{ NULL }
};
+/* Flags for set_default_entry() and set_default_int() */
+#define FLAG_DO_CALLBACK 0x01
+#define FLAG_QUIET 0x02
+
/*
* Local prototypes.
*/
static bool
set_default_entry(struct sudo_defs_types *def, const char *val, int op,
- bool quiet, bool do_callback)
+ const char *file, int lineno, int flags)
{
int rc;
debug_decl(set_default_entry, SUDOERS_DEBUG_DEFAULTS)
if (val == NULL && !ISSET(def->type, T_FLAG)) {
/* Check for bogus boolean usage or missing value if non-boolean. */
if (!ISSET(def->type, T_BOOL) || op != false) {
- if (!quiet)
- sudo_warnx(U_("no value specified for `%s'"), def->name);
+ if (!ISSET(flags, FLAG_QUIET)) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d no value specified for `%s'"),
+ file, lineno, def->name);
+ } else {
+ sudo_warnx(U_("%s: no value specified for `%s'"),
+ file, def->name);
+ }
+ }
debug_return_bool(false);
}
}
break;
case T_STR:
if (ISSET(def->type, T_PATH) && val != NULL && *val != '/') {
- if (!quiet) {
- sudo_warnx(U_("values for `%s' must start with a '/'"),
- def->name);
+ if (!ISSET(flags, FLAG_QUIET)) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d values for `%s' must start with a '/'"),
+ file, lineno, def->name);
+ } else {
+ sudo_warnx(U_("%s: values for `%s' must start with a '/'"),
+ file, def->name);
+ }
}
rc = -1;
break;
break;
case T_FLAG:
if (val != NULL) {
- if (!quiet) {
- sudo_warnx(U_("option `%s' does not take a value"),
- def->name);
+ if (!ISSET(flags, FLAG_QUIET)) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d option `%s' does not take a value"),
+ file, lineno, def->name);
+ } else {
+ sudo_warnx(U_("%s: option `%s' does not take a value"),
+ file, def->name);
+ }
}
rc = -1;
break;
rc = store_tuple(val, def);
break;
default:
- if (!quiet) {
- sudo_warnx(U_("invalid Defaults type 0x%x for option `%s'"),
- def->type, def->name);
+ if (!ISSET(flags, FLAG_QUIET)) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d invalid Defaults type 0x%x for option `%s'"),
+ file, lineno, def->type, def->name);
+ } else {
+ sudo_warnx(U_("%s: invalid Defaults type 0x%x for option `%s'"),
+ file, def->type, def->name);
+ }
}
rc = -1;
break;
rc = false;
break;
case false:
- if (!quiet) {
- sudo_warnx(U_("value `%s' is invalid for option `%s'"),
- val, def->name);
+ if (!ISSET(flags, FLAG_QUIET)) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d value `%s' is invalid for option `%s'"),
+ file, lineno, val, def->name);
+ } else {
+ sudo_warnx(U_("%s: value `%s' is invalid for option `%s'"),
+ file, val, def->name);
+ }
}
break;
case true:
- if (do_callback && def->callback)
+ if (ISSET(flags, FLAG_DO_CALLBACK) && def->callback)
rc = def->callback(&def->sd_un);
break;
}
* This is only meaningful for variables that are *optional*.
*/
static struct sudo_defs_types *
-set_default_int(const char *var, const char *val, int op, bool quiet,
- bool do_callback)
+set_default_int(const char *var, const char *val, int op, const char *file,
+ int lineno, int flags)
{
struct sudo_defs_types *cur;
int num;
break;
}
if (!cur->name) {
- if (!quiet)
- sudo_warnx(U_("unknown defaults entry `%s'"), var);
+ if (!ISSET(flags, FLAG_QUIET)) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d unknown defaults entry `%s'"),
+ file, lineno, var);
+ } else {
+ sudo_warnx(U_("%s: unknown defaults entry `%s'"),
+ file, var);
+ }
+ }
debug_return_ptr(NULL);
}
- if (!set_default_entry(cur, val, op, quiet, do_callback))
+ if (!set_default_entry(cur, val, op, file, lineno, flags))
debug_return_ptr(NULL);
debug_return_ptr(cur);
}
* Runs the callback if present on success.
*/
bool
-set_default(const char *var, const char *val, int op, bool quiet)
+set_default(const char *var, const char *val, int op, const char *file,
+ int lineno, bool quiet)
{
const struct sudo_defs_types *def;
+ int flags = FLAG_DO_CALLBACK;
debug_decl(set_default, SUDOERS_DEBUG_DEFAULTS)
- def = set_default_int(var, val, op, quiet, true);
+ if (quiet)
+ SET(flags, FLAG_QUIET);
+ def = set_default_int(var, val, op, file, lineno, flags);
debug_return_bool(def != NULL);
}
* and does not run callbacks.
*/
bool
-set_early_default(const char *var, const char *val, int op, bool quiet,
- struct early_default *early)
+set_early_default(const char *var, const char *val, int op, const char *file,
+ int lineno, bool quiet, struct early_default *early)
{
const struct sudo_defs_types *def;
+ int flags = 0;
debug_decl(set_early_default, SUDOERS_DEBUG_DEFAULTS)
- def = set_default_int(var, val, op, quiet, false);
+ if (quiet)
+ SET(flags, FLAG_QUIET);
+ def = set_default_int(var, val, op, file, lineno, flags);
if (def == NULL)
debug_return_bool(false);
early->def = def;
if (!default_type_matches(def, what) ||
!default_binding_matches(def, what))
continue;
- if (!set_early_default(def->var, def->val, def->op, quiet, early))
+ if (!set_early_default(def->var, def->val, def->op, "sudoers", 0, quiet, early))
ret = false;
}
if (!run_early_defaults())
if (!default_type_matches(def, what) ||
!default_binding_matches(def, what))
continue;
- if (!set_default(def->var, def->val, def->op, quiet))
+ if (!set_default(def->var, def->val, def->op, "sudoers", 0, quiet))
ret = false;
}
debug_return_bool(ret);
* Check a defaults entry without actually setting it.
*/
bool
-check_default(struct defaults *def, bool quiet)
+check_default(const char *var, const char *val, int op, const char *file,
+ int lineno, bool quiet)
{
struct sudo_defs_types *cur;
bool ret = true;
+ int flags = 0;
debug_decl(check_default, SUDOERS_DEBUG_DEFAULTS)
+ if (quiet)
+ SET(flags, FLAG_QUIET);
for (cur = sudo_defs_table; cur->name != NULL; cur++) {
- if (strcmp(def->var, cur->name) == 0) {
+ if (strcmp(var, cur->name) == 0) {
/* Don't actually set the defaults value, just checking. */
struct sudo_defs_types tmp = *cur;
memset(&tmp.sd_un, 0, sizeof(tmp.sd_un));
- if (!set_default_entry(&tmp, def->val, def->op, quiet, false))
+ if (!set_default_entry(&tmp, val, op, file, lineno, flags))
ret = false;
free_default(&tmp);
break;
}
}
if (cur->name == NULL) {
- if (!quiet)
- sudo_warnx(U_("unknown defaults entry `%s'"), def->var);
+ if (!quiet) {
+ if (lineno > 0) {
+ sudo_warnx(U_("%s:%d unknown defaults entry `%s'"),
+ file, lineno, var);
+ } else {
+ sudo_warnx(U_("%s: unknown defaults entry `%s'"),
+ file, var);
+ }
+ }
ret = false;
}
debug_return_bool(ret);
struct sudo_lbuf *lbuf);
static struct ldap_result *sudo_ldap_result_get(struct sudo_nss *nss,
struct passwd *pw);
+static char *sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry);
/*
* LDAP sudo_nss handle.
sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
{
struct berval **bv, **p;
- char *copy, *var, *val;
+ char *cn, *copy, *var, *val, *source = NULL;
bool ret = false;
int op;
debug_decl(sudo_ldap_parse_options, SUDOERS_DEBUG_LDAP)
if (bv == NULL)
debug_return_bool(true);
+ /* get the entry's dn for option error reporting */
+ cn = sudo_ldap_get_first_rdn(ld, entry);
+ if (cn != NULL) {
+ if (asprintf(&source, "sudoRole %s", cn) == -1) {
+ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+ source = NULL;
+ goto done;
+ }
+ }
+
/* walk through options, early ones first */
for (p = bv; *p != NULL; p++) {
struct early_default *early;
}
op = sudo_ldap_parse_option(copy, &var, &val);
early = is_early_default(var);
- if (early != NULL)
- set_early_default(var, val, op, false, early);
+ if (early != NULL) {
+ set_early_default(var, val, op,
+ source ? source : "sudoRole UNKNOWN", 0, false, early);
+ }
free(copy);
}
run_early_defaults();
goto done;
}
op = sudo_ldap_parse_option(copy, &var, &val);
- if (is_early_default(var) == NULL)
- set_default(var, val, op, false);
+ if (is_early_default(var) == NULL) {
+ set_default(var, val, op,
+ source ? source : "sudoRole UNKNOWN", 0, false);
+ }
free(copy);
}
ret = true;
done:
+ free(source);
+ if (cn)
+ ldap_memfree(cn);
ldap_value_free_len(bv);
debug_return_bool(ret);
sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule)
{
int i, op;
- char *copy, *var, *val;
+ char *copy, *var, *val, *source = NULL;
bool ret = false;
char **val_array = NULL;
+ char **cn_array = NULL;
debug_decl(sudo_sss_parse_options, SUDOERS_DEBUG_SSSD);
if (rule == NULL)
debug_return_bool(false);
}
+ /* get the entry's cn for option error reporting */
+ if (handle->fn_get_values(rule, "cn", &cn_array) == 0) {
+ if (cn_array[0] != NULL) {
+ if (asprintf(&source, "sudoRole %s", cn_array[0]) == -1) {
+ sudo_warnx(U_("%s: %s"), __func__,
+ U_("unable to allocate memory"));
+ source = NULL;
+ goto done;
+ }
+ }
+ handle->fn_free_values(cn_array);
+ cn_array = NULL;
+ }
+
/* walk through options, early ones first */
for (i = 0; val_array[i] != NULL; i++) {
struct early_default *early;
}
op = sudo_sss_parse_option(copy, &var, &val);
early = is_early_default(var);
- if (early != NULL)
- set_early_default(var, val, op, false, early);
+ if (early != NULL) {
+ set_early_default(var, val, op,
+ source ? source : "sudoRole UNKNOWN", 0, false, early);
+ }
free(copy);
}
run_early_defaults();
goto done;
}
op = sudo_sss_parse_option(copy, &var, &val);
- if (is_early_default(var) == NULL)
- set_default(var, val, op, false);
+ if (is_early_default(var) == NULL) {
+ set_default(var, val, op,
+ source ? source : "sudoRole UNKNOWN", 0, false);
+ }
free(copy);
}
ret = true;
done:
+ free(source);
handle->fn_free_values(val_array);
debug_return_bool(ret);
}
projects / sudo / commitdiff