list, m) {
            switch (m->type) {
                case ALL:
-                   matched = !m->negated;
+                   user_matched = !m->negated;
                    break;
                case NETGROUP:
                    if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name))
-                       matched = !m->negated;
+                       user_matched = !m->negated;
                    break;
                case USERGROUP:
                    if (usergr_matches(m->name, runas_pw->pw_name, runas_pw))
-                       matched = !m->negated;
+                       user_matched = !m->negated;
                    break;
                case ALIAS:
                    if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
                        rval = _runaslist_matches(&a->members, &empty);
                        if (rval != UNSPEC)
-                           matched = m->negated ? !rval : rval;
+                           user_matched = m->negated ? !rval : rval;
                        break;
                    }
                    /* FALLTHROUGH */
                case WORD:
                    if (userpw_matches(m->name, runas_pw->pw_name, runas_pw))
-                       matched = !m->negated;
+                       user_matched = !m->negated;
                    break;
            }
-           if (matched != UNSPEC)
+           if (user_matched != UNSPEC)
                break;
        }
     }
 
     if (runas_gr != NULL) {
+       if (user_matched == UNSPEC) {
+           if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0)
+               user_matched = ALLOW;   /* only changing group */
+       }
        tq_foreach_rev(group_list, m) {
            switch (m->type) {
                case ALL:
-                   matched = !m->negated;
+                   group_matched = !m->negated;
                    break;
                case ALIAS:
                    if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
                        rval = _runaslist_matches(&a->members, &empty);
                        if (rval != UNSPEC)
-                           matched = m->negated ? !rval : rval;
+                           group_matched = m->negated ? !rval : rval;
                        break;
                    }
                    /* FALLTHROUGH */
                case WORD:
                    if (group_matches(m->name, runas_gr))
-                       matched = !m->negated;
+                       group_matched = !m->negated;
                    break;
            }
-           if (matched != UNSPEC)
+           if (group_matched != UNSPEC)
                break;
        }
     }
 
-    return(matched);
+    if (user_matched == DENY || group_matched == DENY)
+       return(DENY);
+    if (user_matched == group_matched || runas_gr == NULL)
+       return(user_matched);
+    return(UNSPEC);
 }
 
 int