Remove support for noexec_file in sudoers and the plugin API

diff --git a/doc/sudoers.pod b/doc/sudoers.pod
index 71bb5d532035efcef2ef5772b5c6e52e965c9a81..9418542cb5b1ef0c32b66eea4289fee006af8a84 100644 (file)
--- a/doc/sudoers.pod
+++ b/doc/sudoers.pod
@@ -1275,9 +1275,8 @@ Default is C<@mailsub@>.
 
 =item noexec_file
 
-This option is deprecated and will be removed in a future release
-of B<sudo>.  The path to the noexec file should now be set in the
-F<@sysconfdir@/sudo.conf> file.
+This option is no longer supported.  The path to the noexec file
+should now be set in the F<@sysconfdir@/sudo.conf> file.
 
 =item passprompt
 

diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index 46097c923441cd8513f6aafbca691da489a9a36f..11774e54be111a012ab40735c80ed58f0540f930 100644 (file)
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -240,11 +240,7 @@ struct sudo_defs_types sudo_defs_table[] = {
        def_data_verifypw,
     }, {
        "noexec", T_FLAG,
-       N_("Preload the dummy exec functions contained in 'noexec_file'"),
-       NULL,
-    }, {
-       "noexec_file", T_STR|T_PATH,
-       N_("File containing dummy exec functions: %s"),
+       N_("Preload the dummy exec functions contained in \"_PATH_SUDO_NOEXEC"),
        NULL,
     }, {
        "ignore_local_sudoers", T_FLAG,

diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index f41f7cdd538e6b7d9aa81cd05ce435ce4cf79479..43c2b96a656b5cbfc5e6acc0dcbb23e41ea78d03 100644 (file)
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -108,58 +108,56 @@
 #define I_VERIFYPW              53
 #define def_noexec              (sudo_defs_table[54].sd_un.flag)
 #define I_NOEXEC                54
-#define def_noexec_file         (sudo_defs_table[55].sd_un.str)
-#define I_NOEXEC_FILE           55
-#define def_ignore_local_sudoers (sudo_defs_table[56].sd_un.flag)
-#define I_IGNORE_LOCAL_SUDOERS  56
-#define def_closefrom           (sudo_defs_table[57].sd_un.ival)
-#define I_CLOSEFROM             57
-#define def_closefrom_override  (sudo_defs_table[58].sd_un.flag)
-#define I_CLOSEFROM_OVERRIDE    58
-#define def_setenv              (sudo_defs_table[59].sd_un.flag)
-#define I_SETENV                59
-#define def_env_reset           (sudo_defs_table[60].sd_un.flag)
-#define I_ENV_RESET             60
-#define def_env_check           (sudo_defs_table[61].sd_un.list)
-#define I_ENV_CHECK             61
-#define def_env_delete          (sudo_defs_table[62].sd_un.list)
-#define I_ENV_DELETE            62
-#define def_env_keep            (sudo_defs_table[63].sd_un.list)
-#define I_ENV_KEEP              63
-#define def_role                (sudo_defs_table[64].sd_un.str)
-#define I_ROLE                  64
-#define def_type                (sudo_defs_table[65].sd_un.str)
-#define I_TYPE                  65
-#define def_env_file            (sudo_defs_table[66].sd_un.str)
-#define I_ENV_FILE              66
-#define def_sudoers_locale      (sudo_defs_table[67].sd_un.str)
-#define I_SUDOERS_LOCALE        67
-#define def_visiblepw           (sudo_defs_table[68].sd_un.flag)
-#define I_VISIBLEPW             68
-#define def_pwfeedback          (sudo_defs_table[69].sd_un.flag)
-#define I_PWFEEDBACK            69
-#define def_fast_glob           (sudo_defs_table[70].sd_un.flag)
-#define I_FAST_GLOB             70
-#define def_umask_override      (sudo_defs_table[71].sd_un.flag)
-#define I_UMASK_OVERRIDE        71
-#define def_log_input           (sudo_defs_table[72].sd_un.flag)
-#define I_LOG_INPUT             72
-#define def_log_output          (sudo_defs_table[73].sd_un.flag)
-#define I_LOG_OUTPUT            73
-#define def_compress_io         (sudo_defs_table[74].sd_un.flag)
-#define I_COMPRESS_IO           74
-#define def_use_pty             (sudo_defs_table[75].sd_un.flag)
-#define I_USE_PTY               75
-#define def_group_plugin        (sudo_defs_table[76].sd_un.str)
-#define I_GROUP_PLUGIN          76
-#define def_iolog_dir           (sudo_defs_table[77].sd_un.str)
-#define I_IOLOG_DIR             77
-#define def_iolog_file          (sudo_defs_table[78].sd_un.str)
-#define I_IOLOG_FILE            78
-#define def_set_utmp            (sudo_defs_table[79].sd_un.flag)
-#define I_SET_UTMP              79
-#define def_utmp_runas          (sudo_defs_table[80].sd_un.flag)
-#define I_UTMP_RUNAS            80
+#define def_ignore_local_sudoers (sudo_defs_table[55].sd_un.flag)
+#define I_IGNORE_LOCAL_SUDOERS  55
+#define def_closefrom           (sudo_defs_table[56].sd_un.ival)
+#define I_CLOSEFROM             56
+#define def_closefrom_override  (sudo_defs_table[57].sd_un.flag)
+#define I_CLOSEFROM_OVERRIDE    57
+#define def_setenv              (sudo_defs_table[58].sd_un.flag)
+#define I_SETENV                58
+#define def_env_reset           (sudo_defs_table[59].sd_un.flag)
+#define I_ENV_RESET             59
+#define def_env_check           (sudo_defs_table[60].sd_un.list)
+#define I_ENV_CHECK             60
+#define def_env_delete          (sudo_defs_table[61].sd_un.list)
+#define I_ENV_DELETE            61
+#define def_env_keep            (sudo_defs_table[62].sd_un.list)
+#define I_ENV_KEEP              62
+#define def_role                (sudo_defs_table[63].sd_un.str)
+#define I_ROLE                  63
+#define def_type                (sudo_defs_table[64].sd_un.str)
+#define I_TYPE                  64
+#define def_env_file            (sudo_defs_table[65].sd_un.str)
+#define I_ENV_FILE              65
+#define def_sudoers_locale      (sudo_defs_table[66].sd_un.str)
+#define I_SUDOERS_LOCALE        66
+#define def_visiblepw           (sudo_defs_table[67].sd_un.flag)
+#define I_VISIBLEPW             67
+#define def_pwfeedback          (sudo_defs_table[68].sd_un.flag)
+#define I_PWFEEDBACK            68
+#define def_fast_glob           (sudo_defs_table[69].sd_un.flag)
+#define I_FAST_GLOB             69
+#define def_umask_override      (sudo_defs_table[70].sd_un.flag)
+#define I_UMASK_OVERRIDE        70
+#define def_log_input           (sudo_defs_table[71].sd_un.flag)
+#define I_LOG_INPUT             71
+#define def_log_output          (sudo_defs_table[72].sd_un.flag)
+#define I_LOG_OUTPUT            72
+#define def_compress_io         (sudo_defs_table[73].sd_un.flag)
+#define I_COMPRESS_IO           73
+#define def_use_pty             (sudo_defs_table[74].sd_un.flag)
+#define I_USE_PTY               74
+#define def_group_plugin        (sudo_defs_table[75].sd_un.str)
+#define I_GROUP_PLUGIN          75
+#define def_iolog_dir           (sudo_defs_table[76].sd_un.str)
+#define I_IOLOG_DIR             76
+#define def_iolog_file          (sudo_defs_table[77].sd_un.str)
+#define I_IOLOG_FILE            77
+#define def_set_utmp            (sudo_defs_table[78].sd_un.flag)
+#define I_SET_UTMP              78
+#define def_utmp_runas          (sudo_defs_table[79].sd_un.flag)
+#define I_UTMP_RUNAS            79
 
 enum def_tuple {
        never,

diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index 46b4692b6d75be785a5ca46cea3401e97d102ba1..e81e691f88fd0db8fa2b2f329cb996182b070822 100644 (file)
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -177,10 +177,7 @@ verifypw
        never all any always
 noexec
        T_FLAG
-       "Preload the dummy exec functions contained in 'noexec_file'"
-noexec_file
-       T_STR|T_PATH
-       "File containing dummy exec functions: %s"
+       "Preload the dummy exec functions contained in "_PATH_SUDO_NOEXEC
 ignore_local_sudoers
        T_FLAG
        "If LDAP directory is up, do we ignore local sudoers file"

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index dd6121a3f46e67aa48a8a7c4b884e75e2088935a..30d3a40898d68e1263c7d82d0323e1c5d3c77725 100644 (file)
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -658,8 +658,6 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
        easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom);
     if (def_noexec)
        command_info[info_len++] = estrdup("noexec=true");
-    if (def_noexec_file)
-       command_info[info_len++] = fmt_string("noexec_file", def_noexec_file);
     if (def_set_utmp)
        command_info[info_len++] = estrdup("set_utmp=true");
     if (def_use_pty)

diff --git a/src/sudo.c b/src/sudo.c
index e7924cdba294b9771bce41bca9092ac3db1e7127..52299537cb70ddf1ce1fcaa5d7f5b15e59403e55 100644 (file)
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -566,13 +566,6 @@ command_info_to_details(char * const info[], struct command_details *details)
                        SET(details->flags, CD_NOEXEC);
                    break;
                }
-#ifdef _PATH_SUDO_NOEXEC
-               /* XXX - deprecated */
-               if (strncmp("noexec_file=", info[i], sizeof("noexec_file=") - 1) == 0) {
-                   noexec_path = info[i] + sizeof("noexec_file=") - 1;
-                   break;
-               }
-#endif /* _PATH_SUDO_NOEXEC */
                break;
            case 'p':
                if (strncmp("preserve_groups=", info[i], sizeof("preserve_groups=") - 1) == 0) {