=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/match.c,v retrieving revision 1.7 retrieving revision 1.8 diff -c -r1.7 -r1.8 *** src/usr.bin/sudo/Attic/match.c 2010/03/09 18:29:57 1.7 --- src/usr.bin/sudo/Attic/match.c 2011/02/06 14:06:30 1.8 *************** *** 1,5 **** /* ! * Copyright (c) 1996, 1998-2005, 2007-2009 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any --- 1,5 ---- /* ! * Copyright (c) 1996, 1998-2005, 2007-2010 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any *************** *** 171,246 **** { struct member *m; struct alias *a; ! int rval, matched = UNSPEC; - if (runas_gr != NULL) { - if (tq_empty(group_list)) - return(DENY); /* group was specified but none in sudoers */ - if (runas_pw != NULL && strcmp(runas_pw->pw_name, user_name) && - tq_empty(user_list)) - return(DENY); /* user was specified but none in sudoers */ - } - - if (tq_empty(user_list) && tq_empty(group_list)) - return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); - if (runas_pw != NULL) { tq_foreach_rev(user_list, m) { switch (m->type) { case ALL: ! matched = !m->negated; break; case NETGROUP: if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) ! matched = !m->negated; break; case USERGROUP: if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) ! matched = !m->negated; break; case ALIAS: if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { rval = _runaslist_matches(&a->members, &empty); if (rval != UNSPEC) ! matched = m->negated ? !rval : rval; break; } /* FALLTHROUGH */ case WORD: if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) ! matched = !m->negated; break; } ! if (matched != UNSPEC) break; } } if (runas_gr != NULL) { tq_foreach_rev(group_list, m) { switch (m->type) { case ALL: ! matched = !m->negated; break; case ALIAS: if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { rval = _runaslist_matches(&a->members, &empty); if (rval != UNSPEC) ! matched = m->negated ? !rval : rval; break; } /* FALLTHROUGH */ case WORD: if (group_matches(m->name, runas_gr)) ! matched = !m->negated; break; } ! if (matched != UNSPEC) break; } } ! return(matched); } int --- 171,249 ---- { struct member *m; struct alias *a; ! int rval; ! int user_matched = UNSPEC; ! int group_matched = UNSPEC; if (runas_pw != NULL) { + /* If no runas user or runas group listed in sudoers, use default. */ + if (tq_empty(user_list) && tq_empty(group_list)) + return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); + tq_foreach_rev(user_list, m) { switch (m->type) { case ALL: ! user_matched = !m->negated; break; case NETGROUP: if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name)) ! user_matched = !m->negated; break; case USERGROUP: if (usergr_matches(m->name, runas_pw->pw_name, runas_pw)) ! user_matched = !m->negated; break; case ALIAS: if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { rval = _runaslist_matches(&a->members, &empty); if (rval != UNSPEC) ! user_matched = m->negated ? !rval : rval; break; } /* FALLTHROUGH */ case WORD: if (userpw_matches(m->name, runas_pw->pw_name, runas_pw)) ! user_matched = !m->negated; break; } ! if (user_matched != UNSPEC) break; } } if (runas_gr != NULL) { + if (user_matched == UNSPEC) { + if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0) + user_matched = ALLOW; /* only changing group */ + } tq_foreach_rev(group_list, m) { switch (m->type) { case ALL: ! group_matched = !m->negated; break; case ALIAS: if ((a = alias_find(m->name, RUNASALIAS)) != NULL) { rval = _runaslist_matches(&a->members, &empty); if (rval != UNSPEC) ! group_matched = m->negated ? !rval : rval; break; } /* FALLTHROUGH */ case WORD: if (group_matches(m->name, runas_gr)) ! group_matched = !m->negated; break; } ! if (group_matched != UNSPEC) break; } } ! if (user_matched == DENY || group_matched == DENY) ! return(DENY); ! if (user_matched == group_matched || runas_gr == NULL) ! return(user_matched); ! return(UNSPEC); } int