Defer setting runas defaults until after runaspw/gr is setup.

defaults.h

@@ -93,9 +93,12 @@ struct sudo_defs_types {
 /*
  * Argument to update_defaults()
  */
-#define	SKIP_CMND	1
+#define SETDEF_GENERIC	0x01
-#define	ONLY_CMND	0
+#define	SETDEF_HOST	0x02
-#define	SET_ALL		-1
+#define	SETDEF_USER	0x04
+#define	SETDEF_RUNAS	0x08
+#define	SETDEF_CMND	0x10
+#define SETDEF_ALL	(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS|SETDEF_CMND)
 
 /*
  * Prototypes

parse.c

@@ -133,37 +133,42 @@ sudo_file_parse(nss)
  * Returns TRUE on success and FALSE on failure.
  */
 int
-update_defaults(skip_cmnd)
+update_defaults(what)
-    int skip_cmnd;
+    int what;
 {
     struct defaults *def;
 
     tq_foreach_fwd(&defaults, def) {
-	if (skip_cmnd == (def->type == DEFAULTS_CMND))
-	    continue;
 	switch (def->type) {
 	    case DEFAULTS:
-		if (!set_default(def->var, def->val, def->op))
+		if (ISSET(what, SETDEF_GENERIC) &&
+		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
+		break;
 	    case DEFAULTS_USER:
-		if (userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
+		if (ISSET(what, SETDEF_USER) &&
+		    userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
 		break;
 	    case DEFAULTS_RUNAS:
-		if (runaslist_matches(&def->binding, NULL) == ALLOW &&
+		if (ISSET(what, SETDEF_RUNAS) &&
+		    runaslist_matches(&def->binding, NULL) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
 		break;
 	    case DEFAULTS_HOST:
-		if (hostlist_matches(&def->binding) == ALLOW &&
+		if (ISSET(what, SETDEF_HOST) &&
+		    hostlist_matches(&def->binding) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
 		break;
 	    case DEFAULTS_CMND:
-		if (cmndlist_matches(&def->binding) == ALLOW &&
+		if (ISSET(what, SETDEF_CMND) &&
+		    cmndlist_matches(&def->binding) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
+		break;
 	}
     }
     return(TRUE);
@@ -179,7 +184,7 @@ sudo_file_setdefs(nss)
     if (nss->handle == NULL)
 	return(-1);
 
-    if (!update_defaults(SKIP_CMND))
+    if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER))
 	return(-1);
     return(0);
 }

sudo.c

@@ -293,6 +293,9 @@ main(argc, argv, envp)
     } else
 	set_runaspw(runas_user ? runas_user : def_runas_default);
 
+    if (!update_defaults(SETDEF_RUNAS))
+	log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
+
     /* Set login class if applicable. */
     set_loginclass(sudo_user.pw);
 
@@ -807,7 +810,7 @@ set_cmnd(sudo_mode)
     else
 	user_base = user_cmnd;
 
-    if (!update_defaults(ONLY_CMND))
+    if (!update_defaults(SETDEF_CMND))
 	log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
 
     return(rval);

testsudoers.c

@@ -254,7 +254,7 @@ main(argc, argv)
     else
 	(void) fputs("Parses OK", stdout);
 
-    if (!update_defaults(SET_ALL))
+    if (!update_defaults(SETDEF_ALL))
 	(void) fputs(" (problem with defaults entries)", stdout);
     puts(".");
 
@@ -336,9 +336,10 @@ set_runasgr(group)
     }
 }
 
+/* XXX - sanity check defaults settings */
 int
-update_defaults(skip_cmnd)
+update_defaults(what)
-    int skip_cmnd;
+    int what;
 {
     return(TRUE);
 }

visudo.c

@@ -208,7 +208,7 @@ main(argc, argv)
 	error(1, "%s", sudoers_path);
     init_parser(sudoers_path, 0);
     yyparse();
-    (void) update_defaults(SKIP_CMND);
+    (void) update_defaults(SETDEF_ALL & ~SETDEF_CMND);
 
     editor = get_editor(&args);
 
@@ -565,9 +565,10 @@ user_is_exempt()
 }
 
 /* STUB */
+/* XXX - parse defaults to get editor and env_editor values */
 int
-update_defaults(skip_cmnd)
+update_defaults(what)
-    int skip_cmnd;
+    int what;
 {
     return(TRUE);
 }