update_defaults() needs to be able to take a defaults_list for
the ldap/sssd backends which support per-role defaults.
This commit is contained in:
Todd C. Miller
@@ -730,7 +730,8 @@ default_binding_matches(struct sudoers_parse_tree *parse_tree,
|
||||
* Pass in an OR'd list of which default types to update.
|
||||
*/
|
||||
bool
|
||||
update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet)
|
||||
update_defaults(struct sudoers_parse_tree *parse_tree,
|
||||
struct defaults_list *defs, int what, bool quiet)
|
||||
{
|
||||
struct defaults *d;
|
||||
bool ret = true;
|
||||
@@ -739,10 +740,14 @@ update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet)
|
||||
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
|
||||
"what: 0x%02x", what);
|
||||
|
||||
/* If no defaults list specified, use the global one in the parse tree. */
|
||||
if (defs == NULL)
|
||||
defs = &parse_tree->defaults;
|
||||
|
||||
/*
|
||||
* First apply Defaults values marked as early.
|
||||
*/
|
||||
TAILQ_FOREACH(d, &parse_tree->defaults, entries) {
|
||||
TAILQ_FOREACH(d, defs, entries) {
|
||||
struct early_default *early = is_early_default(d->var);
|
||||
if (early == NULL)
|
||||
continue;
|
||||
@@ -764,7 +769,7 @@ update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet)
|
||||
/*
|
||||
* Then set the rest of the defaults.
|
||||
*/
|
||||
TAILQ_FOREACH(d, &parse_tree->defaults, entries) {
|
||||
TAILQ_FOREACH(d, defs, entries) {
|
||||
/* Skip Defaults marked as early, we already did them. */
|
||||
if (is_early_default(d->var))
|
||||
continue;
|
||||
|
||||
@@ -122,6 +122,7 @@ struct early_default {
|
||||
/*
|
||||
* Prototypes
|
||||
*/
|
||||
struct defaults_list;
|
||||
struct sudoers_parse_tree;
|
||||
void dump_default(void);
|
||||
bool init_defaults(void);
|
||||
@@ -129,7 +130,7 @@ struct early_default *is_early_default(const char *name);
|
||||
bool run_early_defaults(void);
|
||||
bool set_early_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet, struct early_default *early);
|
||||
bool set_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet);
|
||||
bool update_defaults(struct sudoers_parse_tree *parse_tree, int what, bool quiet);
|
||||
bool update_defaults(struct sudoers_parse_tree *parse_tree, struct defaults_list *defs, int what, bool quiet);
|
||||
bool check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet);
|
||||
|
||||
extern struct sudo_defs_types sudo_defs_table[];
|
||||
|
||||
@@ -310,7 +310,7 @@ sudoers_lookup(struct sudo_nss_list *snl, struct passwd *pw, int validated,
|
||||
}
|
||||
if (match != UNSPEC) {
|
||||
if (defs != NULL)
|
||||
update_defaults(parse_tree, SETDEF_GENERIC, false);
|
||||
update_defaults(parse_tree, defs, SETDEF_GENERIC, false);
|
||||
if (!apply_cmndspec(cs))
|
||||
SET(validated, VALIDATE_ERROR);
|
||||
else if (match == ALLOW)
|
||||
|
||||
@@ -198,7 +198,7 @@ sudoers_policy_init(void *info, char * const envp[])
|
||||
}
|
||||
|
||||
sources++;
|
||||
if (nss->getdefs(nss) == -1 || !update_defaults(nss->parse_tree,
|
||||
if (nss->getdefs(nss) == -1 || !update_defaults(nss->parse_tree, NULL,
|
||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS, false)) {
|
||||
log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR,
|
||||
N_("problem with defaults entries"));
|
||||
@@ -854,7 +854,7 @@ set_cmnd(void)
|
||||
user_base = user_cmnd;
|
||||
|
||||
TAILQ_FOREACH(nss, snl, entries) {
|
||||
if (!update_defaults(nss->parse_tree, SETDEF_CMND, false)) {
|
||||
if (!update_defaults(nss->parse_tree, NULL, SETDEF_CMND, false)) {
|
||||
log_warningx(SLOG_SEND_MAIL|SLOG_NO_STDERR,
|
||||
N_("problem with defaults entries"));
|
||||
}
|
||||
|
||||
@@ -285,7 +285,7 @@ main(int argc, char *argv[])
|
||||
(void) fputs("Parses OK", stdout);
|
||||
}
|
||||
|
||||
if (!update_defaults(&parsed_policy, SETDEF_ALL, false))
|
||||
if (!update_defaults(&parsed_policy, NULL, SETDEF_ALL, false))
|
||||
(void) fputs(" (problem with defaults entries)", stdout);
|
||||
puts(".");
|
||||
|
||||
|
||||
@@ -246,7 +246,7 @@ main(int argc, char *argv[])
|
||||
init_parser(sudoers_file, quiet);
|
||||
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
|
||||
(void) sudoersparse();
|
||||
(void) update_defaults(&parsed_policy,
|
||||
(void) update_defaults(&parsed_policy, NULL,
|
||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, quiet);
|
||||
sudoers_setlocale(oldlocale, NULL);
|
||||
|
||||
@@ -602,7 +602,7 @@ reparse_sudoers(char *editor, int editor_argc, char **editor_argv,
|
||||
}
|
||||
fclose(sudoersin);
|
||||
if (!parse_error) {
|
||||
(void) update_defaults(&parsed_policy,
|
||||
(void) update_defaults(&parsed_policy, NULL,
|
||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
|
||||
check_defaults_and_aliases(strict, quiet);
|
||||
}
|
||||
@@ -920,7 +920,7 @@ check_syntax(const char *sudoers_file, bool quiet, bool strict, bool oldperms)
|
||||
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
||||
}
|
||||
if (!parse_error) {
|
||||
(void) update_defaults(&parsed_policy,
|
||||
(void) update_defaults(&parsed_policy, NULL,
|
||||
SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
|
||||
check_defaults_and_aliases(strict, quiet);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user