/*
- * Copyright (c) 2004-2005, 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#endif /* STDC_HEADERS */
#ifdef HAVE_STRING_H
# include <string.h>
-#else
-# ifdef HAVE_STRINGS_H
-# include <strings.h>
-# endif
#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include "lbuf.h"
#include <gram.h>
-#ifndef lint
-__unused static const char rcsid[] = "$Sudo: parse.c,v 1.242 2009/05/25 12:02:41 millert Exp $";
-#endif /* lint */
-
/* Characters that must be quoted in sudoers */
#define SUDOERS_QUOTED ":\\,=#\""
def_noexec = tags->noexec;
if (tags->setenv != UNSPEC)
def_setenv = tags->setenv;
+ if (tags->log_input != UNSPEC)
+ def_log_input = tags->log_input;
+ if (tags->log_output != UNSPEC)
+ def_log_output = tags->log_output;
}
} else if (match == DENY) {
SET(validated, VALIDATE_NOT_OK);
"PASSWD: ", NULL);
tags->nopasswd = cs->tags.nopasswd;
}
+ if (TAG_CHANGED(log_input)) {
+ lbuf_append(lbuf, cs->tags.log_input ? "LOG_INPUT: " :
+ "NOLOG_INPUT: ", NULL);
+ tags->log_input = cs->tags.log_input;
+ }
+ if (TAG_CHANGED(log_output)) {
+ lbuf_append(lbuf, cs->tags.log_output ? "LOG_OUTPUT: " :
+ "NOLOG_OUTPUT: ", NULL);
+ tags->log_output = cs->tags.log_output;
+ }
m = cs->cmnd;
print_member(lbuf, m->name, m->type, m->negated,
CMNDALIAS);
int nfound = 0;
tq_foreach_fwd(&us->privileges, priv) {
+ if (hostlist_matches(&priv->hostlist) != ALLOW)
+ continue;
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
+ tags.log_input = UNSPEC;
+ tags.log_output = UNSPEC;
lbuf_append(lbuf, " ", NULL);
tq_foreach_fwd(&priv->cmndlist, cs) {
if (cs != tq_first(&priv->cmndlist))
sudo_file_append_cmnd(cs, &tags, lbuf);
nfound++;
}
- lbuf_print(lbuf); /* forces a newline */
+ lbuf_append(lbuf, "\n", NULL);
}
return(nfound);
}
int nfound = 0;
tq_foreach_fwd(&us->privileges, priv) {
+ if (hostlist_matches(&priv->hostlist) != ALLOW)
+ continue;
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
- lbuf_print(lbuf); /* force a newline */
- lbuf_append(lbuf, "Sudoers entry:", NULL);
- lbuf_print(lbuf);
+ tags.log_input = UNSPEC;
+ tags.log_output = UNSPEC;
+ lbuf_append(lbuf, "\nSudoers entry:\n", NULL);
tq_foreach_fwd(&priv->cmndlist, cs) {
lbuf_append(lbuf, " RunAsUsers: ", NULL);
if (!tq_empty(&cs->runasuserlist)) {
} else {
lbuf_append(lbuf, pw->pw_name, NULL);
}
- lbuf_print(lbuf);
+ lbuf_append(lbuf, "\n", NULL);
if (!tq_empty(&cs->runasgrouplist)) {
lbuf_append(lbuf, " RunAsGroups: ", NULL);
tq_foreach_fwd(&cs->runasgrouplist, m) {
print_member(lbuf, m->name, m->type, m->negated,
RUNASALIAS);
}
- lbuf_print(lbuf);
+ lbuf_append(lbuf, "\n", NULL);
}
- lbuf_append(lbuf, " Commands: ", NULL);
- lbuf_print(lbuf);
- lbuf_append(lbuf, "\t", NULL);
+ lbuf_append(lbuf, " Commands:\n\t", NULL);
sudo_file_append_cmnd(cs, &tags, lbuf);
- lbuf_print(lbuf);
+ lbuf_append(lbuf, "\n", NULL);
nfound++;
}
}
int nfound = 0;
if (nss->handle == NULL)
- return(-1);
+ goto done;
tq_foreach_fwd(&userspecs, us) {
- /* XXX - why only check the first privilege here? */
- if (userlist_matches(pw, &us->users) != ALLOW ||
- hostlist_matches(&us->privileges.first->hostlist) != ALLOW)
+ if (userlist_matches(pw, &us->users) != ALLOW)
continue;
if (long_list)
else
nfound += sudo_file_display_priv_short(pw, us, lbuf);
}
+done:
return(nfound);
}
struct lbuf *lbuf;
{
struct defaults *d;
- char *prefix = NULL;
+ char *prefix;
int nfound = 0;
if (nss->handle == NULL)
- return(-1);
+ goto done;
- if (lbuf->len == 0)
+ if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1]))
prefix = " ";
else
prefix = ", ";
prefix = ", ";
nfound++;
}
-
+done:
return(nfound);
}
nfound++;
if (binding != tq_first(&d->binding)) {
binding = tq_first(&d->binding);
+ if (nfound != 1)
+ lbuf_append(lbuf, "\n", NULL);
lbuf_append(lbuf, " Defaults", dsep, NULL);
for (m = binding; m != NULL; m = m->next) {
if (m != binding)
int host_match, runas_match, cmnd_match;
if (nss->handle == NULL)
- return(rval);
+ goto done;
match = NULL;
tq_foreach_rev(&userspecs, us) {
user_args ? user_args : "");
rval = 0;
}
+done:
return(rval);
}
projects / debian / sudo / blobdiff