[sudo-workers] match.c: allow use of FNM_EXTMATCH, where available

[Emil Karlson]

Greetings

I made a poc patch to allow regexlike matching (FNM_EXTMATCH) or command
line arguments, where available. Is there any chance of feature like
this getting upstreamed? I guess there probably should at least be a
config variable, as this breaks format compatibility for people with
really weird configs.

# allow user to run echo aa bbb as root
user ALL=(root) NOPASSWD: /bin/echo +(a) +(b)

Best Regards
-Emil

---
 plugins/sudoers/match.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index bb68285..e6c8d19 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -356,7 +356,11 @@ cmnd_matches(const struct member *m)
 static bool
 command_args_match(const char *sudoers_cmnd, const char *sudoers_args)
 {
+#ifdef FNM_EXTMATCH
+    int flags = FNM_EXTMATCH;
+#else
     int flags = 0;
+#endif
     debug_decl(command_args_match, SUDOERS_DEBUG_MATCH)

     /*
@@ -373,7 +377,7 @@ command_args_match(const char *sudoers_cmnd, const
char *sudoers_args) if (sudoers_args) {
  /* For sudoedit, all args are assumed to be pathnames. */
  if (strcmp(sudoers_cmnd, "sudoedit") == 0)
-    flags = FNM_PATHNAME;
+    flags |= FNM_PATHNAME;
  if (fnmatch(sudoers_args, user_args ? user_args : "", flags)
== 0) debug_return_bool(true);
     }
-- 
2.13.0