update_defaults() needs to be able to take a defaults_list for
the ldap/sssd backends which support per-role defaults.
This commit is contained in:
Todd C. Miller
@@ -730,7 +730,8 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree,
|
|||||||
* Pass in an OR'd list of which default types to update.
|
* Pass in an OR'd list of which default types to update.
|
||||||
*/
|
*/
|
||||||
bool
|
bool
|
||||||
update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet)
|
update_defaults(struct sudoers_parse_tree *parse_tree,
|
||||||
|
struct defaults_list *defs, int what, bool quiet)
|
||||||
{
|
{
|
||||||
struct defaults *d;
|
struct defaults *d;
|
||||||
bool ret = true;
|
bool ret = true;
|
||||||
@@ -739,10 +740,14 @@ update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet)
|
|||||||
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
|
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
|
||||||
"what: 0x%02x", what);
|
"what: 0x%02x", what);
|
||||||
|
|
||||||
|
/* If no defaults list specified, use the global one in the parse tree. */
|
||||||
|
if (defs == NULL)
|
||||||
|
defs = &parse_tree->defaults;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* First apply Defaults values marked as early.
|
* First apply Defaults values marked as early.
|
||||||
*/
|
*/
|
||||||
TAILQ_FOREACH(d, &parse_tree->defaults, entries) {
|
TAILQ_FOREACH(d, defs, entries) {
|
||||||
struct early_default *early = is_early_default(d->var);
|
struct early_default *early = is_early_default(d->var);
|
||||||
if (early == NULL)
|
if (early == NULL)
|
||||||
continue;
|
continue;
|
||||||
@@ -764,7 +769,7 @@ update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet)
|
|||||||
/*
|
/*
|
||||||
* Then set the rest of the defaults.
|
* Then set the rest of the defaults.
|
||||||
*/
|
*/
|
||||||
TAILQ_FOREACH(d, &parse_tree->defaults, entries) {
|
TAILQ_FOREACH(d, defs, entries) {
|
||||||
/* Skip Defaults marked as early, we already did them. */
|
/* Skip Defaults marked as early, we already did them. */
|
||||||
if (is_early_default(d->var))
|
if (is_early_default(d->var))
|
||||||
continue;
|
continue;
|
||||||
|
|||||||
@@ -122,6 +122,7 @@ struct early_default {
|
|||||||
/*
|
/*
|
||||||
* Prototypes
|
* Prototypes
|
||||||
*/
|
*/
|
||||||
|
struct defaults_list;
|
||||||
struct sudoers_parse_tree;
|
struct sudoers_parse_tree;
|
||||||
void dump_default(void);
|
void dump_default(void);
|
||||||
bool init_defaults(void);
|
bool init_defaults(void);
|
||||||
@@ -129,7 +130,7 @@ struct early_default *is_early_default(const char *name);
|
|||||||
bool run_early_defaults(void);
|
bool run_early_defaults(void);
|
||||||
bool set_early_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet, struct early_default *early);
|
bool set_early_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet, struct early_default *early);
|
||||||
bool set_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet);
|
bool set_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet);
|
||||||
bool update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet);
|
bool update_defaults(struct sudoers_parse_tree *parse_tree, struct defaults_list *defs, int what, bool quiet);
|
||||||
bool check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet);
|
bool check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet);
|
||||||
|
|
||||||
extern struct sudo_defs_types sudo_defs_table[];
|
extern struct sudo_defs_types sudo_defs_table[];
|
||||||
|
|||||||
@@ -310,7 +310,7 @@ sudoers_lookup(struct sudo_nss_list *snl, struct passwd *pw, int validated,
|
|||||||
}
|
}
|
||||||
if (match != UNSPEC) {
|
if (match != UNSPEC) {
|
||||||
if (defs != NULL)
|
if (defs != NULL)
|
||||||
update_defaults(parse_tree, SETDEF_GENERIC, false);
|
update_defaults(parse_tree, defs, SETDEF_GENERIC, false);
|
||||||
if (!apply_cmndspec(cs))
|
if (!apply_cmndspec(cs))
|
||||||
SET(validated, VALIDATE_ERROR);
|
SET(validated, VALIDATE_ERROR);
|
||||||
else if (match == ALLOW)
|
else if (match == ALLOW)
|
||||||
|
|||||||
@@ -198,7 +198,7 @@ sudoers_policy_init(void *info, char * const envp[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
sources++;
|
sources++;
|
||||||
if (nss->getdefs(nss) == -1 || !update_defaults(nss->parse_tree,
|
if (nss->getdefs(nss) == -1 || !update_defaults(nss->parse_tree, NULL,
|
||||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS, false)) {
|
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS, false)) {
|
||||||
log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR,
|
log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR,
|
||||||
N_("problem with defaults entries"));
|
N_("problem with defaults entries"));
|
||||||
@@ -854,7 +854,7 @@ set_cmnd(void)
|
|||||||
user_base = user_cmnd;
|
user_base = user_cmnd;
|
||||||
|
|
||||||
TAILQ_FOREACH(nss, snl, entries) {
|
TAILQ_FOREACH(nss, snl, entries) {
|
||||||
if (!update_defaults(nss->parse_tree, SETDEF_CMND, false)) {
|
if (!update_defaults(nss->parse_tree, NULL, SETDEF_CMND, false)) {
|
||||||
log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR,
|
log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR,
|
||||||
N_("problem with defaults entries"));
|
N_("problem with defaults entries"));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -285,7 +285,7 @@ main(int argc, char *argv[])
|
|||||||
(void) fputs("Parses OK", stdout);
|
(void) fputs("Parses OK", stdout);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!update_defaults(&parsed_policy, SETDEF_ALL, false))
|
if (!update_defaults(&parsed_policy, NULL, SETDEF_ALL, false))
|
||||||
(void) fputs(" (problem with defaults entries)", stdout);
|
(void) fputs(" (problem with defaults entries)", stdout);
|
||||||
puts(".");
|
puts(".");
|
||||||
|
|
||||||
|
|||||||
@@ -246,7 +246,7 @@ main(int argc, char *argv[])
|
|||||||
init_parser(sudoers_file, quiet);
|
init_parser(sudoers_file, quiet);
|
||||||
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
||||||
(void) sudoersparse();
|
(void) sudoersparse();
|
||||||
(void) update_defaults(&parsed_policy,
|
(void) update_defaults(&parsed_policy, NULL,
|
||||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, quiet);
|
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, quiet);
|
||||||
sudoers_setlocale(oldlocale, NULL);
|
sudoers_setlocale(oldlocale, NULL);
|
||||||
|
|
||||||
@@ -602,7 +602,7 @@ reparse_sudoers(char *editor, int editor_argc, char **editor_argv,
|
|||||||
}
|
}
|
||||||
fclose(sudoersin);
|
fclose(sudoersin);
|
||||||
if (!parse_error) {
|
if (!parse_error) {
|
||||||
(void) update_defaults(&parsed_policy,
|
(void) update_defaults(&parsed_policy, NULL,
|
||||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
|
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
|
||||||
check_defaults_and_aliases(strict, quiet);
|
check_defaults_and_aliases(strict, quiet);
|
||||||
}
|
}
|
||||||
@@ -920,7 +920,7 @@ check_syntax(const char *sudoers_file, bool quiet, bool strict, bool oldperms)
|
|||||||
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
||||||
}
|
}
|
||||||
if (!parse_error) {
|
if (!parse_error) {
|
||||||
(void) update_defaults(&parsed_policy,
|
(void) update_defaults(&parsed_policy, NULL,
|
||||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
|
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
|
||||||
check_defaults_and_aliases(strict, quiet);
|
check_defaults_and_aliases(strict, quiet);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user