From: Todd C. Miller Date: Sun, 31 Dec 2000 01:38:37 +0000 (+0000) Subject: Move defaults info into its own files from which we generate X-Git-Tag: SUDO_1_6_4~212 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d956d775289ffc2a8114dbbb8f3770bdae919693;p=sudo Move defaults info into its own files from which we generate .h and .c files. This makes adding or rearranging variables much simpler. --- diff --git a/Makefile.in b/Makefile.in index dd0372d1f..a1ac9f983 100644 --- a/Makefile.in +++ b/Makefile.in @@ -119,9 +119,9 @@ AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \ auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \ auth/secureware.c auth/securid.c auth/sia.c auth/sudo_auth.c -HDRS = compat.h defaults.h ins_2001.h ins_classic.h ins_csops.h ins_goons.h \ - insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h version.h \ - auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h +HDRS = compat.h def_data.h defaults.h ins_2001.h ins_classic.h ins_csops.h \ + ins_goons.h insults.h interfaces.h logging.h parse.h sudo.h sudo.tab.h \ + version.h auth/sudo_auth.h emul/fnmatch.h emul/search.h emul/utime.h AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ @@ -156,7 +156,7 @@ BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \ BINSPECIAL= INSTALL.binary Makefile.binary SUDODEP = $(srcdir)/sudo.h $(srcdir)/compat.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h config.h pathnames.h + $(srcdir)/logging.h config.h def_data.h pathnames.h AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h @@ -196,6 +196,10 @@ testsudoers: $(TESTOBJS) $(LIBOBJS) @DEV@ rm -f lex.yy.c @DEV@ $(LEX) $(srcdir)/parse.lex +# Uncomment the following if you intend to modify def_data.in +@DEV@def_data.h def_data.c: def_data.in +@DEV@ $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in + # Dependencies (not counting auth functions) alloc.o: alloc.c $(SUDODEP) check.o: check.c $(SUDODEP) @@ -214,7 +218,7 @@ testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h parse.o: parse.c $(SUDODEP) parse.h interfaces.h lex.yy.o: lex.yy.c $(SUDODEP) parse.h sudo.tab.h sudo.tab.o: sudo.tab.c $(SUDODEP) parse.h -defaults.o: defaults.c $(SUDODEP) auth/sudo_auth.h +defaults.o: defaults.c $(SUDODEP) def_data.c auth/sudo_auth.h fnmatch.o: fnmatch.c config.h compat.h emul/fnmatch.h getcwd.o: getcwd.c config.h compat.h lsearch.o: lsearch.c config.h compat.h emul/search.h diff --git a/check.c b/check.c index 8e4171efe..8e6071d08 100644 --- a/check.c +++ b/check.c @@ -226,10 +226,10 @@ user_is_exempt() struct group *grp; char **gr_mem; - if (!def_str(I_EXEMPT_GRP)) + if (!def_str(I_EXEMPT_GROUP)) return(FALSE); - if (!(grp = getgrnam(def_str(I_EXEMPT_GRP)))) + if (!(grp = getgrnam(def_str(I_EXEMPT_GROUP)))) return(FALSE); if (getgid() == grp->gr_gid) @@ -425,13 +425,13 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs) */ if (status == TS_OLD) { now = time(NULL); - if (def_ival(I_TS_TIMEOUT) && - now - sb.st_mtime < 60 * def_ival(I_TS_TIMEOUT)) { + if (def_ival(I_TIMESTAMP_TIMEOUT) && + now - sb.st_mtime < 60 * def_ival(I_TIMESTAMP_TIMEOUT)) { /* * Check for bogus time on the stampfile. The clock may * have been set back or someone could be trying to spoof us. */ - if (sb.st_mtime > now + 60 * def_ival(I_TS_TIMEOUT) * 2) { + if (sb.st_mtime > now + 60 * def_ival(I_TIMESTAMP_TIMEOUT) * 2) { log_error(NO_EXIT, "timestamp too far in the future: %20.20s", 4 + ctime(&sb.st_mtime)); diff --git a/def_data.c b/def_data.c new file mode 100644 index 000000000..bfabd7073 --- /dev/null +++ b/def_data.c @@ -0,0 +1,170 @@ +struct sudo_defs_types sudo_defs_table[] = { + { + "syslog_ifac", NULL, + "NULL" + }, { + "syslog_igoodpri", NULL, + "NULL" + }, { + "syslog_ibadpri", NULL, + "NULL" + }, { + "syslog", T_LOGFAC|T_BOOL, + "Syslog facility if syslog is being used for logging: %s" + }, { + "syslog_goodpri", T_LOGPRI, + "Syslog priority to use when user authenticates successfully: %s" + }, { + "syslog_badpri", T_LOGPRI, + "Syslog priority to use when user authenticates unsuccessfully: %s" + }, { + "long_otp_prompt", T_FLAG, + "Put OTP prompt on its own line" + }, { + "ignore_dot", T_FLAG, + "Ignore '.' in $PATH" + }, { + "mail_always", T_FLAG, + "Always send mail when sudo is run" + }, { + "mail_no_user", T_FLAG, + "Send mail if the user is not in sudoers" + }, { + "mail_no_host", T_FLAG, + "Send mail if the user is not in sudoers for this host" + }, { + "mail_no_perms", T_FLAG, + "Send mail if the user is not allowed to run a command" + }, { + "tty_tickets", T_FLAG, + "Use a separate timestamp for each user/tty combo" + }, { + "lecture", T_FLAG, + "Lecture user the first time they run sudo" + }, { + "authenticate", T_FLAG, + "Require users to authenticate by default" + }, { + "root_sudo", T_FLAG, + "Root may run sudo" + }, { + "log_host", T_FLAG, + "Log the hostname in the (non-syslog) log file" + }, { + "log_year", T_FLAG, + "Log the year in the (non-syslog) log file" + }, { + "shell_noargs", T_FLAG, + "If sudo is invoked with no arguments, start a shell" + }, { + "set_home", T_FLAG, + "Set $HOME to the target user when starting a shell with -s" + }, { + "always_set_home", T_FLAG, + "Always set $HOME to the target user's home directory" + }, { + "path_info", T_FLAG, + "Allow some information gathering to give useful error messages" + }, { + "fqdn", T_FLAG, + "Require fully-qualified hostnames in the sudoers file" + }, { + "insults", T_FLAG, + "Insult the user when they enter an incorrect password" + }, { + "requiretty", T_FLAG, + "Only allow the user to run sudo if they have a tty" + }, { + "env_editor", T_FLAG, + "Visudo will honor the EDITOR environment variable" + }, { + "rootpw", T_FLAG, + "Prompt for root's password, not the users's" + }, { + "runaspw", T_FLAG, + "Prompt for the runas_default user's password, not the users's" + }, { + "targetpw", T_FLAG, + "Prompt for the target user's password, not the users's" + }, { + "use_loginclass", T_FLAG, + "Apply defaults in the target user's login class if there is one" + }, { + "set_logname", T_FLAG, + "Set the LOGNAME and USER environment variables" + }, { + "stay_setuid", T_FLAG, + "Only set the effective uid to the target user, not the real uid" + }, { + "env_reset", T_FLAG, + "Reset the environment to a default set of variables" + }, { + "loglinelen", T_INT|T_BOOL, + "Length at which to wrap log file lines (0 for no wrap): %d" + }, { + "timestamp_timeout", T_INT|T_BOOL, + "Authentication timestamp timeout: %d minutes" + }, { + "passwd_timeout", T_INT|T_BOOL, + "Password prompt timeout: %d minutes" + }, { + "passwd_tries", T_INT, + "Number of tries to enter a password: %d" + }, { + "umask", T_MODE|T_BOOL, + "Umask to use or 0777 to use user's: 0%o" + }, { + "logfile", T_STR|T_BOOL|T_PATH, + "Path to log file: %s" + }, { + "mailerpath", T_STR|T_BOOL|T_PATH, + "Path to mail program: %s" + }, { + "mailerflags", T_STR|T_BOOL, + "Flags for mail program: %s" + }, { + "mailto", T_STR|T_BOOL, + "Address to send mail to: %s" + }, { + "mailsub", T_STR, + "Subject line for mail messages: %s" + }, { + "badpass_message", T_STR, + "Incorrect password message: %s" + }, { + "timestampdir", T_STR|T_PATH, + "Path to authentication timestamp dir: %s" + }, { + "exempt_group", T_STR|T_BOOL, + "Users in this group are exempt from password and PATH requirements: %s" + }, { + "passprompt", T_STR, + "Default password prompt: %s" + }, { + "runas_default", T_STR, + "Default user to run commands as: %s" + }, { + "secure_path", T_STR|T_BOOL, + "Value to override user's $PATH with: %s" + }, { + "editor", T_STR|T_PATH, + "Path to the editor for use by visudo: %s" + }, { + "env_keep", T_STR|T_BOOL, + "Environment variables to preserve: %s" + }, { + "listpw_i", NULL, + "NULL" + }, { + "verifypw_i", NULL, + "NULL" + }, { + "listpw", T_PWFLAG, + "When to require a password for 'list' pseudocommand: %s" + }, { + "verifypw", T_PWFLAG, + "When to require a password for 'verify' pseudocommand: %s" + }, { + NULL, 0, NULL + } +}; diff --git a/def_data.h b/def_data.h new file mode 100644 index 000000000..7146aaca1 --- /dev/null +++ b/def_data.h @@ -0,0 +1,55 @@ +#define I_SYSLOG_IFAC 0 +#define I_SYSLOG_IGOODPRI 1 +#define I_SYSLOG_IBADPRI 2 +#define I_SYSLOG 3 +#define I_SYSLOG_GOODPRI 4 +#define I_SYSLOG_BADPRI 5 +#define I_LONG_OTP_PROMPT 6 +#define I_IGNORE_DOT 7 +#define I_MAIL_ALWAYS 8 +#define I_MAIL_NO_USER 9 +#define I_MAIL_NO_HOST 10 +#define I_MAIL_NO_PERMS 11 +#define I_TTY_TICKETS 12 +#define I_LECTURE 13 +#define I_AUTHENTICATE 14 +#define I_ROOT_SUDO 15 +#define I_LOG_HOST 16 +#define I_LOG_YEAR 17 +#define I_SHELL_NOARGS 18 +#define I_SET_HOME 19 +#define I_ALWAYS_SET_HOME 20 +#define I_PATH_INFO 21 +#define I_FQDN 22 +#define I_INSULTS 23 +#define I_REQUIRETTY 24 +#define I_ENV_EDITOR 25 +#define I_ROOTPW 26 +#define I_RUNASPW 27 +#define I_TARGETPW 28 +#define I_USE_LOGINCLASS 29 +#define I_SET_LOGNAME 30 +#define I_STAY_SETUID 31 +#define I_ENV_RESET 32 +#define I_LOGLINELEN 33 +#define I_TIMESTAMP_TIMEOUT 34 +#define I_PASSWD_TIMEOUT 35 +#define I_PASSWD_TRIES 36 +#define I_UMASK 37 +#define I_LOGFILE 38 +#define I_MAILERPATH 39 +#define I_MAILERFLAGS 40 +#define I_MAILTO 41 +#define I_MAILSUB 42 +#define I_BADPASS_MESSAGE 43 +#define I_TIMESTAMPDIR 44 +#define I_EXEMPT_GROUP 45 +#define I_PASSPROMPT 46 +#define I_RUNAS_DEFAULT 47 +#define I_SECURE_PATH 48 +#define I_EDITOR 49 +#define I_ENV_KEEP 50 +#define I_LISTPW_I 51 +#define I_VERIFYPW_I 52 +#define I_LISTPW 53 +#define I_VERIFYPW 54 diff --git a/def_data.in b/def_data.in new file mode 100644 index 000000000..3d63c146d --- /dev/null +++ b/def_data.in @@ -0,0 +1,173 @@ +# +# Format: +# +# var_name +# TYPE +# description (or NULL) +# + +syslog_ifac + T_INT + NULL +syslog_igoodpri + T_INT + NULL +syslog_ibadpri + T_INT + NULL +syslog + T_LOGFAC|T_BOOL + "Syslog facility if syslog is being used for logging: %s" +syslog_goodpri + T_LOGPRI + "Syslog priority to use when user authenticates successfully: %s" +syslog_badpri + T_LOGPRI + "Syslog priority to use when user authenticates unsuccessfully: %s" +long_otp_prompt + T_FLAG + "Put OTP prompt on its own line" +ignore_dot + T_FLAG + "Ignore '.' in $PATH" +mail_always + T_FLAG + "Always send mail when sudo is run" +mail_no_user + T_FLAG + "Send mail if the user is not in sudoers" +mail_no_host + T_FLAG + "Send mail if the user is not in sudoers for this host" +mail_no_perms + T_FLAG + "Send mail if the user is not allowed to run a command" +tty_tickets + T_FLAG + "Use a separate timestamp for each user/tty combo" +lecture + T_FLAG + "Lecture user the first time they run sudo" +authenticate + T_FLAG + "Require users to authenticate by default" +root_sudo + T_FLAG + "Root may run sudo" +log_host + T_FLAG + "Log the hostname in the (non-syslog) log file" +log_year + T_FLAG + "Log the year in the (non-syslog) log file" +shell_noargs + T_FLAG + "If sudo is invoked with no arguments, start a shell" +set_home + T_FLAG + "Set $HOME to the target user when starting a shell with -s" +always_set_home + T_FLAG + "Always set $HOME to the target user's home directory" +path_info + T_FLAG + "Allow some information gathering to give useful error messages" +fqdn + T_FLAG + "Require fully-qualified hostnames in the sudoers file" +insults + T_FLAG + "Insult the user when they enter an incorrect password" +requiretty + T_FLAG + "Only allow the user to run sudo if they have a tty" +env_editor + T_FLAG + "Visudo will honor the EDITOR environment variable" +rootpw + T_FLAG + "Prompt for root's password, not the users's" +runaspw + T_FLAG + "Prompt for the runas_default user's password, not the users's" +targetpw + T_FLAG + "Prompt for the target user's password, not the users's" +use_loginclass + T_FLAG + "Apply defaults in the target user's login class if there is one" +set_logname + T_FLAG + "Set the LOGNAME and USER environment variables" +stay_setuid + T_FLAG + "Only set the effective uid to the target user, not the real uid" +env_reset + T_FLAG + "Reset the environment to a default set of variables" +loglinelen + T_INT|T_BOOL + "Length at which to wrap log file lines (0 for no wrap): %d" +timestamp_timeout + T_INT|T_BOOL + "Authentication timestamp timeout: %d minutes" +passwd_timeout + T_INT|T_BOOL + "Password prompt timeout: %d minutes" +passwd_tries + T_INT + "Number of tries to enter a password: %d" +umask + T_MODE|T_BOOL + "Umask to use or 0777 to use user's: 0%o" +logfile + T_STR|T_BOOL|T_PATH + "Path to log file: %s" +mailerpath + T_STR|T_BOOL|T_PATH + "Path to mail program: %s" +mailerflags + T_STR|T_BOOL + "Flags for mail program: %s" +mailto + T_STR|T_BOOL + "Address to send mail to: %s" +mailsub + T_STR + "Subject line for mail messages: %s" +badpass_message + T_STR + "Incorrect password message: %s" +timestampdir + T_STR|T_PATH + "Path to authentication timestamp dir: %s" +exempt_group + T_STR|T_BOOL + "Users in this group are exempt from password and PATH requirements: %s" +passprompt + T_STR + "Default password prompt: %s" +runas_default + T_STR + "Default user to run commands as: %s" +secure_path + T_STR|T_BOOL + "Value to override user's $PATH with: %s" +editor + T_STR|T_PATH + "Path to the editor for use by visudo: %s" +env_keep + T_STR|T_BOOL + "Environment variables to preserve: %s" +listpw_i + T_INT + NULL +verifypw_i + T_INT + NULL +listpw + T_PWFLAG + "When to require a password for 'list' pseudocommand: %s" +verifypw + T_PWFLAG + "When to require a password for 'verify' pseudocommand: %s" diff --git a/defaults.c b/defaults.c index c7a17561e..8e2fe1ddb 100644 --- a/defaults.c +++ b/defaults.c @@ -111,171 +111,7 @@ static int store_pwflag __P((char *, struct sudo_defs_types *, int)); /* * Table describing compile-time and run-time options. */ -struct sudo_defs_types sudo_defs_table[] = { - { - "syslog_ifac", T_INT, NULL - }, { - "syslog_igoodpri", T_INT, NULL - }, { - "syslog_ibadpri", T_INT, NULL - }, { - "syslog", T_LOGFAC|T_BOOL, - "Syslog facility if syslog is being used for logging: %s" - }, { - "syslog_goodpri", T_LOGPRI, - "Syslog priority to use when user authenticates successfully: %s" - }, { - "syslog_badpri", T_LOGPRI, - "Syslog priority to use when user authenticates unsuccessfully: %s" - }, { - "long_otp_prompt", T_FLAG, - "Put OTP prompt on its own line" - }, { - "ignore_dot", T_FLAG, - "Ignore '.' in $PATH" - }, { - "mail_always", T_FLAG, - "Always send mail when sudo is run" - }, { - "mail_no_user", T_FLAG, - "Send mail if the user is not in sudoers" - }, { - "mail_no_host", T_FLAG, - "Send mail if the user is not in sudoers for this host" - }, { - "mail_no_perms", T_FLAG, - "Send mail if the user is not allowed to run a command" - }, { - "tty_tickets", T_FLAG, - "Use a separate timestamp for each user/tty combo" - }, { - "lecture", T_FLAG, - "Lecture user the first time they run sudo" - }, { - "authenticate", T_FLAG, - "Require users to authenticate by default" - }, { - "root_sudo", T_FLAG, - "Root may run sudo" - }, { - "log_host", T_FLAG, - "Log the hostname in the (non-syslog) log file" - }, { - "log_year", T_FLAG, - "Log the year in the (non-syslog) log file" - }, { - "shell_noargs", T_FLAG, - "If sudo is invoked with no arguments, start a shell" - }, { - "set_home", T_FLAG, - "Set $HOME to the target user when starting a shell with -s" - }, { - "always_set_home", T_FLAG, - "Always set $HOME to the target user's home directory" - }, { - "path_info", T_FLAG, - "Allow some information gathering to give useful error messages" - }, { - "fqdn", T_FLAG, - "Require fully-qualified hostnames in the sudoers file" - }, { - "insults", T_FLAG, - "Insult the user when they enter an incorrect password" - }, { - "requiretty", T_FLAG, - "Only allow the user to run sudo if they have a tty" - }, { - "env_editor", T_FLAG, - "Visudo will honor the EDITOR environment variable" - }, { - "rootpw", T_FLAG, - "Prompt for root's password, not the users's" - }, { - "runaspw", T_FLAG, - "Prompt for the runas_default user's password, not the users's" - }, { - "targetpw", T_FLAG, - "Prompt for the target user's password, not the users's" - }, { - "use_loginclass", T_FLAG, - "Apply defaults in the target user's login class if there is one" - }, { - "set_logname", T_FLAG, - "Set the LOGNAME and USER environment variables" - }, { - "stay_setuid", T_FLAG, - "Only set the effective uid to the target user, not the real uid" - }, { - "env_reset", T_FLAG, - "Reset the environment to a default set of variables" - }, { - "loglinelen", T_INT|T_BOOL, - "Length at which to wrap log file lines (0 for no wrap): %d" - }, { - "timestamp_timeout", T_INT|T_BOOL, - "Authentication timestamp timeout: %d minutes" - }, { - "passwd_timeout", T_INT|T_BOOL, - "Password prompt timeout: %d minutes" - }, { - "passwd_tries", T_INT, - "Number of tries to enter a password: %d" - }, { - "umask", T_MODE|T_BOOL, - "Umask to use or 0777 to use user's: 0%o" - }, { - "logfile", T_STR|T_BOOL|T_PATH, - "Path to log file: %s" - }, { - "mailerpath", T_STR|T_BOOL|T_PATH, - "Path to mail program: %s" - }, { - "mailerflags", T_STR|T_BOOL, - "Flags for mail program: %s" - }, { - "mailto", T_STR|T_BOOL, - "Address to send mail to: %s" - }, { - "mailsub", T_STR, - "Subject line for mail messages: %s" - }, { - "badpass_message", T_STR, - "Incorrect password message: %s" - }, { - "timestampdir", T_STR|T_PATH, - "Path to authentication timestamp dir: %s" - }, { - "exempt_group", T_STR|T_BOOL, - "Users in this group are exempt from password and PATH requirements: %s" - }, { - "passprompt", T_STR, - "Default password prompt: %s" - }, { - "runas_default", T_STR, - "Default user to run commands as: %s" - }, { - "secure_path", T_STR|T_BOOL, - "Value to override user's $PATH with: %s" - }, { - "editor", T_STR|T_PATH, - "Path to the editor for use by visudo: %s" - }, { - "env_keep", T_STR|T_BOOL, - "Environment variables to preserve: %s" - }, { - "listpw_i", T_INT, NULL - }, { - "verifypw_i", T_INT, NULL - }, { - "listpw", T_PWFLAG, - "When to require a password for 'list' pseudocommand: %s" - }, { - "verifypw", T_PWFLAG, - "When to require a password for 'verify' pseudocommand: %s" - }, { - NULL, 0, NULL - } -}; +#include "def_data.c" /* * Print version and configure info. @@ -522,13 +358,13 @@ init_defaults() def_flag(I_MAIL_ALWAYS) = TRUE; #endif #ifdef SEND_MAIL_WHEN_NO_USER - def_flag(I_MAIL_NOUSER) = TRUE; + def_flag(I_MAIL_NO_USER) = TRUE; #endif #ifdef SEND_MAIL_WHEN_NO_HOST - def_flag(I_MAIL_NOHOST) = TRUE; + def_flag(I_MAIL_NO_HOST) = TRUE; #endif #ifdef SEND_MAIL_WHEN_NOT_OK - def_flag(I_MAIL_NOPERMS) = TRUE; + def_flag(I_MAIL_NO_PERMS) = TRUE; #endif #ifdef USE_TTY_TICKETS def_flag(I_TTY_TICKETS) = TRUE; @@ -563,18 +399,20 @@ init_defaults() #ifdef ENV_EDITOR def_flag(I_ENV_EDITOR) = TRUE; #endif - def_flag(I_LOGNAME) = TRUE; + def_flag(I_SET_LOGNAME) = TRUE; /* Syslog options need special care since they both strings and ints */ #if (LOGGING & SLOG_SYSLOG) - (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_LOGFACSTR], TRUE); - (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_GOODPRISTR], TRUE); - (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE); + (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE); + (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI], + TRUE); + (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI], + TRUE); #endif /* Password flags also have a string and integer component. */ - (void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE); - (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE); + (void) store_pwflag("any", &sudo_defs_table[I_LISTPW], TRUE); + (void) store_pwflag("all", &sudo_defs_table[I_VERIFYPW], TRUE); /* Then initialize the int-like things. */ #ifdef SUDO_UMASK @@ -582,18 +420,18 @@ init_defaults() #else def_mode(I_UMASK) = 0777; #endif - def_ival(I_LOGLEN) = MAXLOGFILELEN; - def_ival(I_TS_TIMEOUT) = TIMEOUT; - def_ival(I_PW_TIMEOUT) = PASSWORD_TIMEOUT; - def_ival(I_PW_TRIES) = TRIES_FOR_PASSWORD; + def_ival(I_LOGLINELEN) = MAXLOGFILELEN; + def_ival(I_TIMESTAMP_TIMEOUT) = TIMEOUT; + def_ival(I_PASSWD_TIMEOUT) = PASSWORD_TIMEOUT; + def_ival(I_PASSWD_TRIES) = TRIES_FOR_PASSWORD; /* Finally do the strings */ def_str(I_MAILTO) = estrdup(MAILTO); def_str(I_MAILSUB) = estrdup(MAILSUBJECT); - def_str(I_BADPASS_MSG) = estrdup(INCORRECT_PASSWORD); + def_str(I_BADPASS_MESSAGE) = estrdup(INCORRECT_PASSWORD); def_str(I_TIMESTAMPDIR) = estrdup(_PATH_SUDO_TIMEDIR); def_str(I_PASSPROMPT) = estrdup(PASSPROMPT); - def_str(I_RUNAS_DEF) = estrdup(RUNAS_DEFAULT); + def_str(I_RUNAS_DEFAULT) = estrdup(RUNAS_DEFAULT); #ifdef _PATH_SENDMAIL def_str(I_MAILERPATH) = estrdup(_PATH_SENDMAIL); def_str(I_MAILERFLAGS) = estrdup("-t"); @@ -602,7 +440,7 @@ init_defaults() def_str(I_LOGFILE) = estrdup(_PATH_SUDO_LOGFILE); #endif #ifdef EXEMPTGROUP - def_str(I_EXEMPT_GRP) = estrdup(EXEMPTGROUP); + def_str(I_EXEMPT_GROUP) = estrdup(EXEMPTGROUP); #endif #ifdef SECURE_PATH def_str(I_SECURE_PATH) = estrdup(SECURE_PATH); @@ -615,7 +453,7 @@ init_defaults() * value changes we get the change. */ if (user_runas == NULL) - user_runas = &def_str(I_RUNAS_DEF); + user_runas = &def_str(I_RUNAS_DEFAULT); firsttime = 0; } @@ -704,9 +542,9 @@ store_syslogpri(val, def, op) if (op == FALSE || !val) return(FALSE); - if (def == &sudo_defs_table[I_GOODPRISTR]) + if (def == &sudo_defs_table[I_SYSLOG_GOODPRI]) idef = &sudo_defs_table[I_GOODPRI]; - else if (def == &sudo_defs_table[I_BADPRISTR]) + else if (def == &sudo_defs_table[I_SYSLOG_BADPRI]) idef = &sudo_defs_table[I_BADPRI]; else return(FALSE); @@ -753,9 +591,9 @@ store_pwflag(val, def, op) int isub, flags; if (strcmp(def->name, "verifypw") == 0) - isub = I_VERIFYPW; + isub = I_VERIFYPW_I; else - isub = I_LISTPW; + isub = I_LISTPW_I; /* Handle !foo. */ if (op == FALSE) { diff --git a/defaults.h b/defaults.h index f7c7f98cd..5fe0f6b7e 100644 --- a/defaults.h +++ b/defaults.h @@ -81,75 +81,10 @@ struct sudo_defs_types { /* * Indexes into sudo_defs_table */ - -/* Integer versions of syslog options. */ -#define I_LOGFAC 0 /* syslog facility */ -#define I_GOODPRI 1 /* syslog priority for successful auth */ -#define I_BADPRI 2 /* syslog priority for unsuccessful auth */ - -/* String versions of syslog options. */ -#define I_LOGFACSTR 3 /* syslog facility */ -#define I_GOODPRISTR 4 /* syslog priority for successful auth */ -#define I_BADPRISTR 5 /* syslog priority for unsuccessful auth */ - -/* Booleans */ -#define I_LONG_OTP_PROMPT 6 -#define I_IGNORE_DOT 7 -#define I_MAIL_ALWAYS 8 -#define I_MAIL_NOUSER 9 -#define I_MAIL_NOHOST 10 -#define I_MAIL_NOPERMS 11 -#define I_TTY_TICKETS 12 -#define I_LECTURE 13 -#define I_AUTHENTICATE 14 -#define I_ROOT_SUDO 15 -#define I_LOG_HOST 16 -#define I_LOG_YEAR 17 -#define I_SHELL_NOARGS 18 -#define I_SET_HOME 19 -#define I_ALWAYS_SET_HOME 20 -#define I_PATH_INFO 21 -#define I_FQDN 22 -#define I_INSULTS 23 -#define I_REQUIRETTY 24 -#define I_ENV_EDITOR 25 -#define I_ROOTPW 26 -#define I_RUNASPW 27 -#define I_TARGETPW 28 -#define I_LOGINCLASS 29 -#define I_LOGNAME 30 -#define I_STAY_SETUID 31 -#define I_ENV_RESET 32 - -/* Integer values */ -#define I_LOGLEN 33 /* wrap log file line after N chars */ -#define I_TS_TIMEOUT 34 /* timestamp stale after N minutes */ -#define I_PW_TIMEOUT 35 /* exit if pass not entered in N minutes */ -#define I_PW_TRIES 36 /* exit after N bad password tries */ -#define I_UMASK 37 /* umask to use or 0777 to use user's */ - -/* Strings */ -#define I_LOGFILE 38 /* path to logfile (or NULL for none) */ -#define I_MAILERPATH 39 /* path to sendmail or other mailer */ -#define I_MAILERFLAGS 40 /* flags to pass to the mailer */ -#define I_MAILTO 41 /* who to send bitch mail to */ -#define I_MAILSUB 42 /* subject line of mail msg */ -#define I_BADPASS_MSG 43 /* what to say when passwd is wrong */ -#define I_TIMESTAMPDIR 44 /* path to timestamp dir */ -#define I_EXEMPT_GRP 45 /* no password or PATH override for these */ -#define I_PASSPROMPT 46 /* password prompt */ -#define I_RUNAS_DEF 47 /* default user to run commands as */ -#define I_SECURE_PATH 48 /* set $PATH to this if not NULL */ -#define I_EDITOR 49 /* path to editor used by visudo */ -#define I_ENV_KEEP 50 /* list of env vars to preserve */ - -/* Integer versions of list/verify options */ -#define I_LISTPW 51 -#define I_VERIFYPW 52 - -/* String versions of list/verify options */ -#define I_LISTPWSTR 53 -#define I_VERIFYPWSTR 54 +#include "def_data.h" +#define I_LOGFAC I_SYSLOG_IFAC +#define I_GOODPRI I_SYSLOG_IGOODPRI +#define I_BADPRI I_SYSLOG_IBADPRI /* * Macros for accessing sudo_defs_table. diff --git a/env.c b/env.c index fae584401..72300d177 100644 --- a/env.c +++ b/env.c @@ -273,7 +273,7 @@ rebuild_env(sudo_mode, envp) /* XXX - set all to target user instead for -S */ *nep++ = format_env("HOME", user_dir); *nep++ = format_env("SHELL", user_shell); - if (def_flag(I_LOGNAME) && runas_pw->pw_name) { + if (def_flag(I_SET_LOGNAME) && runas_pw->pw_name) { *nep++ = format_env("LOGNAME", runas_pw->pw_name); *nep++ = format_env("USER", runas_pw->pw_name); } else { diff --git a/logging.c b/logging.c index 036de3708..c7bd566e4 100644 --- a/logging.c +++ b/logging.c @@ -181,7 +181,7 @@ do_logfile(msg) char *beg, *oldend, *end; FILE *fp; mode_t oldmask; - int maxlen = def_ival(I_LOGLEN); + int maxlen = def_ival(I_LOGLINELEN); oldmask = umask(077); fp = fopen(def_str(I_LOGFILE), "a"); @@ -197,7 +197,7 @@ do_logfile(msg) send_mail(full_line); free(full_line); } else { - if (def_ival(I_LOGLEN) == 0) { + if (def_ival(I_LOGLINELEN) == 0) { /* Don't pretty-print long log file lines (hard to grep) */ if (def_flag(I_LOG_HOST)) (void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(), @@ -325,7 +325,7 @@ log_auth(status, inform_user) /* * Log via syslog and/or a file. */ - if (def_str(I_LOGFACSTR)) + if (def_str(I_SYSLOG)) do_syslog(pri, logline); if (def_str(I_LOGFILE)) do_logfile(logline); @@ -406,7 +406,7 @@ log_error(va_alist) /* * Log to syslog and/or a file. */ - if (def_str(I_LOGFACSTR)) + if (def_str(I_SYSLOG)) do_syslog(def_ival(I_BADPRI), logline); if (def_str(I_LOGFILE)) do_logfile(logline); @@ -551,11 +551,11 @@ mail_auth(status, line) VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK; else { mail_mask = VALIDATE_ERROR; - if (def_flag(I_MAIL_NOUSER)) + if (def_flag(I_MAIL_NO_USER)) mail_mask |= FLAG_NO_USER; - if (def_flag(I_MAIL_NOHOST)) + if (def_flag(I_MAIL_NO_HOST)) mail_mask |= FLAG_NO_HOST; - if (def_flag(I_MAIL_NOPERMS)) + if (def_flag(I_MAIL_NO_PERMS)) mail_mask |= VALIDATE_NOT_OK; } diff --git a/mkdefaults b/mkdefaults new file mode 100755 index 000000000..0da1f2e56 --- /dev/null +++ b/mkdefaults @@ -0,0 +1,80 @@ +#!/usr/bin/perl -w +# +# Generate sudo_defs_table and associated defines +# +# Input should be formatted thusly: +# +# var_name +# TYPE +# description (or NULL) + +# Deal with optional -o (output) argument +if ($ARGV[0] eq "-o") { + shift; + $header = $cfile = shift; + $header .= '.h'; + $cfile .= '.c'; +} +die "usage: $0 input_file" unless $#ARGV == 0; + +$infile = $ARGV[0]; +if (!defined($header)) { + $header = $infile; + $header =~ s/(\.in)?$/.h/; +} +if (!defined($cfile)) { + $cfile = $infile; + $cfile =~ s/(\.in)?$/.c/; +} + +open(IN, "<$infile") || die "$0: can't open $infile: $!\n"; +open(HEADER, ">$header") || die "$0: can't open $header: $!\n"; +open(CFILE, ">$cfile") || die "$0: can't open $cfile: $!\n"; + +print CFILE "struct sudo_defs_types sudo_defs_table[] = {\n {\n"; + +$count = -1; +while() { + chomp; + next if /^\s*$/; + next if /^\s*#/; + + if (/^\S/) { + # Print last record + &print_record() if defined($var); + + $var = $_; + ($type, $desc) = (undef, undef); + $count++; + } else { + s/^\s+//; + s/\s+$//; + die "$0: syntax error near line $.\n" if + defined($type) && defined($desc); + if (defined($type) && !/^NULL$/) { + # Strip leading and trailing double quote and escape the rest + s/^"//; + s/"$//; + s/"/\\"/g; + $desc = $_; + } else { + $type = $_; + } + } +} +&print_record(); +print CFILE "\tNULL, 0, NULL\n }\n};\n"; + +close(IN); +close(HEADER); +close(CFILE); + +sub print_record { + $defname = "I_" . uc($var); + printf HEADER "#define %-24s%d", $defname, $count; + #print HEADER "\t/* $desc */" if defined($desc); + print HEADER "\n"; + + $desc = "NULL" unless defined($desc); + print CFILE "\t\"$var\", $type,\n\t\"$desc\"\n }, {\n"; +} diff --git a/parse.yacc b/parse.yacc index 435096bf6..bdc120aa5 100644 --- a/parse.yacc +++ b/parse.yacc @@ -463,7 +463,7 @@ runasspec : /* empty */ { */ if (runas_matches == -1) runas_matches = (strcmp(*user_runas, - def_str(I_RUNAS_DEF)) == 0); + def_str(I_RUNAS_DEFAULT)) == 0); } | RUNAS runaslist { runas_matches = ($2 == TRUE ? TRUE : FALSE); @@ -1002,7 +1002,7 @@ list_matches() } while ((p = strtok(NULL, ", "))); (void) fputs(") ", stdout); } else { - (void) printf("(%s) ", def_str(I_RUNAS_DEF)); + (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT)); } /* Is a password required? */ diff --git a/set_perms.c b/set_perms.c index 525e0d0e6..e90662eb4 100644 --- a/set_perms.c +++ b/set_perms.c @@ -276,7 +276,7 @@ runas_setup() if (runas_pw->pw_name != NULL) { #ifdef HAVE_LOGIN_CAP_H - if (def_flag(I_LOGINCLASS)) { + if (def_flag(I_USE_LOGINCLASS)) { /* * We don't have setusercontext() * set the user since we may only diff --git a/sudo.c b/sudo.c index 5b2447b70..298556a7b 100644 --- a/sudo.c +++ b/sudo.c @@ -230,7 +230,7 @@ main(argc, argv, envp) break; case MODE_VALIDATE: user_cmnd = "validate"; - pwflag = I_VERIFYPW; + pwflag = I_VERIFYPW_I; break; case MODE_KILL: case MODE_INVALIDATE: @@ -243,7 +243,7 @@ main(argc, argv, envp) break; case MODE_LIST: user_cmnd = "list"; - pwflag = I_LISTPW; + pwflag = I_LISTPW_I; printmatches = 1; break; } @@ -632,7 +632,7 @@ parse_args() usage(1); login_class = NewArgv[1]; - def_flag(I_LOGINCLASS) = TRUE; + def_flag(I_USE_LOGINCLASS) = TRUE; /* Shift Argv over and adjust Argc. */ NewArgc--; @@ -946,9 +946,9 @@ get_authpw() if ((pw = sudo_getpwuid(0)) == NULL) log_error(0, "uid 0 does not exist in the passwd file!"); } else if (def_ival(I_RUNASPW)) { - if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEF))) == NULL) + if ((pw = sudo_getpwnam(def_str(I_RUNAS_DEFAULT))) == NULL) log_error(0, "user %s does not exist in the passwd file!", - def_str(I_RUNAS_DEF)); + def_str(I_RUNAS_DEFAULT)); } else if (def_ival(I_TARGETPW)) { if (**user_runas == '#') { if ((pw = sudo_getpwuid(atoi(*user_runas + 1))) == NULL) diff --git a/sudo.tab.c b/sudo.tab.c index afd319b1c..7e92bfd67 100644 --- a/sudo.tab.c +++ b/sudo.tab.c @@ -756,7 +756,7 @@ list_matches() } while ((p = strtok(NULL, ", "))); (void) fputs(") ", stdout); } else { - (void) printf("(%s) ", def_str(I_RUNAS_DEF)); + (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT)); } /* Is a password required? */ @@ -1379,7 +1379,7 @@ case 39: */ if (runas_matches == -1) runas_matches = (strcmp(*user_runas, - def_str(I_RUNAS_DEF)) == 0); + def_str(I_RUNAS_DEFAULT)) == 0); } break; case 40: