implement full precedence rulesprivexec

author: Jakob Kaivo <jkk@ung.org> 2021-02-18 12:58:54 -0500
committer: Jakob Kaivo <jkk@ung.org> 2021-02-18 12:58:54 -0500
commit: 757c0bd92bd777c47e23281ad814f3e28bde3498 (patch)
tree: 67c72b315e9100e218b2fe0f86ee6191b41f68c6 /check/check.c
parent: c941b923b44dc9092c835fad1a480155bf512d42 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/check/check.c b/check/check.c
index 38a0164..9eee796 100644
--- a/check/check.c
+++ b/check/check.c
@@ -69,7 +69,10 @@ int main(int argc, char *argv[])
 		user, group, cmd);
 
 	switch (get_permission(user, group, cmd)) {
-	case AUTHENTICATE:
+	case AUTH_GROUP_ALL:
+	case AUTH_GROUP_CMD:
+	case AUTH_USER_ALL:
+	case AUTH_USER_CMD:
 		syslog(LOG_INFO, "%s:%s requires authentication to run %s",
 			user, group, cmd);
 		if (authenticate(user) != 0) {
@@ -78,12 +81,19 @@ int main(int argc, char *argv[])
 			fatal(0, "bad authentication");
 		}
 		/* FALLTHRU */
-	case AUTHORIZED:
+
+	case PASS_GROUP_ALL:
+	case PASS_GROUP_CMD:
+	case PASS_USER_ALL:
+	case PASS_USER_CMD:
 		syslog(LOG_INFO, "%s:%s authorized to run %s",
 			user, group, cmd);
 		return 0;
 
-	case DENIED:
+	case DENY_GROUP_ALL:
+	case DENY_GROUP_CMD:
+	case DENY_USER_ALL:
+	case DENY_USER_CMD:
 		syslog(LOG_NOTICE,
 			"%s:%s explicitly denied permission to run %s",
 			user, group, cmd);
author	Jakob Kaivo <jkk@ung.org>	2021-02-18 12:58:54 -0500
committer	Jakob Kaivo <jkk@ung.org>	2021-02-18 12:58:54 -0500
commit	757c0bd92bd777c47e23281ad814f3e28bde3498 (patch)
tree	67c72b315e9100e218b2fe0f86ee6191b41f68c6 /check/check.c
parent	c941b923b44dc9092c835fad1a480155bf512d42 (diff)