isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add file:linenumber prefix to all Defaults warnings so we can see

Browse Source 
them when running sudo too.  For LDAP/SSSD we print the sudoRole
instead of the file name and omit the line number.
This commit is contained in:
Todd C. Miller
2016-11-02 17:07:32 -06:00
parent a9715211a8
commit 75e29f163e
6 changed files with 146 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
plugins/sudoers/ldap.c
View File

@@ -380,6 +380,7 @@ static int sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw,
struct sudo_lbuf *lbuf);
static struct ldap_result *sudo_ldap_result_get(struct sudo_nss *nss,
struct passwd *pw);
static char *sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry);
/*
* LDAP sudo_nss handle.
@@ -1129,7 +1130,7 @@ static bool
sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
{
struct berval **bv, **p;
char *copy, *var, *val;
char *cn, *copy, *var, *val, *source = NULL;
bool ret = false;
int op;
debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP)
@@ -1138,6 +1139,16 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
if (bv == NULL)
debug_return_bool(true);
/* get the entry's dn for option error reporting */
cn = sudo_ldap_get_first_rdn(ld, entry);
if (cn != NULL) {
if (asprintf(&source, "sudoRole %s", cn) == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
source = NULL;
goto done;
}
}
/* walk through options, early ones first */
for (p = bv; *p != NULL; p++) {
struct early_default *early;
@@ -1148,8 +1159,10 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
}
op = sudo_ldap_parse_option(copy, &var, &val);
early = is_early_default(var);
if (early != NULL)
set_early_default(var, val, op, false, early);
if (early != NULL) {
set_early_default(var, val, op,
source ? source : "sudoRole UNKNOWN", 0, false, early);
}
free(copy);
}
run_early_defaults();
@@ -1161,13 +1174,18 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
goto done;
}
op = sudo_ldap_parse_option(copy, &var, &val);
if (is_early_default(var) == NULL)
set_default(var, val, op, false);
if (is_early_default(var) == NULL) {
set_default(var, val, op,
source ? source : "sudoRole UNKNOWN", 0, false);
}
free(copy);
}
ret = true;
done:
free(source);
if (cn)
ldap_memfree(cn);
ldap_value_free_len(bv);
debug_return_bool(ret);