version 1.4, 2000/03/27 03:44:38 |
version 1.5, 2000/08/13 21:58:52 |
|
|
* allowed to run the specified command on this host as the target user. |
* allowed to run the specified command on this host as the target user. |
*/ |
*/ |
int |
int |
sudoers_lookup(pwflags) |
sudoers_lookup(sudo_mode) |
int pwflags; |
int sudo_mode; |
{ |
{ |
int error; |
int error; |
|
int pwcheck; |
|
|
/* Become sudoers file owner */ |
/* Become sudoers file owner */ |
set_perms(PERM_SUDOERS, 0); |
set_perms(PERM_SUDOERS, 0); |
|
|
/* Allocate space for data structures in the parser. */ |
/* Allocate space for data structures in the parser. */ |
init_parser(); |
init_parser(); |
|
|
/* For most pwflags to be useful we need to keep more state around. */ |
/* If pwcheck *could* be PWCHECK_ALL or PWCHECK_ANY, keep more state. */ |
if (pwflags && pwflags != PWCHECK_NEVER && pwflags != PWCHECK_ALWAYS) |
if (!(sudo_mode & MODE_RUN) && sudo_mode != MODE_KILL && |
|
sudo_mode != MODE_INVALIDATE) |
keepall = TRUE; |
keepall = TRUE; |
|
|
/* Need to be root while stat'ing things in the parser. */ |
/* Need to be root while stat'ing things in the parser. */ |
|
|
return(VALIDATE_ERROR); |
return(VALIDATE_ERROR); |
|
|
/* |
/* |
|
* The pw options may have changed during sudoers parse so we |
|
* wait until now to set this. |
|
*/ |
|
switch (sudo_mode) { |
|
case MODE_VALIDATE: |
|
pwcheck = def_ival(I_VERIFYPW); |
|
break; |
|
case MODE_LIST: |
|
pwcheck = def_ival(I_LISTPW); |
|
break; |
|
case MODE_KILL: |
|
case MODE_INVALIDATE: |
|
pwcheck = PWCHECK_NEVER; |
|
break; |
|
default: |
|
pwcheck = 0; |
|
break; |
|
} |
|
|
|
/* |
* Assume the worst. If the stack is empty the user was |
* Assume the worst. If the stack is empty the user was |
* not mentioned at all. |
* not mentioned at all. |
*/ |
*/ |
|
|
error = VALIDATE_NOT_OK; |
error = VALIDATE_NOT_OK; |
else |
else |
error = VALIDATE_NOT_OK | FLAG_NOPASS; |
error = VALIDATE_NOT_OK | FLAG_NOPASS; |
if (pwflags) { |
if (pwcheck) { |
error |= FLAG_NO_CHECK; |
error |= FLAG_NO_CHECK; |
} else { |
} else { |
error |= FLAG_NO_HOST; |
error |= FLAG_NO_HOST; |
|
|
} |
} |
|
|
/* |
/* |
* Only check the actual command if pwflags flag is not set. |
* Only check the actual command if pwcheck flag is not set. |
* It is set for the "validate", "list" and "kill" pseudo-commands. |
* It is set for the "validate", "list" and "kill" pseudo-commands. |
* Always check the host and user. |
* Always check the host and user. |
*/ |
*/ |
if (pwflags) { |
if (pwcheck) { |
int nopass, found; |
int nopass, found; |
|
|
if (pwflags == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) |
if (pwcheck == PWCHECK_NEVER || !def_flag(I_AUTHENTICATE)) |
nopass = FLAG_NOPASS; |
nopass = FLAG_NOPASS; |
else |
else |
nopass = -1; |
nopass = -1; |
|
|
while (top) { |
while (top) { |
if (host_matches == TRUE) { |
if (host_matches == TRUE) { |
found = 1; |
found = 1; |
if (pwflags == PWCHECK_ANY && no_passwd == TRUE) |
if (pwcheck == PWCHECK_ANY && no_passwd == TRUE) |
nopass = FLAG_NOPASS; |
nopass = FLAG_NOPASS; |
else if (pwflags == PWCHECK_ALL && nopass != 0) |
else if (pwcheck == PWCHECK_ALL && nopass != 0) |
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0; |
nopass = (no_passwd == TRUE) ? FLAG_NOPASS : 0; |
} |
} |
top--; |
top--; |