diff --git a/common/sudo_conf.c b/common/sudo_conf.c index c3dd23efd..e494a0228 100644 --- a/common/sudo_conf.c +++ b/common/sudo_conf.c @@ -110,7 +110,7 @@ static struct sudo_conf_data { int group_source; int max_groups; const char *debug_flags; - struct sudo_conf_paths paths[4]; + struct sudo_conf_paths paths[5]; struct plugin_info_list plugins; } sudo_conf_data = { true, @@ -125,6 +125,10 @@ static struct sudo_conf_data { #ifdef _PATH_SUDO_NOEXEC #define SUDO_CONF_NOEXEC_IDX 2 { "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC }, +#endif +#ifdef _PATH_SUDO_PLUGIN_DIR +#define SUDO_CONF_PLUGIN_IDX 3 + { "plugin", sizeof("plugin") - 1, _PATH_SUDO_PLUGIN_DIR }, #endif { NULL } } @@ -324,6 +328,14 @@ sudo_conf_noexec_path(void) } #endif +#ifdef _PATH_SUDO_PLUGIN_DIR +const char * +sudo_conf_plugin_dir_path(void) +{ + return sudo_conf_data.paths[SUDO_CONF_PLUGIN_IDX].pval; +} +#endif + const char * sudo_conf_debug_flags(void) { diff --git a/doc/sudo.conf.cat b/doc/sudo.conf.cat index d28eedba1..9be5b604a 100644 --- a/doc/sudo.conf.cat +++ b/doc/sudo.conf.cat @@ -42,8 +42,9 @@ DDEESSCCRRIIPPTTIIOONN and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e is the name of the struct policy_plugin or struct io_plugin in the plugin shared object. The _p_a_t_h may be fully qualified or relative. If not - fully qualified, it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory. - In other words: + fully qualified, it is relative to the directory specified by the + _p_l_u_g_i_n___d_i_r Path setting, which defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. In + other words: Plugin sudoers_policy sudoers.so @@ -99,6 +100,11 @@ DDEESSCCRRIIPPTTIIOONN its equivalent. The default value is: _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o. + plugin_dir + The default directory to use when searching for plugins that + are specified without a fully qualified path name. The default + value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. + sesh The fully-qualified path to the sseesshh binary. This setting is only used when ssuuddoo is built with SELinux support. The default value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_e_s_h. @@ -361,4 +367,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for complete details. -Sudo 1.8.8 August 12, 2013 Sudo 1.8.8 +Sudo 1.8.8 August 13, 2013 Sudo 1.8.8 diff --git a/doc/sudo.conf.man.in b/doc/sudo.conf.man.in index 653c43dbe..3d6b2dd94 100644 --- a/doc/sudo.conf.man.in +++ b/doc/sudo.conf.man.in @@ -16,7 +16,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.TH "SUDO" "5" "August 12, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" +.TH "SUDO" "5" "August 13, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" .nh .if n .ad l .SH "NAME" @@ -111,9 +111,12 @@ in the plugin shared object. The \fIpath\fR may be fully qualified or relative. -If not fully qualified, it is relative to the -\fI@PLUGINDIR@\fR -directory. +If not fully qualified, it is relative to the directory +specified by the +\fIplugin_dir\fR +\fRPath\fR +setting, which defaults to +\fI@PLUGINDIR@\fR. In other words: .nf .sp @@ -225,6 +228,12 @@ or its equivalent. The default value is: \fI@noexec_file@\fR. .TP 10n +plugin_dir +The default directory to use when searching for plugins +that are specified without a fully qualified path name. +The default value is +\fI@PLUGINDIR@\fR. +.TP 10n sesh The fully-qualified path to the \fBsesh\fR diff --git a/doc/sudo.conf.mdoc.in b/doc/sudo.conf.mdoc.in index 3d8972c39..fe4ee6ad4 100644 --- a/doc/sudo.conf.mdoc.in +++ b/doc/sudo.conf.mdoc.in @@ -14,7 +14,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd August 12, 2013 +.Dd August 13, 2013 .Dt SUDO @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -107,9 +107,12 @@ in the plugin shared object. The .Em path may be fully qualified or relative. -If not fully qualified, it is relative to the -.Pa @PLUGINDIR@ -directory. +If not fully qualified, it is relative to the directory +specified by the +.Em plugin_dir +.Li Path +setting, which defaults to +.Pa @PLUGINDIR@ . In other words: .Bd -literal -offset indent Plugin sudoers_policy sudoers.so @@ -204,6 +207,11 @@ functionality on systems that support or its equivalent. The default value is: .Pa @noexec_file@ . +.It plugin_dir +The default directory to use when searching for plugins +that are specified without a fully qualified path name. +The default value is +.Pa @PLUGINDIR@ . .It sesh The fully-qualified path to the .Nm sesh diff --git a/include/sudo_conf.h b/include/sudo_conf.h index 5beab7627..2c86b8e95 100644 --- a/include/sudo_conf.h +++ b/include/sudo_conf.h @@ -40,6 +40,7 @@ void sudo_conf_read(const char *); const char *sudo_conf_askpass_path(void); const char *sudo_conf_sesh_path(void); const char *sudo_conf_noexec_path(void); +const char *sudo_conf_plugin_dir_path(void); const char *sudo_conf_debug_flags(void); struct plugin_info_list *sudo_conf_plugins(void); bool sudo_conf_disable_coredump(void); diff --git a/src/parse_args.c b/src/parse_args.c index e3779e554..9bc5856b6 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -495,7 +495,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, * Format setting_pairs into settings array. */ #ifdef _PATH_SUDO_PLUGIN_DIR - sudo_settings[ARG_PLUGIN_DIR].value = _PATH_SUDO_PLUGIN_DIR; + sudo_settings[ARG_PLUGIN_DIR].value = sudo_conf_plugin_dir_path(); #endif settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *)); for (i = 0, j = 0; i < NUM_SETTINGS; i++) {