From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sat, 1 Nov 2008 13:20:01 +0000 (+0000)
Subject: Defer setting runas defaults until after runaspw/gr is setup.
X-Git-Tag: SUDO_1_7_0~66
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8ba6fa2ae31e53413d5ebc457cd92a6a8a68f43f;p=sudo

Defer setting runas defaults until after runaspw/gr is setup.
---

diff --git a/defaults.h b/defaults.h
index 7e547f8aa..827632c4d 100644
--- a/defaults.h
+++ b/defaults.h
@@ -93,9 +93,12 @@ struct sudo_defs_types {
 /*
  * Argument to update_defaults()
  */
-#define	SKIP_CMND	1
-#define	ONLY_CMND	0
-#define	SET_ALL		-1
+#define SETDEF_GENERIC	0x01
+#define	SETDEF_HOST	0x02
+#define	SETDEF_USER	0x04
+#define	SETDEF_RUNAS	0x08
+#define	SETDEF_CMND	0x10
+#define SETDEF_ALL	(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS|SETDEF_CMND)
 
 /*
  * Prototypes
diff --git a/parse.c b/parse.c
index 6e9ffcd99..c58ac38ad 100644
--- a/parse.c
+++ b/parse.c
@@ -133,37 +133,42 @@ sudo_file_parse(nss)
  * Returns TRUE on success and FALSE on failure.
  */
 int
-update_defaults(skip_cmnd)
-    int skip_cmnd;
+update_defaults(what)
+    int what;
 {
     struct defaults *def;
 
     tq_foreach_fwd(&defaults, def) {
-	if (skip_cmnd == (def->type == DEFAULTS_CMND))
-	    continue;
 	switch (def->type) {
 	    case DEFAULTS:
-		if (!set_default(def->var, def->val, def->op))
+		if (ISSET(what, SETDEF_GENERIC) &&
+		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
+		break;
 	    case DEFAULTS_USER:
-		if (userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
+		if (ISSET(what, SETDEF_USER) &&
+		    userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
 		break;
 	    case DEFAULTS_RUNAS:
-		if (runaslist_matches(&def->binding, NULL) == ALLOW &&
+		if (ISSET(what, SETDEF_RUNAS) &&
+		    runaslist_matches(&def->binding, NULL) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
 		break;
 	    case DEFAULTS_HOST:
-		if (hostlist_matches(&def->binding) == ALLOW &&
+		if (ISSET(what, SETDEF_HOST) &&
+		    hostlist_matches(&def->binding) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
 		break;
 	    case DEFAULTS_CMND:
-		if (cmndlist_matches(&def->binding) == ALLOW &&
+		if (ISSET(what, SETDEF_CMND) &&
+		    cmndlist_matches(&def->binding) == ALLOW &&
 		    !set_default(def->var, def->val, def->op))
 		    return(FALSE);
+		break;
 	}
     }
     return(TRUE);
@@ -179,7 +184,7 @@ sudo_file_setdefs(nss)
     if (nss->handle == NULL)
 	return(-1);
 
-    if (!update_defaults(SKIP_CMND))
+    if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER))
 	return(-1);
     return(0);
 }
diff --git a/sudo.c b/sudo.c
index 8c3c73e54..17de1116f 100644
--- a/sudo.c
+++ b/sudo.c
@@ -293,6 +293,9 @@ main(argc, argv, envp)
     } else
 	set_runaspw(runas_user ? runas_user : def_runas_default);
 
+    if (!update_defaults(SETDEF_RUNAS))
+	log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
+
     /* Set login class if applicable. */
     set_loginclass(sudo_user.pw);
 
@@ -807,7 +810,7 @@ set_cmnd(sudo_mode)
     else
 	user_base = user_cmnd;
 
-    if (!update_defaults(ONLY_CMND))
+    if (!update_defaults(SETDEF_CMND))
 	log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
 
     return(rval);
diff --git a/testsudoers.c b/testsudoers.c
index c5997b65c..e5961b3bf 100644
--- a/testsudoers.c
+++ b/testsudoers.c
@@ -254,7 +254,7 @@ main(argc, argv)
     else
 	(void) fputs("Parses OK", stdout);
 
-    if (!update_defaults(SET_ALL))
+    if (!update_defaults(SETDEF_ALL))
 	(void) fputs(" (problem with defaults entries)", stdout);
     puts(".");
 
@@ -336,9 +336,10 @@ set_runasgr(group)
     }
 }
 
+/* XXX - sanity check defaults settings */
 int
-update_defaults(skip_cmnd)
-    int skip_cmnd;
+update_defaults(what)
+    int what;
 {
     return(TRUE);
 }
diff --git a/visudo.c b/visudo.c
index 433614ef6..eb4b86a45 100644
--- a/visudo.c
+++ b/visudo.c
@@ -208,7 +208,7 @@ main(argc, argv)
 	error(1, "%s", sudoers_path);
     init_parser(sudoers_path, 0);
     yyparse();
-    (void) update_defaults(SKIP_CMND);
+    (void) update_defaults(SETDEF_ALL & ~SETDEF_CMND);
 
     editor = get_editor(&args);
 
@@ -565,9 +565,10 @@ user_is_exempt()
 }
 
 /* STUB */
+/* XXX - parse defaults to get editor and env_editor values */
 int
-update_defaults(skip_cmnd)
-    int skip_cmnd;
+update_defaults(what)
+    int what;
 {
     return(TRUE);
 }