Annotation of src/usr.bin/sudo/parse.c, Revision 1.25
1.1 millert 1: /*
1.24 millert 2: * Copyright (c) 2004-2005, 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 3: *
1.12 millert 4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
1.1 millert 7: *
1.12 millert 8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 millert 15: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
16: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
17: */
18:
1.13 millert 19: #include <config.h>
1.1 millert 20:
1.6 millert 21: #include <sys/types.h>
22: #include <sys/param.h>
1.1 millert 23: #include <stdio.h>
24: #ifdef STDC_HEADERS
25: # include <stdlib.h>
1.6 millert 26: # include <stddef.h>
27: #else
28: # ifdef HAVE_STDLIB_H
29: # include <stdlib.h>
30: # endif
1.1 millert 31: #endif /* STDC_HEADERS */
1.6 millert 32: #ifdef HAVE_STRING_H
33: # include <string.h>
34: #else
35: # ifdef HAVE_STRINGS_H
36: # include <strings.h>
37: # endif
38: #endif /* HAVE_STRING_H */
1.1 millert 39: #ifdef HAVE_UNISTD_H
40: # include <unistd.h>
41: #endif /* HAVE_UNISTD_H */
42: #include <ctype.h>
43: #include <pwd.h>
44: #include <grp.h>
45:
46: #include "sudo.h"
47: #include "parse.h"
1.20 millert 48: #include "lbuf.h"
49: #include <gram.h>
1.1 millert 50:
51: #ifndef lint
1.24 millert 52: __unused static const char rcsid[] = "$Sudo: parse.c,v 1.242 2009/05/25 12:02:41 millert Exp $";
1.1 millert 53: #endif /* lint */
54:
1.20 millert 55: /* Characters that must be quoted in sudoers */
56: #define SUDOERS_QUOTED ":\\,=#\""
57:
58: /* sudoers nsswitch routines */
59: struct sudo_nss sudo_nss_file = {
60: &sudo_nss_file,
61: NULL,
62: sudo_file_open,
63: sudo_file_close,
64: sudo_file_parse,
65: sudo_file_setdefs,
66: sudo_file_lookup,
67: sudo_file_display_cmnd,
68: sudo_file_display_defaults,
69: sudo_file_display_bound_defaults,
70: sudo_file_display_privs
71: };
72:
1.1 millert 73: /*
1.20 millert 74: * Parser externs.
1.1 millert 75: */
1.20 millert 76: extern FILE *yyin;
77: extern char *errorfile;
78: extern int errorlineno, parse_error;
1.1 millert 79:
80: /*
1.20 millert 81: * Local prototypes.
1.1 millert 82: */
1.20 millert 83: static void print_member __P((struct lbuf *, char *, int, int, int));
84: static int display_bound_defaults __P((int, struct lbuf *));
85:
86: int
87: sudo_file_open(nss)
88: struct sudo_nss *nss;
89: {
90: if (def_ignore_local_sudoers)
91: return(-1);
1.24 millert 92: nss->handle = open_sudoers(_PATH_SUDOERS, FALSE, NULL);
1.20 millert 93: return(nss->handle ? 0 : -1);
94: }
95:
96: int
97: sudo_file_close(nss)
98: struct sudo_nss *nss;
99: {
100: /* Free parser data structures and close sudoers file. */
101: init_parser(NULL, 0);
102: if (nss->handle != NULL) {
103: fclose(nss->handle);
104: nss->handle = NULL;
105: yyin = NULL;
106: }
107: return(0);
108: }
1.1 millert 109:
110: /*
1.20 millert 111: * Parse the specified sudoers file.
1.1 millert 112: */
113: int
1.20 millert 114: sudo_file_parse(nss)
115: struct sudo_nss *nss;
1.1 millert 116: {
1.20 millert 117: if (nss->handle == NULL)
118: return(-1);
1.1 millert 119:
1.20 millert 120: init_parser(_PATH_SUDOERS, 0);
121: yyin = nss->handle;
122: if (yyparse() != 0 || parse_error) {
123: log_error(NO_EXIT, "parse error in %s near line %d",
124: errorfile, errorlineno);
125: return(-1);
126: }
127: return(0);
128: }
1.1 millert 129:
1.20 millert 130: /*
131: * Wrapper around update_defaults() for nsswitch code.
132: */
133: int
134: sudo_file_setdefs(nss)
135: struct sudo_nss *nss;
136: {
137: if (nss->handle == NULL)
138: return(-1);
1.1 millert 139:
1.20 millert 140: if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER))
141: return(-1);
142: return(0);
143: }
1.3 millert 144:
1.20 millert 145: /*
146: * Look up the user in the parsed sudoers file and check to see if they are
147: * allowed to run the specified command on this host as the target user.
148: */
149: int
150: sudo_file_lookup(nss, validated, pwflag)
151: struct sudo_nss *nss;
152: int validated;
153: int pwflag;
154: {
155: int match, host_match, runas_match, cmnd_match;
156: struct cmndspec *cs;
157: struct cmndtag *tags = NULL;
158: struct privilege *priv;
159: struct userspec *us;
1.1 millert 160:
1.20 millert 161: if (nss->handle == NULL)
162: return(validated);
1.1 millert 163:
164: /*
1.12 millert 165: * Only check the actual command if pwflag is not set.
1.3 millert 166: * It is set for the "validate", "list" and "kill" pseudo-commands.
1.1 millert 167: * Always check the host and user.
168: */
1.12 millert 169: if (pwflag) {
1.22 millert 170: int nopass;
1.13 millert 171: enum def_tupple pwcheck;
172:
173: pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
1.22 millert 174: nopass = (pwcheck == all) ? TRUE : FALSE;
1.3 millert 175:
1.20 millert 176: if (list_pw == NULL)
177: SET(validated, FLAG_NO_CHECK);
178: CLR(validated, FLAG_NO_USER);
179: CLR(validated, FLAG_NO_HOST);
180: match = DENY;
1.22 millert 181: tq_foreach_fwd(&userspecs, us) {
1.20 millert 182: if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
183: continue;
1.22 millert 184: tq_foreach_fwd(&us->privileges, priv) {
1.20 millert 185: if (hostlist_matches(&priv->hostlist) != ALLOW)
186: continue;
1.22 millert 187: tq_foreach_fwd(&priv->cmndlist, cs) {
1.20 millert 188: /* Only check the command when listing another user. */
189: if (user_uid == 0 || list_pw == NULL ||
190: user_uid == list_pw->pw_uid ||
191: cmnd_matches(cs->cmnd) == ALLOW)
192: match = ALLOW;
1.22 millert 193: if ((pwcheck == any && cs->tags.nopasswd == TRUE) ||
194: (pwcheck == all && cs->tags.nopasswd != TRUE))
1.20 millert 195: nopass = cs->tags.nopasswd;
196: }
1.1 millert 197: }
198: }
1.20 millert 199: if (match == ALLOW || user_uid == 0) {
200: /* User has an entry for this host. */
201: SET(validated, VALIDATE_OK);
202: } else if (match == DENY)
203: SET(validated, VALIDATE_NOT_OK);
204: if (pwcheck == always && def_authenticate)
205: SET(validated, FLAG_CHECK_USER);
206: else if (pwcheck == never || nopass == TRUE)
207: def_authenticate = FALSE;
208: return(validated);
209: }
210:
211: /* Need to be runas user while stat'ing things. */
212: set_perms(PERM_RUNAS);
213:
214: match = UNSPEC;
215: tq_foreach_rev(&userspecs, us) {
216: if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
217: continue;
218: CLR(validated, FLAG_NO_USER);
219: tq_foreach_rev(&us->privileges, priv) {
220: host_match = hostlist_matches(&priv->hostlist);
221: if (host_match == ALLOW)
222: CLR(validated, FLAG_NO_HOST);
223: else
224: continue;
225: tq_foreach_rev(&priv->cmndlist, cs) {
226: runas_match = runaslist_matches(&cs->runasuserlist,
227: &cs->runasgrouplist);
228: if (runas_match == ALLOW) {
229: cmnd_match = cmnd_matches(cs->cmnd);
230: if (cmnd_match != UNSPEC) {
231: match = cmnd_match;
232: tags = &cs->tags;
1.19 millert 233: #ifdef HAVE_SELINUX
1.20 millert 234: /* Set role and type if not specified on command line. */
235: if (user_role == NULL)
236: user_role = cs->role ? estrdup(cs->role) : def_role;
237: if (user_type == NULL)
238: user_type = cs->type ? estrdup(cs->type) : def_type;
239: #endif /* HAVE_SELINUX */
240: goto matched2;
1.19 millert 241: }
1.1 millert 242: }
243: }
244: }
1.3 millert 245: }
1.20 millert 246: matched2:
247: if (match == ALLOW) {
248: SET(validated, VALIDATE_OK);
249: CLR(validated, VALIDATE_NOT_OK);
250: if (tags != NULL) {
251: if (tags->nopasswd != UNSPEC)
252: def_authenticate = !tags->nopasswd;
253: if (tags->noexec != UNSPEC)
254: def_noexec = tags->noexec;
255: if (tags->setenv != UNSPEC)
256: def_setenv = tags->setenv;
257: }
258: } else if (match == DENY) {
259: SET(validated, VALIDATE_NOT_OK);
260: CLR(validated, VALIDATE_OK);
261: }
1.12 millert 262: set_perms(PERM_ROOT);
1.20 millert 263: return(validated);
1.1 millert 264: }
265:
1.20 millert 266: #define TAG_CHANGED(t) \
267: (cs->tags.t != UNSPEC && cs->tags.t != IMPLIED && cs->tags.t != tags->t)
1.1 millert 268:
1.20 millert 269: static void
270: sudo_file_append_cmnd(cs, tags, lbuf)
271: struct cmndspec *cs;
272: struct cmndtag *tags;
273: struct lbuf *lbuf;
274: {
275: struct member *m;
1.1 millert 276:
1.20 millert 277: #ifdef HAVE_SELINUX
278: if (cs->role)
279: lbuf_append(lbuf, "ROLE=", cs->role, " ", NULL);
280: if (cs->type)
281: lbuf_append(lbuf, "TYPE=", cs->type, " ", NULL);
282: #endif /* HAVE_SELINUX */
283: if (TAG_CHANGED(setenv)) {
284: lbuf_append(lbuf, cs->tags.setenv ? "SETENV: " :
285: "NOSETENV: ", NULL);
286: tags->setenv = cs->tags.setenv;
287: }
288: if (TAG_CHANGED(noexec)) {
289: lbuf_append(lbuf, cs->tags.noexec ? "NOEXEC: " :
290: "EXEC: ", NULL);
291: tags->noexec = cs->tags.noexec;
292: }
293: if (TAG_CHANGED(nopasswd)) {
294: lbuf_append(lbuf, cs->tags.nopasswd ? "NOPASSWD: " :
295: "PASSWD: ", NULL);
296: tags->nopasswd = cs->tags.nopasswd;
297: }
298: m = cs->cmnd;
299: print_member(lbuf, m->name, m->type, m->negated,
300: CMNDALIAS);
301: }
1.1 millert 302:
1.20 millert 303: static int
304: sudo_file_display_priv_short(pw, us, lbuf)
305: struct passwd *pw;
306: struct userspec *us;
307: struct lbuf *lbuf;
308: {
309: struct cmndspec *cs;
310: struct member *m;
311: struct privilege *priv;
312: struct cmndtag tags;
313: int nfound = 0;
314:
315: tq_foreach_fwd(&us->privileges, priv) {
1.25 ! millert 316: if (hostlist_matches(&priv->hostlist) != ALLOW)
! 317: continue;
1.20 millert 318: tags.noexec = UNSPEC;
319: tags.setenv = UNSPEC;
320: tags.nopasswd = UNSPEC;
321: lbuf_append(lbuf, " ", NULL);
322: tq_foreach_fwd(&priv->cmndlist, cs) {
323: if (cs != tq_first(&priv->cmndlist))
324: lbuf_append(lbuf, ", ", NULL);
325: lbuf_append(lbuf, "(", NULL);
326: if (!tq_empty(&cs->runasuserlist)) {
327: tq_foreach_fwd(&cs->runasuserlist, m) {
328: if (m != tq_first(&cs->runasuserlist))
329: lbuf_append(lbuf, ", ", NULL);
330: print_member(lbuf, m->name, m->type, m->negated,
331: RUNASALIAS);
332: }
1.24 millert 333: } else if (tq_empty(&cs->runasgrouplist)) {
334: lbuf_append(lbuf, def_runas_default, NULL);
1.20 millert 335: } else {
1.24 millert 336: lbuf_append(lbuf, pw->pw_name, NULL);
1.20 millert 337: }
338: if (!tq_empty(&cs->runasgrouplist)) {
339: lbuf_append(lbuf, " : ", NULL);
340: tq_foreach_fwd(&cs->runasgrouplist, m) {
341: if (m != tq_first(&cs->runasgrouplist))
342: lbuf_append(lbuf, ", ", NULL);
343: print_member(lbuf, m->name, m->type, m->negated,
344: RUNASALIAS);
345: }
1.1 millert 346: }
1.20 millert 347: lbuf_append(lbuf, ") ", NULL);
348: sudo_file_append_cmnd(cs, &tags, lbuf);
349: nfound++;
1.1 millert 350: }
1.20 millert 351: lbuf_print(lbuf); /* forces a newline */
1.1 millert 352: }
1.20 millert 353: return(nfound);
1.1 millert 354: }
355:
1.15 millert 356: static int
1.20 millert 357: sudo_file_display_priv_long(pw, us, lbuf)
358: struct passwd *pw;
359: struct userspec *us;
360: struct lbuf *lbuf;
1.1 millert 361: {
1.20 millert 362: struct cmndspec *cs;
363: struct member *m;
364: struct privilege *priv;
365: struct cmndtag tags;
366: int nfound = 0;
367:
368: tq_foreach_fwd(&us->privileges, priv) {
1.25 ! millert 369: if (hostlist_matches(&priv->hostlist) != ALLOW)
! 370: continue;
1.20 millert 371: tags.noexec = UNSPEC;
372: tags.setenv = UNSPEC;
373: tags.nopasswd = UNSPEC;
374: lbuf_print(lbuf); /* force a newline */
375: lbuf_append(lbuf, "Sudoers entry:", NULL);
376: lbuf_print(lbuf);
377: tq_foreach_fwd(&priv->cmndlist, cs) {
378: lbuf_append(lbuf, " RunAsUsers: ", NULL);
379: if (!tq_empty(&cs->runasuserlist)) {
380: tq_foreach_fwd(&cs->runasuserlist, m) {
381: if (m != tq_first(&cs->runasuserlist))
382: lbuf_append(lbuf, ", ", NULL);
383: print_member(lbuf, m->name, m->type, m->negated,
384: RUNASALIAS);
385: }
1.24 millert 386: } else if (tq_empty(&cs->runasgrouplist)) {
387: lbuf_append(lbuf, def_runas_default, NULL);
1.20 millert 388: } else {
1.24 millert 389: lbuf_append(lbuf, pw->pw_name, NULL);
1.20 millert 390: }
391: lbuf_print(lbuf);
392: if (!tq_empty(&cs->runasgrouplist)) {
393: lbuf_append(lbuf, " RunAsGroups: ", NULL);
394: tq_foreach_fwd(&cs->runasgrouplist, m) {
395: if (m != tq_first(&cs->runasgrouplist))
396: lbuf_append(lbuf, ", ", NULL);
397: print_member(lbuf, m->name, m->type, m->negated,
398: RUNASALIAS);
1.15 millert 399: }
1.20 millert 400: lbuf_print(lbuf);
401: }
402: lbuf_append(lbuf, " Commands: ", NULL);
403: lbuf_print(lbuf);
404: lbuf_append(lbuf, "\t", NULL);
405: sudo_file_append_cmnd(cs, &tags, lbuf);
406: lbuf_print(lbuf);
407: nfound++;
1.15 millert 408: }
409: }
1.20 millert 410: return(nfound);
1.15 millert 411: }
412:
1.20 millert 413: int
414: sudo_file_display_privs(nss, pw, lbuf)
415: struct sudo_nss *nss;
416: struct passwd *pw;
417: struct lbuf *lbuf;
418: {
419: struct userspec *us;
420: int nfound = 0;
1.15 millert 421:
1.20 millert 422: if (nss->handle == NULL)
423: return(-1);
1.1 millert 424:
1.20 millert 425: tq_foreach_fwd(&userspecs, us) {
1.25 ! millert 426: if (userlist_matches(pw, &us->users) != ALLOW)
1.15 millert 427: continue;
1.20 millert 428:
429: if (long_list)
430: nfound += sudo_file_display_priv_long(pw, us, lbuf);
431: else
432: nfound += sudo_file_display_priv_short(pw, us, lbuf);
1.1 millert 433: }
1.20 millert 434: return(nfound);
1.15 millert 435: }
436:
437: /*
1.20 millert 438: * Display matching Defaults entries for the given user on this host.
1.15 millert 439: */
440: int
1.20 millert 441: sudo_file_display_defaults(nss, pw, lbuf)
442: struct sudo_nss *nss;
443: struct passwd *pw;
444: struct lbuf *lbuf;
1.15 millert 445: {
1.20 millert 446: struct defaults *d;
447: char *prefix = NULL;
448: int nfound = 0;
1.15 millert 449:
1.20 millert 450: if (nss->handle == NULL)
451: return(-1);
1.15 millert 452:
1.20 millert 453: if (lbuf->len == 0)
454: prefix = " ";
455: else
456: prefix = ", ";
1.1 millert 457:
1.20 millert 458: tq_foreach_fwd(&defaults, d) {
459: switch (d->type) {
460: case DEFAULTS_HOST:
461: if (hostlist_matches(&d->binding) != ALLOW)
462: continue;
463: break;
464: case DEFAULTS_USER:
465: if (userlist_matches(pw, &d->binding) != ALLOW)
466: continue;
467: break;
468: case DEFAULTS_RUNAS:
469: case DEFAULTS_CMND:
470: continue;
471: }
472: lbuf_append(lbuf, prefix, NULL);
473: if (d->val != NULL) {
474: lbuf_append(lbuf, d->var, d->op == '+' ? "+=" :
475: d->op == '-' ? "-=" : "=", NULL);
476: if (strpbrk(d->val, " \t") != NULL) {
477: lbuf_append(lbuf, "\"", NULL);
478: lbuf_append_quoted(lbuf, "\"", d->val, NULL);
479: lbuf_append(lbuf, "\"", NULL);
480: } else
481: lbuf_append_quoted(lbuf, SUDOERS_QUOTED, d->val, NULL);
482: } else
483: lbuf_append(lbuf, d->op == FALSE ? "!" : "", d->var, NULL);
484: prefix = ", ";
485: nfound++;
1.4 millert 486: }
1.20 millert 487:
488: return(nfound);
1.4 millert 489: }
490:
491: /*
1.20 millert 492: * Display Defaults entries that are per-runas or per-command
1.12 millert 493: */
494: int
1.20 millert 495: sudo_file_display_bound_defaults(nss, pw, lbuf)
496: struct sudo_nss *nss;
1.12 millert 497: struct passwd *pw;
1.20 millert 498: struct lbuf *lbuf;
1.12 millert 499: {
1.20 millert 500: int nfound = 0;
501:
502: /* XXX - should only print ones that match what the user can do. */
503: nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf);
504: nfound += display_bound_defaults(DEFAULTS_CMND, lbuf);
505:
506: return(nfound);
1.12 millert 507: }
508:
509: /*
1.20 millert 510: * Display Defaults entries of the given type.
1.1 millert 511: */
1.20 millert 512: static int
513: display_bound_defaults(dtype, lbuf)
514: int dtype;
515: struct lbuf *lbuf;
1.1 millert 516: {
1.20 millert 517: struct defaults *d;
518: struct member *m, *binding = NULL;
519: char *dname, *dsep;
520: int atype, nfound = 0;
521:
522: switch (dtype) {
523: case DEFAULTS_HOST:
524: atype = HOSTALIAS;
525: dname = "host";
526: dsep = "@";
527: break;
528: case DEFAULTS_USER:
529: atype = USERALIAS;
530: dname = "user";
531: dsep = ":";
532: break;
533: case DEFAULTS_RUNAS:
534: atype = RUNASALIAS;
535: dname = "runas";
536: dsep = ">";
537: break;
538: case DEFAULTS_CMND:
539: atype = CMNDALIAS;
540: dname = "cmnd";
541: dsep = "!";
542: break;
543: default:
544: return(-1);
545: }
546: /* printf("Per-%s Defaults entries:\n", dname); */
547: tq_foreach_fwd(&defaults, d) {
548: if (d->type != dtype)
549: continue;
1.1 millert 550:
1.20 millert 551: nfound++;
552: if (binding != tq_first(&d->binding)) {
553: binding = tq_first(&d->binding);
554: lbuf_append(lbuf, " Defaults", dsep, NULL);
555: for (m = binding; m != NULL; m = m->next) {
556: if (m != binding)
557: lbuf_append(lbuf, ",", NULL);
558: print_member(lbuf, m->name, m->type, m->negated, atype);
559: lbuf_append(lbuf, " ", NULL);
560: }
561: } else
562: lbuf_append(lbuf, ", ", NULL);
563: if (d->val != NULL) {
564: lbuf_append(lbuf, d->var, d->op == '+' ? "+=" :
565: d->op == '-' ? "-=" : "=", d->val, NULL);
566: } else
567: lbuf_append(lbuf, d->op == FALSE ? "!" : "", d->var, NULL);
1.13 millert 568: }
1.1 millert 569:
1.20 millert 570: return(nfound);
1.1 millert 571: }
572:
573: int
1.20 millert 574: sudo_file_display_cmnd(nss, pw)
575: struct sudo_nss *nss;
576: struct passwd *pw;
577: {
578: struct cmndspec *cs;
579: struct member *match;
580: struct privilege *priv;
581: struct userspec *us;
582: int rval = 1;
583: int host_match, runas_match, cmnd_match;
584:
585: if (nss->handle == NULL)
586: return(rval);
587:
588: match = NULL;
589: tq_foreach_rev(&userspecs, us) {
590: if (userlist_matches(pw, &us->users) != ALLOW)
591: continue;
592:
593: tq_foreach_rev(&us->privileges, priv) {
594: host_match = hostlist_matches(&priv->hostlist);
595: if (host_match != ALLOW)
596: continue;
597: tq_foreach_rev(&priv->cmndlist, cs) {
598: runas_match = runaslist_matches(&cs->runasuserlist,
599: &cs->runasgrouplist);
600: if (runas_match == ALLOW) {
601: cmnd_match = cmnd_matches(cs->cmnd);
602: if (cmnd_match != UNSPEC) {
603: match = host_match && runas_match ?
604: cs->cmnd : NULL;
605: goto matched;
606: }
607: }
608: }
1.1 millert 609: }
610: }
1.20 millert 611: matched:
612: if (match != NULL && !match->negated) {
613: printf("%s%s%s\n", safe_cmnd, user_args ? " " : "",
614: user_args ? user_args : "");
615: rval = 0;
616: }
617: return(rval);
1.1 millert 618: }
619:
620: /*
1.20 millert 621: * Print the contents of a struct member to stdout
1.1 millert 622: */
1.20 millert 623: static void
624: _print_member(lbuf, name, type, negated, alias_type)
625: struct lbuf *lbuf;
626: char *name;
627: int type, negated, alias_type;
1.1 millert 628: {
1.20 millert 629: struct alias *a;
630: struct member *m;
631: struct sudo_command *c;
632:
633: switch (type) {
634: case ALL:
635: lbuf_append(lbuf, negated ? "!ALL" : "ALL", NULL);
636: break;
637: case COMMAND:
638: c = (struct sudo_command *) name;
639: if (negated)
640: lbuf_append(lbuf, "!", NULL);
641: lbuf_append_quoted(lbuf, SUDOERS_QUOTED, c->cmnd, NULL);
642: if (c->args) {
643: lbuf_append(lbuf, " ", NULL);
644: lbuf_append_quoted(lbuf, SUDOERS_QUOTED, c->args, NULL);
645: }
646: break;
647: case ALIAS:
1.23 millert 648: if ((a = alias_find(name, alias_type)) != NULL) {
1.20 millert 649: tq_foreach_fwd(&a->members, m) {
650: if (m != tq_first(&a->members))
651: lbuf_append(lbuf, ", ", NULL);
652: _print_member(lbuf, m->name, m->type,
653: negated ? !m->negated : m->negated, alias_type);
654: }
655: break;
656: }
657: /* FALLTHROUGH */
658: default:
659: lbuf_append(lbuf, negated ? "!" : "", name, NULL);
660: break;
1.1 millert 661: }
1.20 millert 662: }
663:
664: static void
665: print_member(lbuf, name, type, negated, alias_type)
666: struct lbuf *lbuf;
667: char *name;
668: int type, negated, alias_type;
669: {
670: alias_seqno++;
671: _print_member(lbuf, name, type, negated, alias_type);
1.1 millert 672: }