isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow default plugin dir to be configured in sudo.conf.

Browse Source
This commit is contained in:
Todd C. Miller
2013-08-13 12:24:28 -06:00
parent d10641cdbb
commit d9fd6281e4
6 changed files with 49 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
common/sudo_conf.c
View File

@@ -110,7 +110,7 @@ static struct sudo_conf_data {
int group_source; int group_source;
int max_groups; int max_groups;
const char *debug_flags; const char *debug_flags;
struct sudo_conf_paths paths[4]; struct sudo_conf_paths paths[5];
struct plugin_info_list plugins; struct plugin_info_list plugins;
} sudo_conf_data = { } sudo_conf_data = {
true, true,
@@ -125,6 +125,10 @@ static struct sudo_conf_data {
#ifdef _PATH_SUDO_NOEXEC #ifdef _PATH_SUDO_NOEXEC
#define SUDO_CONF_NOEXEC_IDX 2 #define SUDO_CONF_NOEXEC_IDX 2
{ "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC }, { "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC },
#endif
#ifdef _PATH_SUDO_PLUGIN_DIR
#define SUDO_CONF_PLUGIN_IDX 3
{ "plugin", sizeof("plugin") - 1, _PATH_SUDO_PLUGIN_DIR },
#endif #endif
{ NULL } { NULL }
} }
@@ -324,6 +328,14 @@ sudo_conf_noexec_path(void)
} }
#endif #endif
#ifdef _PATH_SUDO_PLUGIN_DIR
const char *
sudo_conf_plugin_dir_path(void)
{
return sudo_conf_data.paths[SUDO_CONF_PLUGIN_IDX].pval;
}
#endif
const char * const char *
sudo_conf_debug_flags(void) sudo_conf_debug_flags(void)
{ {

12
doc/sudo.conf.cat
View File

@@ -42,8 +42,9 @@ DDEESSCCRRIIPPTTIIOONN
and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e and the _p_a_t_h to the shared object containing the plugin. The _s_y_m_b_o_l___n_a_m_e
is the name of the struct policy_plugin or struct io_plugin in the plugin is the name of the struct policy_plugin or struct io_plugin in the plugin
shared object. The _p_a_t_h may be fully qualified or relative. If not shared object. The _p_a_t_h may be fully qualified or relative. If not
fully qualified, it is relative to the _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o directory. fully qualified, it is relative to the directory specified by the
In other words: _p_l_u_g_i_n___d_i_r Path setting, which defaults to _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o. In
other words:
Plugin sudoers_policy sudoers.so Plugin sudoers_policy sudoers.so
@@ -99,6 +100,11 @@ DDEESSCCRRIIPPTTIIOONN
its equivalent. The default value is: its equivalent. The default value is:
_/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o. _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_u_d_o___n_o_e_x_e_c_._s_o.
plugin_dir
The default directory to use when searching for plugins that
are specified without a fully qualified path name. The default
value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o.
sesh The fully-qualified path to the sseesshh binary. This setting is sesh The fully-qualified path to the sseesshh binary. This setting is
only used when ssuuddoo is built with SELinux support. The default only used when ssuuddoo is built with SELinux support. The default
value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_e_s_h. value is _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o_/_s_e_s_h.
@@ -361,4 +367,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
complete details. complete details.
Sudo 1.8.8 August 12, 2013 Sudo 1.8.8 Sudo 1.8.8 August 13, 2013 Sudo 1.8.8

17
doc/sudo.conf.man.in
View File

@@ -16,7 +16,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.TH "SUDO" "5" "August 12, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" .TH "SUDO" "5" "August 13, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -111,9 +111,12 @@ in the plugin shared object.
The The
\fIpath\fR \fIpath\fR
may be fully qualified or relative. may be fully qualified or relative.
If not fully qualified, it is relative to the If not fully qualified, it is relative to the directory
\fI@PLUGINDIR@\fR specified by the
directory. \fIplugin_dir\fR
\fRPath\fR
setting, which defaults to
\fI@PLUGINDIR@\fR.
In other words: In other words:
.nf .nf
.sp .sp
@@ -225,6 +228,12 @@ or its equivalent.
The default value is: The default value is:
\fI@noexec_file@\fR. \fI@noexec_file@\fR.
.TP 10n .TP 10n
plugin_dir
The default directory to use when searching for plugins
that are specified without a fully qualified path name.
The default value is
\fI@PLUGINDIR@\fR.
.TP 10n
sesh sesh
The fully-qualified path to the The fully-qualified path to the
\fBsesh\fR \fBsesh\fR

16
doc/sudo.conf.mdoc.in
View File

@@ -14,7 +14,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd August 12, 2013 .Dd August 13, 2013
.Dt SUDO @mansectform@ .Dt SUDO @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -107,9 +107,12 @@ in the plugin shared object.
The The
.Em path .Em path
may be fully qualified or relative. may be fully qualified or relative.
If not fully qualified, it is relative to the If not fully qualified, it is relative to the directory
.Pa @PLUGINDIR@ specified by the
directory. .Em plugin_dir
.Li Path
setting, which defaults to
.Pa @PLUGINDIR@ .
In other words: In other words:
.Bd -literal -offset indent .Bd -literal -offset indent
Plugin sudoers_policy sudoers.so Plugin sudoers_policy sudoers.so
@@ -204,6 +207,11 @@ functionality on systems that support
or its equivalent. or its equivalent.
The default value is: The default value is:
.Pa @noexec_file@ . .Pa @noexec_file@ .
.It plugin_dir
The default directory to use when searching for plugins
that are specified without a fully qualified path name.
The default value is
.Pa @PLUGINDIR@ .
.It sesh .It sesh
The fully-qualified path to the The fully-qualified path to the
.Nm sesh .Nm sesh

1
include/sudo_conf.h
View File

@@ -40,6 +40,7 @@ void sudo_conf_read(const char *);
const char *sudo_conf_askpass_path(void); const char *sudo_conf_askpass_path(void);
const char *sudo_conf_sesh_path(void); const char *sudo_conf_sesh_path(void);
const char *sudo_conf_noexec_path(void); const char *sudo_conf_noexec_path(void);
const char *sudo_conf_plugin_dir_path(void);
const char *sudo_conf_debug_flags(void); const char *sudo_conf_debug_flags(void);
struct plugin_info_list *sudo_conf_plugins(void); struct plugin_info_list *sudo_conf_plugins(void);
bool sudo_conf_disable_coredump(void); bool sudo_conf_disable_coredump(void);

2
src/parse_args.c
View File

@@ -495,7 +495,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
* Format setting_pairs into settings array. * Format setting_pairs into settings array.
*/ */
#ifdef _PATH_SUDO_PLUGIN_DIR #ifdef _PATH_SUDO_PLUGIN_DIR
sudo_settings[ARG_PLUGIN_DIR].value = _PATH_SUDO_PLUGIN_DIR; sudo_settings[ARG_PLUGIN_DIR].value = sudo_conf_plugin_dir_path();
#endif #endif
settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *)); settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *));
for (i = 0, j = 0; i < NUM_SETTINGS; i++) { for (i = 0, j = 0; i < NUM_SETTINGS; i++) {