[sudo-workers] match.c: allow use of FNM_EXTMATCH, where available
Emil Karlson
jekarlson at gmail.com
Wed Jun 14 13:21:02 MDT 2017
Greetings
I made a poc patch to allow regexlike matching (FNM_EXTMATCH) or command
line arguments, where available. Is there any chance of feature like
this getting upstreamed? I guess there probably should at least be a
config variable, as this breaks format compatibility for people with
really weird configs.
# allow user to run echo aa bbb as root
user ALL=(root) NOPASSWD: /bin/echo +(a) +(b)
Best Regards
-Emil
---
plugins/sudoers/match.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index bb68285..e6c8d19 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -356,7 +356,11 @@ cmnd_matches(const struct member *m)
static bool
command_args_match(const char *sudoers_cmnd, const char *sudoers_args)
{
+#ifdef FNM_EXTMATCH
+ int flags = FNM_EXTMATCH;
+#else
int flags = 0;
+#endif
debug_decl(command_args_match, SUDOERS_DEBUG_MATCH)
/*
@@ -373,7 +377,7 @@ command_args_match(const char *sudoers_cmnd, const
char *sudoers_args) if (sudoers_args) {
/* For sudoedit, all args are assumed to be pathnames. */
if (strcmp(sudoers_cmnd, "sudoedit") == 0)
- flags = FNM_PATHNAME;
+ flags |= FNM_PATHNAME;
if (fnmatch(sudoers_args, user_args ? user_args : "", flags)
== 0) debug_return_bool(true);
}
--
2.13.0
More information about the sudo-workers
mailing list