version 1.2, 1999/12/10 06:45:11 |
version 1.3, 2000/01/24 04:22:53 |
|
|
/* |
/* |
* Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 1996, 1998-2000 Todd C. Miller <Todd.Miller@courtesan.com> |
* All rights reserved. |
* All rights reserved. |
* |
* |
* This code is derived from software contributed by Chris Jepeway |
* This code is derived from software contributed by Chris Jepeway |
|
|
#endif /* HAVE_FNMATCH */ |
#endif /* HAVE_FNMATCH */ |
|
|
#ifndef lint |
#ifndef lint |
static const char rcsid[] = "$Sudo: parse.c,v 1.123 1999/12/09 03:54:57 millert Exp $"; |
static const char rcsid[] = "$Sudo: parse.c,v 1.127 2000/01/17 23:46:25 millert Exp $"; |
#endif /* lint */ |
#endif /* lint */ |
|
|
/* |
/* |
* Globals |
* Globals |
*/ |
*/ |
int parse_error = FALSE; |
int parse_error = FALSE; |
|
extern int keepall; |
extern FILE *yyin, *yyout; |
extern FILE *yyin, *yyout; |
|
|
/* |
/* |
|
|
* allowed to run the specified command on this host as the target user. |
* allowed to run the specified command on this host as the target user. |
*/ |
*/ |
int |
int |
sudoers_lookup(check_cmnd) |
sudoers_lookup(pwflags) |
int check_cmnd; |
int pwflags; |
{ |
{ |
int error; |
int error; |
|
|
|
|
/* Allocate space for data structures in the parser. */ |
/* Allocate space for data structures in the parser. */ |
init_parser(); |
init_parser(); |
|
|
|
/* For most pwflags to be useful we need to keep more state around. */ |
|
if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS) |
|
keepall = TRUE; |
|
|
/* Need to be root while stat'ing things in the parser. */ |
/* Need to be root while stat'ing things in the parser. */ |
set_perms(PERM_ROOT, 0); |
set_perms(PERM_ROOT, 0); |
error = yyparse(); |
error = yyparse(); |
|
|
error = VALIDATE_NOT_OK; |
error = VALIDATE_NOT_OK; |
else |
else |
error = VALIDATE_NOT_OK | FLAG_NOPASS; |
error = VALIDATE_NOT_OK | FLAG_NOPASS; |
if (check_cmnd == TRUE) { |
if (pwflags) { |
|
error |= FLAG_NO_CHECK; |
|
} else { |
error |= FLAG_NO_HOST; |
error |= FLAG_NO_HOST; |
if (!top) |
if (!top) |
error |= FLAG_NO_USER; |
error |= FLAG_NO_USER; |
} else |
} |
error |= FLAG_NO_CHECK; |
|
|
|
/* |
/* |
* Only check the actual command if the check_cmnd flag is set. |
* Only check the actual command if pwflags flag is not set. |
* It is not set for the "validate" and "list" pseudo-commands. |
* It is set for the "validate", "list" and "kill" pseudo-commands. |
* Always check the host and user. |
* Always check the host and user. |
*/ |
*/ |
if (check_cmnd == FALSE) |
if (pwflags) { |
|
int nopass, found; |
|
|
|
if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) |
|
nopass = FLAG_NOPASS; |
|
else |
|
nopass = -1; |
|
found = 0; |
while (top) { |
while (top) { |
if (host_matches == TRUE) { |
if (host_matches == TRUE) { |
/* User may always validate or list on allowed hosts */ |
found = 1; |
if (no_passwd == TRUE) |
if (pwflags == PWCHECK_ANY && no_passwd == TRUE) |
return(VALIDATE_OK | FLAG_NOPASS); |
nopass = FLAG_NOPASS; |
else |
else if (pwflags == PWCHECK_ALL && nopass != 0) |
return(VALIDATE_OK); |
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0; |
} |
} |
top--; |
top--; |
} |
} |
else |
if (found) { |
|
if (nopass == -1) |
|
nopass = 0; |
|
return(VALIDATE_OK | nopass); |
|
} |
|
} else { |
while (top) { |
while (top) { |
if (host_matches == TRUE) { |
if (host_matches == TRUE) { |
error &= ~FLAG_NO_HOST; |
error &= ~FLAG_NO_HOST; |
|
|
} |
} |
top--; |
top--; |
} |
} |
|
} |
|
|
/* |
/* |
* The user was not explicitly granted nor denied access. |
* The user was not explicitly granted nor denied access. |
|
|
|
|
/* |
/* |
* Returns TRUE if "host" and "user" belong to the netgroup "netgr", |
* Returns TRUE if "host" and "user" belong to the netgroup "netgr", |
* else return FALSE. Either of "host" or "user" may be NULL |
* else return FALSE. Either of "host", "shost" or "user" may be NULL |
* in which case that argument is not checked... |
* in which case that argument is not checked... |
*/ |
*/ |
int |
int |
netgr_matches(netgr, host, user) |
netgr_matches(netgr, host, shost, user) |
char *netgr; |
char *netgr; |
char *host; |
char *host; |
|
char *shost; |
char *user; |
char *user; |
{ |
{ |
#ifdef HAVE_GETDOMAINNAME |
#ifdef HAVE_GETDOMAINNAME |
|
|
#endif /* HAVE_GETDOMAINNAME */ |
#endif /* HAVE_GETDOMAINNAME */ |
|
|
#ifdef HAVE_INNETGR |
#ifdef HAVE_INNETGR |
return(innetgr(netgr, host, user, domain)); |
if (innetgr(netgr, host, user, domain)) |
#else |
return(TRUE); |
return(FALSE); |
else if (host != shost && innetgr(netgr, shost, user, domain)) |
|
return(TRUE); |
#endif /* HAVE_INNETGR */ |
#endif /* HAVE_INNETGR */ |
|
|
|
return(FALSE); |
} |
} |
|
|
/* |
/* |