[augeas-devel] Re: [Augeas] #48: sudoers lens does not handle multiline strings

Augeas trac at fedorahosted.org
Mon Mar 23 10:27:44 UTC 2009


#48: sudoers lens does not handle multiline strings
------------------------+---------------------------------------------------
  Reporter:  fsweetser  |       Owner:  raphink 
      Type:  defect     |      Status:  assigned
  Priority:  minor      |   Milestone:  next    
 Component:  Augeas     |     Version:  0.4.1   
Resolution:             |    Keywords:  sudoers 
------------------------+---------------------------------------------------
Comment (by raphink):

 OK, I've tried to parse the contents of the "editor" parameter
 specifically... So, far, I'd call it a failure. This is the code I'm using
 :

 {{{
 (* "editor" is a special value that we parse as a colon-separated list
      Note: Spaces are allowed only _if_ the value is surrounded by quotes
             but I have no idea how to do that properly with augeas
      Values must begin with a "/"
  *)
 let parameter_string_editor_sto   =
                 store /\/[^": \t\n\\\\][^":\n\\\\]*[^":
 \t\n\\\\]|\/[^":\n\\\\]/
 let parameter_string_editor_value = [ label "name"
                                       . parameter_string_editor_sto ]
 let parameter_string_editor       = [ key "editor" . sep_eq
                                       . del /"?/ "\""
                                       . parameter_string_editor_value
                                       . ( sep_col
                                           . parameter_string_editor_value
 )*
                                       . del /"?/ "\"" ]
 }}}

 The problem is described in the comment. Here is an example of how it
 fails :

 Let's say I have an already existing "editor" entry in sudoers, which says
 :
 {{{
 editor = /usr/bin/nano
 }}}

 which is mapped as
 {{{
 /files/etc/sudoers/Defaults/editor
 /files/etc/sudoers/Defaults/editor/name = "/usr/bin/nano"
 }}}

 and I want to add a "/usr/bin/pico -A" entry (which is allowed), so I'd do
 :
 {{{
 set /files/etc/sudoers/Defaults/editor/name[2] "/usr/bin/pico -A"
 save
 }}}

 Augeas is happy with it, and I get :
 {{{
 editor=/usr/bin/nano : /usr/bin/pico -A
 }}}

 And there, visudo is not happy at all, because that is only possible if
 the values are surrounded by double quotes. So
 {{{
 editor="/usr/bin/nano : /usr/bin/pico -A"
 }}}

 is perfectly fine.[[BR]]

 This only happens if there is an already existing value for "editor" and
 it's not using double quotes, since I've set the lens to put double quotes
 by default if it creates the field.[[BR]]


 One could argue that using a sep_col which is not surrounded by spaces by
 default would fix the issue, but it only fixes it partly, and doesn't
 really correspond to the reality of what sudoers allows.[[BR]]

 I don't really have a clue, except to parse the whole field as a blob like
 I did so far. This last option is not perfect at all either, since "\\\n"
 separators are allowed within the "editor" values...

-- 
Ticket URL: <https://fedorahosted.org/augeas/ticket/48#comment:9>
Augeas <http://augeas.net/>
a configuration API




More information about the augeas-devel mailing list