[augeas-devel] [Augeas] #124: Sudoers lens does not allow for escaped spaces in user/group names
Augeas
trac at fedorahosted.org
Fri Jul 2 09:00:05 UTC 2010
#124: Sudoers lens does not allow for escaped spaces in user/group names
---------------------+------------------------------------------------------
Reporter: jimi | Owner: raphink
Type: defect | Status: new
Priority: major | Milestone: next
Component: Augeas | Version: 0.7.0
Resolution: | Keywords:
---------------------+------------------------------------------------------
Changes (by raphink):
* owner: lutter => raphink
Comment:
Thanks for your report and your patch jimi. However, the patch doesn't
pass tests. Namely, allowing spaces in sto_to_com_user conflicts with
field separators.
Fixing this is non trivial, and the only way simple way I've found is to
change the way the host name is parsed in specs, to make sure spaces are
not allowed in it, otherwise it will conflict with to_to_com_user. There
is no case of hosts with spaces in the test file, so it doesn't fail, can
you think of a case where this would be a problem?
The attached diff implements it and adds a test to test_sudoers.aug.
diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index 1030086..99bf42f 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -90,8 +90,13 @@ let sto_to_com_cmnd = store /([^,=:#()
\t\n\\\\]([^,=:#()\n\\\\]|\\\\[=:,\\\\])*
There could be a \ in the middle of a command *)
let sto_to_com = store /([^,=:#() \t\n\\\\][^,=:#()\n]*[^,=:#()
\t\n\\\\])|[^,=:#() \t\n\\\\]/
-(* Variable: sto_to_com_user *)
-let sto_to_com_user = store ( /[^,=:#() \t\n]+/
+(* Variable: sto_to_com_host *)
+let sto_to_com_host = store /[^,=:#() \t\n\\\\]+/
+
+
+(* Variable: sto_to_com_user
+Escaped spaces are allowed *)
+let sto_to_com_user = store ( /([^,=:#() \t\n]([^,=:#() \t\n]|(\\\\[
\t]))*[^,=:#() \t\n])|[^,=:#() \t\n]/
- /(User|Runas|Host|Cmnd)_Alias|Defaults.*/
)
(* Variable: sto_to_com_col *)
@@ -446,7 +451,7 @@ let cmnd_spec_list = cmnd_spec . ( sep_com . cmnd_spec
)*
* View: spec_list
* Group of hosts with <cmnd_spec_list>
*************************************************************************)
-let spec_list = [ label "host_group" . alias_list "host" sto_to_com
+let spec_list = [ label "host_group" . alias_list "host" sto_to_com_host
. sep_eq . cmnd_spec_list ]
(************************************************************************
diff --git a/lenses/tests/test_sudoers.aug b/lenses/tests/test_sudoers.aug
index af5db31..e65b3e4 100644
--- a/lenses/tests/test_sudoers.aug
+++ b/lenses/tests/test_sudoers.aug
@@ -38,7 +38,7 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
+secretaries ALPHA = /usr/bin/su [!-]*, !/usr/bin/su
*root*
-someuser ALL=(root) NOPASSWD: /usr/bin/python /usr/local/sbin/filterlog
-iu\\=www /var/log/something.log
+ at my\ admin\ group ALL=(root) NOPASSWD: /usr/bin/python
/usr/local/sbin/filterlog -iu\\=www /var/log/something.log
"
test Sudoers.lns get conf =
@@ -136,7 +136,7 @@ someuser ALL=(root) NOPASSWD: /usr/bin/python
/usr/local/sbin/filterlog -iu\\=ww
{ "command" = "!/usr/bin/su *root*" } } }
{}
{ "spec"
- { "user" = "someuser" }
+ { "user" = "@my\ admin\ group" }
{ "host_group"
{ "host" = "ALL" }
{ "command" = "/usr/bin/python /usr/local/sbin/filterlog
-iu\\=www /var/log/something.log"
--
Ticket URL: <https://fedorahosted.org/augeas/ticket/124#comment:1>
Augeas <http://augeas.net/>
a configuration API
More information about the augeas-devel
mailing list