[augeas-devel] Allow sudoers to handle escaped characters in commands

Wed, 16 Sep 2009 22:28:34 -0700 

I just came across a sudoers file in the wild that had an escaped equals in
it (well, it didn't originally, but sudoers(5) says it should, so now it
does) and sudoers.aug didn't handle that case.  After applying the attached
patch (with test case mods, what's more) it now does.  Application
appreciated.

On a related note, I'd *love* to know why I need to use \\\\ (four whole
backslashes) to get the effect of a single backslash in my regexes. 
Shouldn't \\ be enough?

- Matt

diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index f3d34c9..69d38ef 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -82,10 +82,8 @@ let sep_dquote   = Util.del_str "\""
 (* Group: Stores *)
 
 (* Variable: sto_to_com_cmnd
-sto_to_com_cmnd does not begin or end with a space
-
-There could be a \ in the middle of a command *)
-let sto_to_com_cmnd = store /([^,=:#() \t\n\\\\][^,=:#()\n]*[^,=:#() \t\n\\\\])|[^,=:#() \t\n\\\\]/
+sto_to_com_cmnd does not begin or end with a space *)
+let sto_to_com_cmnd = store /([^,=:#() \t\n\\\\]([^,=:#()\n\\\\]|\\\\[=:,\\\\])*[^,=:#() \t\n\\\\])|[^,=:#() \t\n\\\\]/
 
 (* Variable: sto_to_com
 
diff --git a/lenses/tests/test_sudoers.aug b/lenses/tests/test_sudoers.aug
index 561de85..ce61827 100644
--- a/lenses/tests/test_sudoers.aug
+++ b/lenses/tests/test_sudoers.aug
@@ -37,6 +37,8 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
         localhost = NOPASSWD: 	/usr/bin/test
 
 	+secretaries           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+someuser ALL=(root) NOPASSWD: /usr/bin/python /usr/local/sbin/filterlog -iu\\=www /var/log/something.log
 "
 
    test Sudoers.lns get conf =
@@ -131,6 +133,17 @@ www-data +biglab=(rpinson)NOEXEC: ICAL \
 	      { "host" = "ALPHA" }
 	      { "command" = "/usr/bin/su [!-]*" }
 	      { "command" = "!/usr/bin/su *root*" } } }
+      {}
+      { "spec"
+          { "user"    = "someuser" }
+          { "host_group"
+              { "host" = "ALL" }
+              { "command" = "/usr/bin/python /usr/local/sbin/filterlog -iu\\=www /var/log/something.log"
+                  { "runas_user" = "root" }
+                  { "tag" = "NOPASSWD" }
+              }
+          }
+      }
 
 test Sudoers.parameter_integer_bool
     put "umask = 022"

_______________________________________________
augeas-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/augeas-devel

Reply via email to