src/usr.bin/sudo/parse.c - diff

Return to parse.c CVS log

Up to [local] / src / usr.bin / sudo

Diff for /src/usr.bin/sudo/Attic/parse.c between version 1.2 and 1.3

version 1.2, 1999/12/10 06:45:11

version 1.3, 2000/01/24 04:22:53

Line 1

* This code is derived from software contributed by Chris Jepeway

Line 91

#endif /* HAVE_FNMATCH */

#ifndef lint

static const char rcsid[] = "$Sudo: parse.c,v 1.123 1999/12/09 03:54:57 millert Exp $";

static const char rcsid[] = "$Sudo: parse.c,v 1.127 2000/01/17 23:46:25 millert Exp $";

#endif /* lint */

* Globals

int parse_error = FALSE;

extern int keepall;

extern FILE *yyin, *yyout;

Line 111

Line 112

* allowed to run the specified command on this host as the target user.

int

sudoers_lookup(check_cmnd)

sudoers_lookup(pwflags)

int check_cmnd;

int pwflags;

{

int error;

Line 127

Line 128

/* Allocate space for data structures in the parser. */

init_parser();

/* For most pwflags to be useful we need to keep more state around. */

if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS)

keepall = TRUE;

/* Need to be root while stat'ing things in the parser. */

set_perms(PERM_ROOT, 0);

error = yyparse();

Line 146

Line 151

error = VALIDATE_NOT_OK;

else

error = VALIDATE_NOT_OK | FLAG_NOPASS;

if (check_cmnd == TRUE) {

if (pwflags) {

error |= FLAG_NO_CHECK;

} else {

error |= FLAG_NO_HOST;

if (!top)

error |= FLAG_NO_USER;

} else

}

error |= FLAG_NO_CHECK;

* Only check the actual command if the check_cmnd flag is set.

* Only check the actual command if pwflags flag is not set.

* It is not set for the "validate" and "list" pseudo-commands.

* It is set for the "validate", "list" and "kill" pseudo-commands.

* Always check the host and user.

if (check_cmnd == FALSE)

if (pwflags) {

int nopass, found;

if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE))

nopass = FLAG_NOPASS;

else

nopass = -1;

found = 0;

while (top) {

if (host_matches == TRUE) {

/* User may always validate or list on allowed hosts */

found = 1;

if (no_passwd == TRUE)

if (pwflags == PWCHECK_ANY && no_passwd == TRUE)

return(VALIDATE_OK | FLAG_NOPASS);

nopass = FLAG_NOPASS;

else

else if (pwflags == PWCHECK_ALL && nopass != 0)

return(VALIDATE_OK);

nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0;

}

top--;

}

else

if (found) {

if (nopass == -1)

nopass = 0;

return(VALIDATE_OK | nopass);

}

} else {

while (top) {

if (host_matches == TRUE) {

error &= ~FLAG_NO_HOST;

Line 196

Line 214

}

top--;

}

* The user was not explicitly granted nor denied access.

Line 405

Line 424

* Returns TRUE if "host" and "user" belong to the netgroup "netgr",

* else return FALSE. Either of "host" or "user" may be NULL

* else return FALSE. Either of "host", "shost" or "user" may be NULL

* in which case that argument is not checked...

int

netgr_matches(netgr, host, user)

netgr_matches(netgr, host, shost, user)

char *netgr;

char *host;

char *shost;

char *user;

{

#ifdef HAVE_GETDOMAINNAME

Line 436

Line 456

#endif /* HAVE_GETDOMAINNAME */

#ifdef HAVE_INNETGR

return(innetgr(netgr, host, user, domain));

if (innetgr(netgr, host, user, domain))

#else

return(TRUE);

return(FALSE);

else if (host != shost && innetgr(netgr, shost, user, domain))

return(TRUE);

#endif /* HAVE_INNETGR */

return(FALSE);

}