[augeas-devel] augeas: master - Sudoers: allow certain backslash-quoted characters in a command

David Lutterkort lutter at fedoraproject.org
Thu Sep 17 19:08:01 UTC 2009 

Gitweb:        http://git.fedorahosted.org/git/augeas.git?p=augeas.git;a=commitdiff;h=5da91b6f0511db5107c643bf7863701d66b75cab
Commit:        5da91b6f0511db5107c643bf7863701d66b75cab
Parent:        2c83b509e79f3e859bbba7909e3e3769e1285164
Author:        Matt Palmer <mpalmer at hezmatt.org>
AuthorDate:    Thu Sep 17 12:05:19 2009 -0700
Committer:     David Lutterkort <lutter at redhat.com>
CommitterDate: Thu Sep 17 12:05:19 2009 -0700

Sudoers: allow certain backslash-quoted characters in a command

Commands may contain backslashes by themselves and the two-char sequences
\\[=:,\\]
---
 lenses/sudoers.aug            |    6 ++----
 lenses/tests/test_sudoers.aug |   13 +++++++++++++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index f3d34c9..69d38ef 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -82,10 +82,8 @@ let sep_dquote   = Util.del_str "\""
 (* Group: Stores *)
 
 (* Variable: sto_to_com_cmnd
-sto_to_com_cmnd does not begin or end with a space
-
-There could be a \ in the middle of a command *)
-let sto_to_com_cmnd = store /([^,=:#() \t\n\\\\][^,=:#()\n]*[^,=:#() \t\n\\\\])|[^,=:#() \t\n\\\\]/
+sto_to_com_cmnd does not begin or end with a space *)
+let sto_to_com_cmnd = store /([^,=:#() \t\n\\\\]([^,=:#()\n\\\\]|\\\\[=:,\\\\])*[^,=:#() \t\n\\\\])|[^,=:#() \t\n\\\\]/
 
 (* Variable: sto_to_com
 
diff --git a/lenses/tests/test_sudoers.aug b/lenses/tests/test_sudoers.aug
index 561de85..ce61827 100644
--- a/lenses/tests/test_sudoers.aug
+++ b/lenses/tests/test_sudoers.aug
@@ -37,6 +37,8 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
         localhost = NOPASSWD: 	/usr/bin/test
 
 	+secretaries           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+someuser ALL=(root) NOPASSWD: /usr/bin/python /usr/local/sbin/filterlog -iu\\=www /var/log/something.log
 "
 
    test Sudoers.lns get conf =
@@ -131,6 +133,17 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
 	      { "host" = "ALPHA" }
 	      { "command" = "/usr/bin/su [!-]*" }
 	      { "command" = "!/usr/bin/su *root*" } } }
+      {}
+      { "spec"
+          { "user"    = "someuser" }
+          { "host_group"
+              { "host" = "ALL" }
+              { "command" = "/usr/bin/python /usr/local/sbin/filterlog -iu\\=www /var/log/something.log"
+                  { "runas_user" = "root" }
+                  { "tag" = "NOPASSWD" }
+              }
+          }
+      }
 
 test Sudoers.parameter_integer_bool
     put "umask = 022"

More information about the augeas-devel mailing list