From 757c0bd92bd777c47e23281ad814f3e28bde3498 Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Thu, 18 Feb 2021 12:58:54 -0500
Subject: implement full precedence rules

---
 check/check.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'check/check.c')

diff --git a/check/check.c b/check/check.c
index 38a0164..9eee796 100644
--- a/check/check.c
+++ b/check/check.c
@@ -69,7 +69,10 @@ int main(int argc, char *argv[])
 		user, group, cmd);
 
 	switch (get_permission(user, group, cmd)) {
-	case AUTHENTICATE:
+	case AUTH_GROUP_ALL:
+	case AUTH_GROUP_CMD:
+	case AUTH_USER_ALL:
+	case AUTH_USER_CMD:
 		syslog(LOG_INFO, "%s:%s requires authentication to run %s",
 			user, group, cmd);
 		if (authenticate(user) != 0) {
@@ -78,12 +81,19 @@ int main(int argc, char *argv[])
 			fatal(0, "bad authentication");
 		}
 		/* FALLTHRU */
-	case AUTHORIZED:
+
+	case PASS_GROUP_ALL:
+	case PASS_GROUP_CMD:
+	case PASS_USER_ALL:
+	case PASS_USER_CMD:
 		syslog(LOG_INFO, "%s:%s authorized to run %s",
 			user, group, cmd);
 		return 0;
 
-	case DENIED:
+	case DENY_GROUP_ALL:
+	case DENY_GROUP_CMD:
+	case DENY_USER_ALL:
+	case DENY_USER_CMD:
 		syslog(LOG_NOTICE,
 			"%s:%s explicitly denied permission to run %s",
 			user, group, cmd);
-- 
cgit v1.2.1