[augeas-devel] augeas: master - Sudoers: fix ticket #48
David Lutterkort
lutter at fedoraproject.org
Wed Mar 25 19:24:56 UTC 2009
Gitweb: http://git.fedorahosted.org/git/augeas.git?p=augeas.git;a=commitdiff;h=c35ad5aef2069b39472e209c8700e13706bef8fe
Commit: c35ad5aef2069b39472e209c8700e13706bef8fe
Parent: 7cb4e6bbffaf082fe90c394813c5bedaf826c05f
Author: Raphael Pinson <raphink at gmail.com>
AuthorDate: Wed Mar 25 09:36:01 2009 -0700
Committer: David Lutterkort <lutter at redhat.com>
CommitterDate: Wed Mar 25 12:16:58 2009 -0700
Sudoers: fix ticket #48
* make a difference between boolean and non boolean values for integers and
strings
* allow multiple negate flags (odd/even numbers change the behaviour)
* add optional double quotes to integer and string field
Bug reported by Frank Sweetser
---
lenses/sudoers.aug | 149 +++++++++++++++++++++++++++++++++++++++--
lenses/tests/test_sudoers.aug | 16 +++--
2 files changed, 152 insertions(+), 13 deletions(-)
diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index 3efe74d..423ce45 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -63,7 +63,7 @@ let sep_spc = del /[ \t]+/ " "
(* Variable: sep_cont *)
let sep_cont = del /([ \t]+|[ \t]*\\\\\n[ \t]*)/ " "
-(* Variable: sep_conf_opt *)
+(* Variable: sep_cont_opt *)
let sep_cont_opt = del /([ \t]*|[ \t]*\\\\\n[ \t]*)/ " "
(* Variable: sep_com *)
@@ -75,6 +75,9 @@ let sep_eq = sep_cont_opt . Util.del_str "=" . sep_cont_opt
(* Variable: sep_col *)
let sep_col = sep_cont_opt . Util.del_str ":" . sep_cont_opt
+(* Variable: sep_dquote *)
+let sep_dquote = Util.del_str "\""
+
(* Group: Stores *)
@@ -91,11 +94,20 @@ let sto_to_com = store /[^,=:#() \t\n\\\\]+/
let sto_to_com_user = store ( /[^,=:#() \t\n]+/
- /(User|Runas|Host|Cmnd)_Alias|Defaults.*/ )
+(* Variable: sto_to_com_col *)
+let sto_to_com_col = store /[^",=#() \t\n\\\\]+/
+
(* Variable: sto_to_eq *)
let sto_to_eq = store /[^,=:#() \t\n\\\\]+/
(* Variable: sto_to_spc *)
-let sto_to_spc = store /[^() \t\n\\\\]+/
+let sto_to_spc = store /[^", \t\n\\\\]+|"[^", \t\n\\\\]+"/
+
+(* Variable: sto_to_spc_no_dquote *)
+let sto_to_spc_no_dquote = store /[^", \t\n\\\\]+/ (* " relax emacs *)
+
+(* Variable: sto_integer *)
+let sto_integer = store /[0-9]+/
(* Group: Comments and empty lines *)
@@ -221,6 +233,129 @@ let default_type =
[ label "type" . value ]
(************************************************************************
+ * View: parameter_negate
+ * Negation of boolean values for <defaults>
+ *************************************************************************)
+let parameter_negate = [ del "!" "!" . label "negate" ]
+
+(************************************************************************
+ * View: parameter_flag
+ * A flag parameter for <defaults>
+ *
+ * Flags are implicitly boolean and can be turned off via the '!' operator.
+ * Some integer, string and list parameters may also be used in a boolean
+ * context to disable them.
+ *************************************************************************)
+let parameter_flag_kw = "always_set_home" | "authenticate" | "env_editor"
+ | "env_reset" | "fqdn" | "ignore_dot"
+ | "ignore_local_sudoers" | "insults" | "log_host"
+ | "log_year" | "long_otp_prompt" | "mail_always"
+ | "mail_badpass" | "mail_no_host" | "mail_no_perms"
+ | "mail_no_user" | "noexec" | "path_info"
+ | "passprompt_override" | "preserve_groups"
+ | "requiretty" | "root_sudo" | "rootpw" | "runaspw"
+ | "set_home" | "set_logname" | "setenv"
+ | "shell_noargs" | "stay_setuid" | "targetpw"
+ | "tty_tickets"
+
+let parameter_flag = [ parameter_negate?
+ . key parameter_flag_kw ]
+
+(************************************************************************
+ * View: parameter_integer
+ * An integer parameter for <defaults>
+ *************************************************************************)
+let parameter_integer_nobool_kw = "passwd_tries"
+
+let parameter_integer_nobool = [ key parameter_integer_nobool_kw . sep_eq
+ . del /"?/ "" . sto_integer
+ . del /"?/ "" ]
+
+
+let parameter_integer_bool_kw = "loglinelen" | "passwd_timeout"
+ | "timestamp_timeout" | "umask"
+
+let parameter_integer_bool = [ ( parameter_negate
+ . key parameter_integer_bool_kw )
+ | ( key parameter_integer_bool_kw . sep_eq
+ . del /"?/ "" . sto_integer
+ . del /"?/ "" ) ]
+
+let parameter_integer = parameter_integer_nobool
+ | parameter_integer_bool
+
+(************************************************************************
+ * View: parameter_string
+ * A string parameter for <defaults>
+ *
+ * An odd number of '!' operators negate the value of the item;
+ * an even number just cancel each other out.
+ *************************************************************************)
+let parameter_string_nobool_kw = "badpass_message" | "editor" | "mailsub"
+ | "noexec_file" | "passprompt" | "runas_default"
+ | "syslog_badpri" | "syslog_goodpri"
+ | "timestampdir" | "timestampowner"
+
+let parameter_string_nobool = [ key parameter_string_nobool_kw . sep_eq
+ . del /"?/ "" . sto_to_com_col
+ . del /"?/ "" ]
+
+let parameter_string_bool_kw = "exempt_group" | "lecture" | "lecture_file"
+ | "listpw" | "logfile" | "mailerflags"
+ | "mailerpath" | "mailto" | "exempt_group"
+ | "syslog" | "verifypw" | "logfile"
+ | "mailerflags" | "mailerpath" | "mailto"
+ | "syslog" | "verifypw"
+
+let parameter_string_bool = [ ( parameter_negate
+ . ( parameter_negate
+ . parameter_negate )*
+ . key parameter_string_bool_kw )
+ | ( ( parameter_negate . parameter_negate )*
+ . key parameter_string_bool_kw
+ . sep_eq . sto_to_com_col ) ]
+
+let parameter_string = parameter_string_nobool
+ | parameter_string_bool
+
+(************************************************************************
+ * View: parameter_lists
+ * A single list parameter for <defaults>
+ *
+ * All lists can be used in a boolean context
+ * The argument may be a double-quoted, space-separated list or a single
+ * value without double-quotes.
+ * The list can be replaced, added to, deleted from, or disabled
+ * by using the =, +=, -=, and ! operators respectively.
+ * An odd number of '!' operators negate the value of the item;
+ * an even number just cancel each other out.
+ *************************************************************************)
+let parameter_lists_kw = "env_check" | "env_delete" | "env_keep"
+let parameter_lists_value = [ label "var" . sto_to_spc_no_dquote ]
+let parameter_lists_value_dquote = [ label "var"
+ . del /"?/ "" . sto_to_spc_no_dquote
+ . del /"?/ "" ]
+
+let parameter_lists_values = parameter_lists_value_dquote
+ | ( sep_dquote . parameter_lists_value
+ . ( sep_cont . parameter_lists_value )+
+ . sep_dquote )
+
+let parameter_lists_sep = sep_cont_opt
+ . ( [ del "+" "+" . label "append" ]
+ | [ del "-" "-" . label "remove" ] )?
+ . del "=" "=" . sep_cont_opt
+
+let parameter_lists = [ ( parameter_negate
+ . ( parameter_negate
+ . parameter_negate )*
+ . key parameter_lists_kw )
+ | ( ( parameter_negate . parameter_negate )*
+ . key parameter_lists_kw
+ . parameter_lists_sep
+ . parameter_lists_values ) ]
+
+(************************************************************************
* View: parameter
* A single parameter for <defaults>
*
@@ -229,10 +364,12 @@ let default_type =
* > Parameter '+=' Value |
* > Parameter '-=' Value |
* > '!'* Parameter
+ *
+ * Parameters may be flags, integer values, strings, or lists.
+ *
*************************************************************************)
-let parameter =
- let value = /([^,:= \t\n\\\\][^,\n\\\\]*[^, \t\n\\\\])|[^,:= \t\n\\\\]/ in
- [ label "parameter" . store value ]
+let parameter = parameter_flag | parameter_integer
+ | parameter_string | parameter_lists
(************************************************************************
* View: paramater_list
@@ -343,5 +480,3 @@ let filter = (incl "/etc/sudoers")
. Util.stdexcl
let xfm = transform lns filter
-
-
diff --git a/lenses/tests/test_sudoers.aug b/lenses/tests/test_sudoers.aug
index 904be5c..f9bc594 100644
--- a/lenses/tests/test_sudoers.aug
+++ b/lenses/tests/test_sudoers.aug
@@ -36,7 +36,7 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
+secretaries ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
"
- test Sudoers.lns get conf =
+ test Sudoers.lns get conf =
{}
{ "Host_Alias"
{ "alias"
@@ -67,13 +67,17 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
{}
{ "Defaults"
{ "type" = "@LOCALNET" }
- { "parameter" = "!lecture" }
- { "parameter" = "tty_tickets" }
- { "parameter" = "!fqdn" } }
+ { "lecture" { "negate" } }
+ { "tty_tickets" }
+ { "fqdn" { "negate" } } }
{}
{ "Defaults"
{ "type" = ":buildd" }
- { "parameter" = "env_keep+=\"APT_CONFIG DEBIAN_FRONTEND SHELL\"" } }
+ { "env_keep"
+ { "append" }
+ { "var" = "APT_CONFIG" }
+ { "var" = "DEBIAN_FRONTEND" }
+ { "var" = "SHELL" } } }
{}
{ "#comment" = "User privilege specification" }
{ "spec"
@@ -99,7 +103,7 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
{ "host" = "LOCALNET" }
{ "command" = "PBUILDER"
{ "tag" = "NOPASSWD" } } } }
- { "spec"
+ { "spec"
{ "user" = "www-data" }
{ "host_group"
{ "host" = "+biglab" }
More information about the augeas-devel
mailing list