[augeas-devel] Re: [Augeas] #48: sudoers lens does not handle multiline strings
Augeas
trac at fedorahosted.org
Mon Mar 23 10:27:44 UTC 2009
#48: sudoers lens does not handle multiline strings
------------------------+---------------------------------------------------
Reporter: fsweetser | Owner: raphink
Type: defect | Status: assigned
Priority: minor | Milestone: next
Component: Augeas | Version: 0.4.1
Resolution: | Keywords: sudoers
------------------------+---------------------------------------------------
Comment (by raphink):
OK, I've tried to parse the contents of the "editor" parameter
specifically... So, far, I'd call it a failure. This is the code I'm using
:
{{{
(* "editor" is a special value that we parse as a colon-separated list
Note: Spaces are allowed only _if_ the value is surrounded by quotes
but I have no idea how to do that properly with augeas
Values must begin with a "/"
*)
let parameter_string_editor_sto =
store /\/[^": \t\n\\\\][^":\n\\\\]*[^":
\t\n\\\\]|\/[^":\n\\\\]/
let parameter_string_editor_value = [ label "name"
. parameter_string_editor_sto ]
let parameter_string_editor = [ key "editor" . sep_eq
. del /"?/ "\""
. parameter_string_editor_value
. ( sep_col
. parameter_string_editor_value
)*
. del /"?/ "\"" ]
}}}
The problem is described in the comment. Here is an example of how it
fails :
Let's say I have an already existing "editor" entry in sudoers, which says
:
{{{
editor = /usr/bin/nano
}}}
which is mapped as
{{{
/files/etc/sudoers/Defaults/editor
/files/etc/sudoers/Defaults/editor/name = "/usr/bin/nano"
}}}
and I want to add a "/usr/bin/pico -A" entry (which is allowed), so I'd do
:
{{{
set /files/etc/sudoers/Defaults/editor/name[2] "/usr/bin/pico -A"
save
}}}
Augeas is happy with it, and I get :
{{{
editor=/usr/bin/nano : /usr/bin/pico -A
}}}
And there, visudo is not happy at all, because that is only possible if
the values are surrounded by double quotes. So
{{{
editor="/usr/bin/nano : /usr/bin/pico -A"
}}}
is perfectly fine.[[BR]]
This only happens if there is an already existing value for "editor" and
it's not using double quotes, since I've set the lens to put double quotes
by default if it creates the field.[[BR]]
One could argue that using a sep_col which is not surrounded by spaces by
default would fix the issue, but it only fixes it partly, and doesn't
really correspond to the reality of what sudoers allows.[[BR]]
I don't really have a clue, except to parse the whole field as a blob like
I did so far. This last option is not perfect at all either, since "\\\n"
separators are allowed within the "editor" values...
--
Ticket URL: <https://fedorahosted.org/augeas/ticket/48#comment:9>
Augeas <http://augeas.net/>
a configuration API
More information about the augeas-devel
mailing list