unused return value from setters.
/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#endif /* HAVE_UNISTD_H */
#include <ctype.h>
#include <errno.h>
+#include <limits.h>
#define SUDO_ERROR_WRAP 0
struct sudo_conf_table {
const char *name;
unsigned int namelen;
- bool (*setter)(const char *entry);
+ void (*setter)(const char *entry);
};
struct sudo_conf_paths {
const char *pval;
};
-static bool set_debug(const char *entry);
-static bool set_path(const char *entry);
-static bool set_plugin(const char *entry);
-static bool set_variable(const char *entry);
+static void set_debug(const char *entry);
+static void set_path(const char *entry);
+static void set_plugin(const char *entry);
+static void set_variable(const char *entry);
+static void set_var_disable_coredump(const char *entry);
+static void set_var_group_source(const char *entry);
+static void set_var_max_groups(const char *entry);
static unsigned int lineno;
{ NULL }
};
+static struct sudo_conf_table sudo_conf_table_vars[] = {
+ { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump },
+ { "group_source", sizeof("group_source") - 1, set_var_group_source },
+ { "max_groups", sizeof("max_groups") - 1, set_var_max_groups },
+ { NULL }
+};
+
static struct sudo_conf_data {
bool disable_coredump;
int group_source;
+ int max_groups;
const char *debug_flags;
struct sudo_conf_paths paths[3];
struct plugin_info_list plugins;
} sudo_conf_data = {
true,
GROUP_SOURCE_ADAPTIVE,
+ -1,
NULL,
{
#define SUDO_CONF_ASKPASS_IDX 0
/*
* "Set variable_name value"
*/
-static bool
+static void
set_variable(const char *entry)
{
-#undef DC_LEN
-#define DC_LEN (sizeof("disable_coredump") - 1)
- if (strncmp(entry, "disable_coredump", DC_LEN) == 0 &&
- isblank((unsigned char)entry[DC_LEN])) {
- entry += DC_LEN + 1;
- while (isblank((unsigned char)*entry))
- entry++;
- sudo_conf_data.disable_coredump = atobool(entry);
- }
-#undef DC_LEN
-#undef GS_LEN
-#define GS_LEN (sizeof("group_source") - 1)
- if (strncmp(entry, "group_source", GS_LEN) == 0 &&
- isblank((unsigned char)entry[GS_LEN])) {
- entry += GS_LEN + 1;
- while (isblank((unsigned char)*entry))
- entry++;
- if (strcasecmp(entry, "adaptive") == 0) {
- sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE;
- } else if (strcasecmp(entry, "static") == 0) {
- sudo_conf_data.group_source = GROUP_SOURCE_STATIC;
- } else if (strcasecmp(entry, "dynamic") == 0) {
- sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC;
- } else {
- warningx(_("unsupported group source `%s' in %s, line %d"), entry,
- _PATH_SUDO_CONF, lineno);
+ struct sudo_conf_table *var;
+
+ for (var = sudo_conf_table_vars; var->name != NULL; var++) {
+ if (strncmp(entry, var->name, var->namelen) == 0 &&
+ isblank((unsigned char)entry[var->namelen])) {
+ entry += var->namelen + 1;
+ while (isblank((unsigned char)*entry))
+ entry++;
+ var->setter(entry);
+ break;
}
}
- return true;
+}
+
+static void
+set_var_disable_coredump(const char *entry)
+{
+ sudo_conf_data.disable_coredump = atobool(entry);
+}
+
+static void
+set_var_group_source(const char *entry)
+{
+ if (strcasecmp(entry, "adaptive") == 0) {
+ sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE;
+ } else if (strcasecmp(entry, "static") == 0) {
+ sudo_conf_data.group_source = GROUP_SOURCE_STATIC;
+ } else if (strcasecmp(entry, "dynamic") == 0) {
+ sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC;
+ } else {
+ warningx(_("unsupported group source `%s' in %s, line %d"), entry,
+ _PATH_SUDO_CONF, lineno);
+ }
+}
+
+static void
+set_var_max_groups(const char *entry)
+{
+ long lval;
+ char *ep;
+
+ lval = strtol(entry, &ep, 10);
+ if (*entry == '\0' || *ep != '\0' || lval < 0 || lval > INT_MAX ||
+ (errno == ERANGE && lval == LONG_MAX)) {
+ warningx(_("invalid max groups `%s' in %s, line %d"), entry,
+ _PATH_SUDO_CONF, lineno);
+ } else {
+ sudo_conf_data.max_groups = (int)lval;
+ }
}
/*
* "Debug progname debug_file debug_flags"
*/
-static bool
+static void
set_debug(const char *entry)
{
size_t filelen, proglen;
proglen = strlen(progname);
if (strncmp(entry, progname, proglen) != 0 ||
!isblank((unsigned char)entry[proglen]))
- return false;
+ return;
entry += proglen + 1;
while (isblank((unsigned char)*entry))
entry++;
debug_flags = strpbrk(entry, " \t");
if (debug_flags == NULL)
- return false;
+ return;
filelen = (size_t)(debug_flags - entry);
while (isblank((unsigned char)*debug_flags))
debug_flags++;
efree(debug_file);
sudo_conf_data.debug_flags = debug_flags;
-
- return true;
}
-static bool
+static void
set_path(const char *entry)
{
const char *name, *path;
name = entry;
path = strpbrk(entry, " \t");
if (path == NULL)
- return false;
+ return;
while (isblank((unsigned char)*path))
path++;
break;
}
}
-
- return true;
}
-static bool
+static void
set_plugin(const char *entry)
{
struct plugin_info *info;
name = entry;
path = strpbrk(entry, " \t");
if (path == NULL)
- return false;
+ return;
namelen = (size_t)(path - name);
while (isblank((unsigned char)*path))
path++;
/* info->next = NULL; */
info->lineno = lineno;
tq_append(&sudo_conf_data.plugins, info);
-
- return true;
}
const char *
return sudo_conf_data.group_source;
}
+int
+sudo_conf_max_groups(void)
+{
+ return sudo_conf_data.max_groups;
+}
+
struct plugin_info_list *
sudo_conf_plugins(void)
{
cp += cur->namelen;
while (isblank((unsigned char)*cp))
cp++;
- if (cur->setter(cp))
- break;
+ cur->setter(cp);
+ break;
}
}
}
if (prev_locale[0] != 'C' || prev_locale[1] != '\0')
setlocale(LC_ALL, prev_locale);
efree(prev_locale);
- return;
}
This setting is only available in s\bsu\bud\bdo\bo version 1.8.7 and
higher.
+ max_groups
+ The maximum number of user groups to retrieve from the group
+ database. This setting is only used when querying the group
+ database directly. It is intended to be used on systems where
+ it is not possible to detect when the array to be populated
+ with group entries is not sufficiently large. By default, s\bsu\bud\bdo\bo
+ will allocate four times the system's maximum number of groups
+ (see above) and retry with double that number if the group
+ database query fails. However, some systems just return as
+ many entries as will fit and do not indicate an error when
+ there is a lack of space.
+
+ This setting is only available in s\bsu\bud\bdo\bo version 1.8.7 and
+ higher.
+
D\bDe\beb\bbu\bug\bg f\bfl\bla\bag\bgs\bs
s\bsu\bud\bdo\bo versions 1.8.4 and higher support a flexible debugging framework
that can help track down what s\bsu\bud\bdo\bo is doing internally if there is a
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo front end configuration
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- #
- # Default /etc/sudo.conf file
- #
- # Format:
- # Plugin plugin_name plugin_path plugin_options ...
- # Path askpass /path/to/askpass
- # Path noexec /path/to/sudo_noexec.so
- # Debug sudo /var/log/sudo_debug all@warn
- # Set disable_coredump true
- #
- # The plugin_path is relative to /usr/local/libexec/sudo unless
- # fully qualified.
- # The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface structure.
- # The plugin_options are optional.
- #
- # The sudoers plugin is used by default if no Plugin lines are
- # present.
- Plugin policy_plugin sudoers.so
- Plugin io_plugin sudoers.so
+ # # Default /etc/sudo.conf file # # Format: # Plugin
+ plugin_name plugin_path plugin_options ... # Path askpass
+ /path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug
+ sudo /var/log/sudo_debug all@warn # Set disable_coredump true #
+ # The plugin_path is relative to /usr/local/libexec/sudo unless # fully
+ qualified. # The plugin_name corresponds to a global symbol in the
+ plugin # that contains the plugin interface structure. # The
+ plugin_options are optional. # # The sudoers plugin is used by
+ default if no Plugin lines are # present. Plugin policy_plugin
+ sudoers.so Plugin io_plugin sudoers.so
#
# Sudo askpass:
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.7 February 7, 2013 Sudo 1.8.7
+Sudo 1.8.7 February 14, 2013 Sudo 1.8.7
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDO" "5" "February 7, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO" "5" "February 14, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
This setting is only available in
\fBsudo\fR
version 1.8.7 and higher.
+.PP
.RE
+.PD 0
+.TP 10n
+max_groups
+The maximum number of user groups to retrieve from the group database.
+This setting is only used when querying the group database directly.
+It is intended to be used on systems where it is not possible to detect
+when the array to be populated with group entries is not sufficiently large.
+By default,
+\fBsudo\fR
+will allocate four times the system's maximum number of groups (see above)
+and retry with double that number if the group database query fails.
+However, some systems just return as many entries as will fit and
+do not indicate an error when there is a lack of space.
+.sp
+This setting is only available in
+\fBsudo\fR
+version 1.8.7 and higher.
+.PD
.SS "Debug flags"
\fBsudo\fR
versions 1.8.4 and higher support a flexible debugging framework
\fRDebug\fR
keyword, followed by the name of the program (or plugin) to debug
(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR, \fBsudoers\fR),
-the debug file name and a comma-separated list of debug flags.
-The debug flag syntax used by
+the debug file name and a comma-separated list of debug flags. The
+debug flag syntax used by
\fBsudo\fR
and the
\fBsudoers\fR
.PP
Currently, only one
\fRDebug\fR
-entry per program is supported.
-The
+entry per program is supported. The
\fBsudo\fR
\fRDebug\fR
entry is shared by the
\fBsudo\fR
front end,
\fBsudoedit\fR
-and the plugins.
-A future release may add support for per-plugin
+and the plugins. A future release may add support for per-plugin
\fRDebug\fR
lines and/or support for multiple debugging files for a single
program.
and
\fIdebug\fR.
Each priority, when specified, also includes all priorities higher
-than it.
-For example, a priority of
+than it. For example, a priority of
\fInotice\fR
would include debug messages logged at
\fInotice\fR
.SH "EXAMPLES"
.nf
.RS 0n
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @PLUGINDIR@ unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-# The sudoers plugin is used by default if no Plugin lines are
-# present.
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
+# # Default @sysconfdir@/sudo.conf file # # Format: # Plugin
+plugin_name plugin_path plugin_options ... # Path askpass
+/path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug
+sudo /var/log/sudo_debug all@warn # Set disable_coredump true #
+# The plugin_path is relative to @PLUGINDIR@ unless # fully
+qualified. # The plugin_name corresponds to a global symbol in the
+plugin # that contains the plugin interface structure. # The
+plugin_options are optional. # # The sudoers plugin is used by
+default if no Plugin lines are # present. Plugin policy_plugin
+sudoers.so Plugin io_plugin sudoers.so
#
# Sudo askpass:
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 7, 2013
+.Dd February 14, 2013
.Dt SUDO @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
This setting is only available in
.Nm sudo
version 1.8.7 and higher.
+.It max_groups
+The maximum number of user groups to retrieve from the group database.
+This setting is only used when querying the group database directly.
+It is intended to be used on systems where it is not possible to detect
+when the array to be populated with group entries is not sufficiently large.
+By default,
+.Nm sudo
+will allocate four times the system's maximum number of groups (see above)
+and retry with double that number if the group database query fails.
+However, some systems just return as many entries as will fit and
+do not indicate an error when there is a lack of space.
+.Pp
+This setting is only available in
+.Nm sudo
+version 1.8.7 and higher.
.El
.Ss Debug flags
.Nm sudo
.Li Debug
keyword, followed by the name of the program (or plugin) to debug
.Pq Nm sudo , Nm visudo , Nm sudoreplay , Nm sudoers ,
-the debug file name and a comma-separated list of debug flags.
-The debug flag syntax used by
+the debug file name and a comma-separated list of debug flags. The
+debug flag syntax used by
.Nm sudo
and the
.Nm sudoers
.Pp
Currently, only one
.Li Debug
-entry per program is supported.
-The
+entry per program is supported. The
.Nm sudo
.Li Debug
entry is shared by the
.Nm sudo
front end,
.Nm sudoedit
-and the plugins.
-A future release may add support for per-plugin
+and the plugins. A future release may add support for per-plugin
.Li Debug
lines and/or support for multiple debugging files for a single
program.
and
.Em debug .
Each priority, when specified, also includes all priorities higher
-than it.
-For example, a priority of
+than it. For example, a priority of
.Em notice
would include debug messages logged at
.Em notice
.El
.Sh EXAMPLES
.Bd -literal
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @PLUGINDIR@ unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-# The sudoers plugin is used by default if no Plugin lines are
-# present.
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
+# # Default @sysconfdir@/sudo.conf file # # Format: # Plugin
+plugin_name plugin_path plugin_options ... # Path askpass
+/path/to/askpass # Path noexec /path/to/sudo_noexec.so # Debug
+sudo /var/log/sudo_debug all@warn # Set disable_coredump true #
+# The plugin_path is relative to @PLUGINDIR@ unless # fully
+qualified. # The plugin_name corresponds to a global symbol in the
+plugin # that contains the plugin interface structure. # The
+plugin_options are optional. # # The sudoers plugin is used by
+default if no Plugin lines are # present. Plugin policy_plugin
+sudoers.so Plugin io_plugin sudoers.so
#
# Sudo askpass:
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
struct plugin_info_list *sudo_conf_plugins(void);
bool sudo_conf_disable_coredump(void);
int sudo_conf_group_source(void);
+int sudo_conf_max_groups(void);
#endif /* _SUDO_CONF_H */
projects / sudo / commitdiff