| version 1.4, 2000/03/27 03:44:38 |
version 1.5, 2000/08/13 21:58:52 |
|
|
| * allowed to run the specified command on this host as the target user. |
* allowed to run the specified command on this host as the target user. |
| */ |
*/ |
| int |
int |
| sudoers_lookup(pwflags) |
sudoers_lookup(sudo_mode) |
| int pwflags; |
int sudo_mode; |
| { |
{ |
| int error; |
int error; |
| |
int pwcheck; |
| |
|
| /* Become sudoers file owner */ |
/* Become sudoers file owner */ |
| set_perms(PERM_SUDOERS, 0); |
set_perms(PERM_SUDOERS, 0); |
|
|
| /* Allocate space for data structures in the parser. */ |
/* Allocate space for data structures in the parser. */ |
| init_parser(); |
init_parser(); |
| |
|
| /* For most pwflags to be useful we need to keep more state around. */ |
/* If pwcheck *could* be PWCHECK_ALL or PWCHECK_ANY, keep more state. */ |
| if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS) |
if (!(sudo_mode & MODE_RUN) && sudo_mode != MODE_KILL && |
| |
sudo_mode != MODE_INVALIDATE) |
| keepall = TRUE; |
keepall = TRUE; |
| |
|
| /* Need to be root while stat'ing things in the parser. */ |
/* Need to be root while stat'ing things in the parser. */ |
|
|
| return(VALIDATE_ERROR); |
return(VALIDATE_ERROR); |
| |
|
| /* |
/* |
| |
* The pw options may have changed during sudoers parse so we |
| |
* wait until now to set this. |
| |
*/ |
| |
switch (sudo_mode) { |
| |
case MODE_VALIDATE: |
| |
pwcheck = def_ival(I_VERIFYPW); |
| |
break; |
| |
case MODE_LIST: |
| |
pwcheck = def_ival(I_LISTPW); |
| |
break; |
| |
case MODE_KILL: |
| |
case MODE_INVALIDATE: |
| |
pwcheck = PWCHECK_NEVER; |
| |
break; |
| |
default: |
| |
pwcheck = 0; |
| |
break; |
| |
} |
| |
|
| |
/* |
| * Assume the worst. If the stack is empty the user was |
* Assume the worst. If the stack is empty the user was |
| * not mentioned at all. |
* not mentioned at all. |
| */ |
*/ |
|
|
| error = VALIDATE_NOT_OK; |
error = VALIDATE_NOT_OK; |
| else |
else |
| error = VALIDATE_NOT_OK | FLAG_NOPASS; |
error = VALIDATE_NOT_OK | FLAG_NOPASS; |
| if (pwflags) { |
if (pwcheck) { |
| error |= FLAG_NO_CHECK; |
error |= FLAG_NO_CHECK; |
| } else { |
} else { |
| error |= FLAG_NO_HOST; |
error |= FLAG_NO_HOST; |
|
|
| } |
} |
| |
|
| /* |
/* |
| * Only check the actual command if pwflags flag is not set. |
* Only check the actual command if pwcheck flag is not set. |
| * It is set for the "validate", "list" and "kill" pseudo-commands. |
* It is set for the "validate", "list" and "kill" pseudo-commands. |
| * Always check the host and user. |
* Always check the host and user. |
| */ |
*/ |
| if (pwflags) { |
if (pwcheck) { |
| int nopass, found; |
int nopass, found; |
| |
|
| if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) |
if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) |
| nopass = FLAG_NOPASS; |
nopass = FLAG_NOPASS; |
| else |
else |
| nopass = -1; |
nopass = -1; |
|
|
| while (top) { |
while (top) { |
| if (host_matches == TRUE) { |
if (host_matches == TRUE) { |
| found = 1; |
found = 1; |
| if (pwflags == PWCHECK_ANY && no_passwd == TRUE) |
if (pwcheck == PWCHECK_ANY && no_passwd == TRUE) |
| nopass = FLAG_NOPASS; |
nopass = FLAG_NOPASS; |
| else if (pwflags == PWCHECK_ALL && nopass != 0) |
else if (pwcheck == PWCHECK_ALL && nopass != 0) |
| nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0; |
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0; |
| } |
} |
| top--; |
top--; |
![[BACK]](/icons/back.gif){kind=icon}
Return to parse.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo