src/usr.bin/sudo/match.c - diff

Return to match.c CVS log

Up to [local] / src / usr.bin / sudo

Diff for /src/usr.bin/sudo/Attic/match.c between version 1.7 and 1.8

version 1.7, 2010/03/09 18:29:57

version 1.8, 2011/02/06 14:06:30

Line 1

* Todd C. Miller <Todd.Miller@courtesan.com>

* Permission to use, copy, modify, and distribute this software for any

Line 171

{

struct member *m;

struct alias *a;

int rval, matched = UNSPEC;

int rval;

int user_matched = UNSPEC;

int group_matched = UNSPEC;

if (runas_gr != NULL) {

if (tq_empty(group_list))

return(DENY); /* group was specified but none in sudoers */

if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) &&

tq_empty(user_list))

return(DENY); /* user was specified but none in sudoers */

}

if (tq_empty(user_list) && tq_empty(group_list))

return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));

if (runas_pw != NULL) {

/* If no runas user or runas group listed in sudoers, use default. */

if (tq_empty(user_list) && tq_empty(group_list))

return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));

tq_foreach_rev(user_list, m) {

switch (m->type) {

case ALL:

matched = !m->negated;

user_matched = !m->negated;

break;

case NETGROUP:

if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name))

matched = !m->negated;

user_matched = !m->negated;

break;

case USERGROUP:

if (usergr_matches(m->name, runas_pw->pw_name, runas_pw))

matched = !m->negated;

user_matched = !m->negated;

break;

case ALIAS:

if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {

rval = _runaslist_matches(&a->members, &empty);

if (rval != UNSPEC)

matched = m->negated ? !rval : rval;

user_matched = m->negated ? !rval : rval;

break;

}

/* FALLTHROUGH */

case WORD:

if (userpw_matches(m->name, runas_pw->pw_name, runas_pw))

matched = !m->negated;

user_matched = !m->negated;

break;

}

if (matched != UNSPEC)

if (user_matched != UNSPEC)

break;

}

if (runas_gr != NULL) {

if (user_matched == UNSPEC) {

if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0)

user_matched = ALLOW; /* only changing group */

}

tq_foreach_rev(group_list, m) {

switch (m->type) {

case ALL:

matched = !m->negated;

group_matched = !m->negated;

break;

case ALIAS:

if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {

rval = _runaslist_matches(&a->members, &empty);

if (rval != UNSPEC)

matched = m->negated ? !rval : rval;

group_matched = m->negated ? !rval : rval;

break;

}

/* FALLTHROUGH */

case WORD:

if (group_matches(m->name, runas_gr))

matched = !m->negated;

group_matched = !m->negated;

break;

}

if (matched != UNSPEC)

if (group_matched != UNSPEC)

break;

}

return(matched);

if (user_matched == DENY || group_matched == DENY)

return(DENY);

if (user_matched == group_matched || runas_gr == NULL)

return(user_matched);

return(UNSPEC);

}

int