From: Todd C. Miller Date: Fri, 26 Jan 2018 20:15:10 +0000 (-0700) Subject: Use the built-in sudoers file location as the default sudoers file X-Git-Tag: SUDO_1_8_23^2~181 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=98c19a68c949c7b4f03649a0b619b8b1bfe6b122;p=sudo Use the built-in sudoers file location as the default sudoers file for cvtsudoers and move parse_sudoers_options() to stubs.c since it is shared between visudo.c and cvtsudoers.c. --- diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat index e0bb1d33d..84364ff78 100644 --- a/doc/cvtsudoers.cat +++ b/doc/cvtsudoers.cat @@ -10,9 +10,9 @@ DDEESSCCRRIIPPTTIIOONN ccvvttssuuddooeerrss can be used to convert a policy file in _s_u_d_o_e_r_s format to other formats. The default output format is JSON. - If no _s_u_d_o_e_r_s___f_i_l_e is specified, or if it is `-', the policy is read from - the standard input. By default, the result is written to the standard - output. + If _s_u_d_o_e_r_s___f_i_l_e is `-', the policy is read from the standard input. If + no _s_u_d_o_e_r_s___f_i_l_e is specified, _/_e_t_c_/_s_u_d_o_e_r_s will be used. By default, the + result is written to the standard output. The options are as follows: diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in index 9564e684c..43723e3e7 100644 --- a/doc/cvtsudoers.man.in +++ b/doc/cvtsudoers.man.in @@ -36,11 +36,16 @@ can be used to convert a policy file in format to other formats. The default output format is JSON. .PP -If no +If \fIsudoers_file\fR -is specified, or if it is +is \(oq-\(cq, the policy is read from the standard input. +If no +\fIsudoers_file\fR +is specified, +\fI@sysconfdir@/sudoers\fR +will be used. By default, the result is written to the standard output. .PP The options are as follows: diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in index cd6116f80..93e86bba2 100644 --- a/doc/cvtsudoers.mdoc.in +++ b/doc/cvtsudoers.mdoc.in @@ -33,11 +33,16 @@ can be used to convert a policy file in format to other formats. The default output format is JSON. .Pp -If no +If .Ar sudoers_file -is specified, or if it is +is .Ql - , the policy is read from the standard input. +If no +.Ar sudoers_file +is specified, +.Pa @sysconfdir@/sudoers +will be used. By default, the result is written to the standard output. .Pp The options are as follows: diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 4619306c5..8a85366fb 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -50,6 +50,7 @@ #endif /* HAVE_GETOPT_LONG */ extern bool convert_sudoers_json(const char *, const char *); +extern void parse_sudoers_options(void); extern void get_hostname(void); /* @@ -77,7 +78,8 @@ int main(int argc, char *argv[]) { int ch, exitcode = EXIT_FAILURE; - const char *input_file = "-", *output_file = "-"; + const char *input_file = NULL; + const char *output_file = "-"; const char *output_format = "JSON"; debug_decl(main, SUDOERS_DEBUG_MAIN) @@ -108,6 +110,9 @@ main(int argc, char *argv[]) if (!sudoers_debug_register(getprogname(), sudo_conf_debug_files(getprogname()))) goto done; + /* Parse sudoers plugin options, if any. */ + parse_sudoers_options(); + /* * Arg handling. */ @@ -140,12 +145,14 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - /* Input file (defaults to stdin). */ + /* Input file (defaults to /etc/sudoers). */ if (argc > 0) { /* XXX - allow multiple input files? */ if (argc > 1) usage(1); input_file = argv[0]; + } else { + input_file = sudoers_file; } if (strcmp(input_file, "-") != 0) { diff --git a/plugins/sudoers/stubs.c b/plugins/sudoers/stubs.c index bc1c6eacc..11adcf580 100644 --- a/plugins/sudoers/stubs.c +++ b/plugins/sudoers/stubs.c @@ -108,3 +108,63 @@ get_hostname(void) debug_return; } + +/* + * Parse sudoers plugin options. + * May set sudoers_file, sudoers_uid, sudoers_gid or sudoers_mode globals. + */ +void +parse_sudoers_options(void) +{ + struct plugin_info_list *plugins; + debug_decl(parse_sudoers_options, SUDOERS_DEBUG_UTIL) + + plugins = sudo_conf_plugins(); + if (plugins) { + struct plugin_info *info; + + TAILQ_FOREACH(info, plugins, entries) { + if (strcmp(info->symbol_name, "sudoers_policy") == 0) + break; + } + if (info != NULL && info->options != NULL) { + char * const *cur; + +#define MATCHES(s, v) \ + (strncmp((s), (v), sizeof(v) - 1) == 0 && (s)[sizeof(v) - 1] != '\0') + + for (cur = info->options; *cur != NULL; cur++) { + const char *errstr, *p; + id_t id; + + if (MATCHES(*cur, "sudoers_file=")) { + sudoers_file = *cur + sizeof("sudoers_file=") - 1; + continue; + } + if (MATCHES(*cur, "sudoers_uid=")) { + p = *cur + sizeof("sudoers_uid=") - 1; + id = sudo_strtoid(p, NULL, NULL, &errstr); + if (errstr == NULL) + sudoers_uid = (uid_t) id; + continue; + } + if (MATCHES(*cur, "sudoers_gid=")) { + p = *cur + sizeof("sudoers_gid=") - 1; + id = sudo_strtoid(p, NULL, NULL, &errstr); + if (errstr == NULL) + sudoers_gid = (gid_t) id; + continue; + } + if (MATCHES(*cur, "sudoers_mode=")) { + p = *cur + sizeof("sudoers_mode=") - 1; + id = (id_t) sudo_strtomode(p, &errstr); + if (errstr == NULL) + sudoers_mode = (mode_t) id; + continue; + } + } +#undef MATCHES + } + } + debug_return; +} diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 000e3d76f..7ce2f1ce7 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -94,7 +94,6 @@ static bool install_sudoers(struct sudoersfile *, bool); static int print_unused(void *, void *); static bool reparse_sudoers(char *, int, char **, bool, bool); static int run_command(char *, char **); -static void parse_sudoers_options(void); static void setup_signals(void); static void help(void) __attribute__((__noreturn__)); static void usage(int); @@ -102,6 +101,7 @@ static void visudo_cleanup(void); extern void get_hostname(void); extern void sudoersrestart(FILE *); +extern void parse_sudoers_options(void); /* * Globals @@ -1221,62 +1221,6 @@ print_unused(void *v1, void *v2) return 0; } -static void -parse_sudoers_options(void) -{ - struct plugin_info_list *plugins; - debug_decl(parse_sudoers_options, SUDOERS_DEBUG_UTIL) - - plugins = sudo_conf_plugins(); - if (plugins) { - struct plugin_info *info; - - TAILQ_FOREACH(info, plugins, entries) { - if (strcmp(info->symbol_name, "sudoers_policy") == 0) - break; - } - if (info != NULL && info->options != NULL) { - char * const *cur; - -#define MATCHES(s, v) \ - (strncmp((s), (v), sizeof(v) - 1) == 0 && (s)[sizeof(v) - 1] != '\0') - - for (cur = info->options; *cur != NULL; cur++) { - const char *errstr, *p; - id_t id; - - if (MATCHES(*cur, "sudoers_file=")) { - sudoers_file = *cur + sizeof("sudoers_file=") - 1; - continue; - } - if (MATCHES(*cur, "sudoers_uid=")) { - p = *cur + sizeof("sudoers_uid=") - 1; - id = sudo_strtoid(p, NULL, NULL, &errstr); - if (errstr == NULL) - sudoers_uid = (uid_t) id; - continue; - } - if (MATCHES(*cur, "sudoers_gid=")) { - p = *cur + sizeof("sudoers_gid=") - 1; - id = sudo_strtoid(p, NULL, NULL, &errstr); - if (errstr == NULL) - sudoers_gid = (gid_t) id; - continue; - } - if (MATCHES(*cur, "sudoers_mode=")) { - p = *cur + sizeof("sudoers_mode=") - 1; - id = (id_t) sudo_strtomode(p, &errstr); - if (errstr == NULL) - sudoers_mode = (mode_t) id; - continue; - } - } -#undef MATCHES - } - } - debug_return; -} - /* * Unlink any sudoers temp files that remain. */