isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix sudoers_policy plugin options when sudoers_audit is not listed.

Browse Source 
As of sudo 1.9.1 the sudoers file is opened by the audit plugin,
not the policy plugin.  As a result, plugin options set for
sudoers_policy have no effect.  If sudoers_policy has plugin options
in sudo.conf and sudoers_audit is not listed, move the options to
sudoers_audit so they will have an effect.
This commit is contained in:
Todd C. Miller
2020-08-17 13:45:16 -06:00
parent 609910cc21
commit a3364c1e95
3 changed files with 42 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/load_plugins.c
View File

@@ -532,8 +532,18 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
* loaded, load it too, if possible.
*/
if (!plugin_exists(audit_plugins, "sudoers_audit")) {
(void)sudo_load_sudoers_plugin("sudoers_audit", policy_plugin,
io_plugins, audit_plugins, approval_plugins, true);
if (sudo_load_sudoers_plugin("sudoers_audit", policy_plugin,
io_plugins, audit_plugins, approval_plugins, true)) {
/*
* Move the plugin options from sudoers_policy to sudoers_audit
* since the audit module is now what actually opens sudoers.
*/
if (policy_plugin->options != NULL) {
TAILQ_LAST(audit_plugins, plugin_container_list)->options =
policy_plugin->options;
policy_plugin->options = NULL;
}
}
}
}