From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 17 Aug 2012 14:31:34 +0000 (-0400)
Subject: Add new check_defaults() function to check (but not update) the
X-Git-Tag: SUDO_1_7_10~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8337a94a612c7227fe8cfa9f56865db43f177a5d;p=sudo

Add new check_defaults() function to check (but not update) the
Defaults entries. Visudo can now use this instead of update_defaults
to check all the defaults regardless instead of just the global
Defaults entries.

--HG--
branch : 1.7
---

diff --git a/defaults.c b/defaults.c
index f311a1bf1..92e2ed629 100644
--- a/defaults.c
+++ b/defaults.c
@@ -552,6 +552,55 @@ update_defaults(what)
     return rc;
 }
 
+/*
+ * Check the defaults entries without actually setting them.
+ * Pass in an OR'd list of which default types to check.
+ */
+int
+check_defaults(what, quiet)
+    int what;
+    int quiet;
+{
+    struct sudo_defs_types *cur;
+    struct defaults *def;
+    int rc = TRUE;
+
+    tq_foreach_fwd(&defaults, def) {
+	switch (def->type) {
+	    case DEFAULTS:
+		if (!ISSET(what, SETDEF_GENERIC))
+		    continue;
+		break;
+	    case DEFAULTS_USER:
+		if (!ISSET(what, SETDEF_USER))
+		    continue;
+		break;
+	    case DEFAULTS_RUNAS:
+		if (!ISSET(what, SETDEF_RUNAS))
+		    continue;
+		break;
+	    case DEFAULTS_HOST:
+		if (!ISSET(what, SETDEF_HOST))
+		    continue;
+		break;
+	    case DEFAULTS_CMND:
+		if (!ISSET(what, SETDEF_CMND))
+		    continue;
+		break;
+	}
+	for (cur = sudo_defs_table; cur->name != NULL; cur++) {
+	    if (strcmp(def->var, cur->name) == 0)
+		break;
+	}
+	if (cur->name == NULL) {
+	    if (!quiet)
+		warningx("unknown defaults entry `%s'", def->var);
+	    rc = FALSE;
+	}
+    }
+    return rc;
+}
+
 static int
 store_int(val, def, op)
     char *val;
diff --git a/defaults.h b/defaults.h
index 837d453c9..9b20a67c4 100644
--- a/defaults.h
+++ b/defaults.h
@@ -93,7 +93,7 @@ struct sudo_defs_types {
 #define T_PATH		0x200
 
 /*
- * Argument to update_defaults()
+ * Argument to update_defaults() and check_defaults()
  */
 #define SETDEF_GENERIC	0x01
 #define	SETDEF_HOST	0x02
@@ -107,6 +107,7 @@ struct sudo_defs_types {
  */
 int set_default		__P((char *, char *, int));
 int update_defaults	__P((int));
+int check_defaults	__P((int, int));
 void dump_default	__P((void));
 void dump_defaults	__P((void));
 void init_defaults	__P((void));
diff --git a/visudo.c b/visudo.c
index 1ca6a55b0..db8d53466 100644
--- a/visudo.c
+++ b/visudo.c
@@ -479,10 +479,10 @@ reparse_sudoers(editor, args, strict, quiet)
 	}
 	fclose(yyin);
 	if (!parse_error) {
-	    if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER) ||
+	    if (!check_defaults(SETDEF_ALL, quiet) ||
 		check_aliases(strict, quiet) != 0) {
 		parse_error = TRUE;
-		errorfile = sp->path;
+		errorfile = NULL;
 	    }
 	}
 
@@ -503,10 +503,11 @@ reparse_sudoers(editor, args, strict, quiet)
 	    tq_foreach_fwd(&sudoerslist, sp) {
 		if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
 		    edit_sudoers(sp, editor, args, errorlineno);
-		    break;
+		    if (errorfile != NULL)
+			break;
 		}
 	    }
-	    if (sp == NULL)
+	    if (errorfile != NULL && sp == NULL)
 		errorx(1, "internal error, can't find %s in list!", sudoers);
 	}
 
@@ -777,9 +778,12 @@ check_syntax(sudoers_path, quiet, strict)
 	parse_error = TRUE;
 	errorfile = sudoers_path;
     }
-    if (!parse_error && check_aliases(strict, quiet) != 0) {
-	parse_error = TRUE;
-	errorfile = sudoers_path;
+    if (!parse_error) {
+	if (!check_defaults(SETDEF_ALL, quiet) ||
+	    check_aliases(strict, quiet) != 0) {
+	    parse_error = TRUE;
+	    errorfile = NULL;
+	}
     }
     error = parse_error;
     if (!quiet) {