Allow default plugin dir to be configured in sudo.conf.

2013-08-13 12:24:28 -06:00
parent d10641cdbb
commit d9fd6281e4
6 changed files with 49 additions and 13 deletions
--- a/common/sudo_conf.c
+++ b/common/sudo_conf.c
@@ -110,7 +110,7 @@ static struct sudo_conf_data {
    int group_source;
    int max_groups;
    const char *debug_flags;
-    struct sudo_conf_paths paths[4];
+    struct sudo_conf_paths paths[5];
    struct plugin_info_list plugins;
 } sudo_conf_data = {
    true,
@@ -125,6 +125,10 @@ static struct sudo_conf_data {
 #ifdef _PATH_SUDO_NOEXEC
 #define SUDO_CONF_NOEXEC_IDX	2
 	{ "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC },
+#endif
+#ifdef _PATH_SUDO_PLUGIN_DIR
+#define SUDO_CONF_PLUGIN_IDX	3
+	{ "plugin", sizeof("plugin") - 1, _PATH_SUDO_PLUGIN_DIR },
 #endif
 	{ NULL }
    }
@@ -324,6 +328,14 @@ sudo_conf_noexec_path(void)
 }
 #endif

+#ifdef _PATH_SUDO_PLUGIN_DIR
+const char *
+sudo_conf_plugin_dir_path(void)
+{
+    return sudo_conf_data.paths[SUDO_CONF_PLUGIN_IDX].pval;
+}
+#endif
+
 const char *
 sudo_conf_debug_flags(void)
 {
--- a/doc/sudo.conf.cat
+++ b/doc/sudo.conf.cat
@@ -42,8 +42,9 @@ DDEESSCCRRIIPPTTIIOONN
     and the _p_a_t_h to the shared object containing the plugin.  The _s_y_m_b_o_l___n_a_m_e
     is the name of the struct policy_plugin or struct io_plugin in the plugin
     shared object.  The _p_a_t_h may be fully qualified or relative.  If not
-     fully qualified, it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory.
-     In other words:
+     fully qualified, it is relative to the directory specified by the
+     _p_l_u_g_i_n___d_i_r Path setting, which defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o.  In
+     other words:

           Plugin sudoers_policy sudoers.so

@@ -99,6 +100,11 @@ DDEESSCCRRIIPPTTIIOONN
               its equivalent.  The default value is:
               _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o.

+     plugin_dir
+               The default directory to use when searching for plugins that
+               are specified without a fully qualified path name.  The default
+               value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o.
+
     sesh      The fully-qualified path to the sseesshh binary.  This setting is
               only used when ssuuddoo is built with SELinux support.  The default
               value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_e_s_h.
@@ -361,4 +367,4 @@ DDIISSCCLLAAIIMMEERR
     file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
     complete details.

-Sudo 1.8.8                      August 12, 2013                     Sudo 1.8.8
+Sudo 1.8.8                      August 13, 2013                     Sudo 1.8.8
--- a/doc/sudo.conf.man.in
+++ b/doc/sudo.conf.man.in
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDO" "5" "August 12, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO" "5" "August 13, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -111,9 +111,12 @@ in the plugin shared object.
 The
 \fIpath\fR
 may be fully qualified or relative.
-If not fully qualified, it is relative to the
-\fI@PLUGINDIR@\fR
-directory.
+If not fully qualified, it is relative to the directory
+specified by the
+\fIplugin_dir\fR
+\fRPath\fR
+setting, which defaults to
+\fI@PLUGINDIR@\fR.
 In other words:
 .nf
 .sp
@@ -225,6 +228,12 @@ or its equivalent.
 The default value is:
 \fI@noexec_file@\fR.
 .TP 10n
+plugin_dir
+The default directory to use when searching for plugins
+that are specified without a fully qualified path name.
+The default value is
+\fI@PLUGINDIR@\fR.
+.TP 10n
 sesh
 The fully-qualified path to the
 \fBsesh\fR
--- a/doc/sudo.conf.mdoc.in
+++ b/doc/sudo.conf.mdoc.in
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 12, 2013
+.Dd August 13, 2013
 .Dt SUDO @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -107,9 +107,12 @@ in the plugin shared object.
 The
 .Em path
 may be fully qualified or relative.
-If not fully qualified, it is relative to the
-.Pa @PLUGINDIR@
-directory.
+If not fully qualified, it is relative to the directory
+specified by the
+.Em plugin_dir
+.Li Path
+setting, which defaults to
+.Pa @PLUGINDIR@ .
 In other words:
 .Bd -literal -offset indent
 Plugin sudoers_policy sudoers.so
@@ -204,6 +207,11 @@ functionality on systems that support
 or its equivalent.
 The default value is:
 .Pa @noexec_file@ .
+.It plugin_dir
+The default directory to use when searching for plugins
+that are specified without a fully qualified path name.
+The default value is
+.Pa @PLUGINDIR@ .
 .It sesh
 The fully-qualified path to the
 .Nm sesh
--- a/include/sudo_conf.h
+++ b/include/sudo_conf.h
@@ -40,6 +40,7 @@ void sudo_conf_read(const char *);
 const char *sudo_conf_askpass_path(void);
 const char *sudo_conf_sesh_path(void);
 const char *sudo_conf_noexec_path(void);
+const char *sudo_conf_plugin_dir_path(void);
 const char *sudo_conf_debug_flags(void);
 struct plugin_info_list *sudo_conf_plugins(void);
 bool sudo_conf_disable_coredump(void);
--- a/src/parse_args.c
+++ b/src/parse_args.c
@@ -495,7 +495,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
     * Format setting_pairs into settings array.
     */
 #ifdef _PATH_SUDO_PLUGIN_DIR
-    sudo_settings[ARG_PLUGIN_DIR].value = _PATH_SUDO_PLUGIN_DIR;
+    sudo_settings[ARG_PLUGIN_DIR].value = sudo_conf_plugin_dir_path();
 #endif
    settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *));
    for (i = 0, j = 0; i < NUM_SETTINGS; i++) {