[augeas-devel] [Augeas] #346: sudoers lens fails to parse multiple user aliases and negated command alias
Augeas
trac at fedorahosted.org
Fri Jun 7 09:20:16 UTC 2013
#346: sudoers lens fails to parse multiple user aliases and negated command alias
-------------------------------------------+---------------------
Reporter: mwilkinson | Owner: lutter
Type: defect | Status: new
Priority: major | Milestone: next
Component: Augeas | Version: 1.0.0
Keywords: sudoers User_Alias Cmnd_Alias | Blocked By:
Blocking: |
-------------------------------------------+---------------------
I came a case in a sudoers file where multiple user aliases had been
defined for a negated command alias
ie:-
{{{
USERSA, USERSB ALL = (ALL) NOPASSWD: !CMD1
}}}
as the current lens stands a single user alias is picked up and handled,
but not multiple on the same line.
A quick fix is to modify the sto_to_com_user definition as follows :-
{{{
let sto_to_com_user =
let nis_re = /([A-Z]([-A-Z0-9]|(\\\\[ \t]))*+\\\\\\\\)/
in let user_re = /[%+ at a-z]([-a-z0-9]|(\\\\[ \t]))*/
in let alias = /[A-Z0-9_]+/
in store (nis_re? . user_re | alias)
}}}
(inclusion of the alias definition, and allow it to be stored)
Also negated command aliases did not parse.
A fix for this is to modify the sto_to_om_cmnd definition as follows :-
{{{
let sto_to_com_cmnd =
let alias = /!?[A-Za-z0-9_.-]+/ - /(NO)?(PASSWD|EXEC|SETENV)/
in let non_alias = /(!?[\/a-z]([^,:#()\n\\]|\\\\[=:,\\])*[^,=:#()
\t\n\\])|[^,=:#() \t\n\\]/
in store (alias | non_alias)
}}}
(updated the alias definition with the !? to allow an optional ! at the
start of the command alias)
--
Ticket URL: <https://fedorahosted.org/augeas/ticket/346>
Augeas <http://augeas.net/>
a configuration API
More information about the augeas-devel
mailing list