From 7aeadbd5b30e16d6ea0ed218372afd63f809b77b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 14 Aug 2012 10:45:55 -0400 Subject: [PATCH] Add new check_defaults() function to check (but not update) the Defaults entries. Visudo can now use this instead of update_defaults to check all the defaults regardless instead of just the global Defaults entries. --- plugins/sudoers/defaults.c | 50 +++++++++++++++++++++++++++++++++++++- plugins/sudoers/defaults.h | 7 +++--- plugins/sudoers/visudo.c | 18 ++++++++------ 3 files changed, 64 insertions(+), 11 deletions(-) diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 6492546f7..712566707 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -485,7 +485,7 @@ init_defaults(void) * Update the defaults based on what was set by sudoers. * Pass in an OR'd list of which default types to update. */ -int +bool update_defaults(int what) { struct defaults *def; @@ -528,6 +528,54 @@ update_defaults(int what) debug_return_bool(rc); } +/* + * Check the defaults entries without actually setting them. + * Pass in an OR'd list of which default types to check. + */ +bool +check_defaults(int what, bool quiet) +{ + struct sudo_defs_types *cur; + struct defaults *def; + bool rc = true; + debug_decl(check_defaults, SUDO_DEBUG_DEFAULTS) + + tq_foreach_fwd(&defaults, def) { + switch (def->type) { + case DEFAULTS: + if (!ISSET(what, SETDEF_GENERIC)) + continue; + break; + case DEFAULTS_USER: + if (!ISSET(what, SETDEF_USER)) + continue; + break; + case DEFAULTS_RUNAS: + if (!ISSET(what, SETDEF_RUNAS)) + continue; + break; + case DEFAULTS_HOST: + if (!ISSET(what, SETDEF_HOST)) + continue; + break; + case DEFAULTS_CMND: + if (!ISSET(what, SETDEF_CMND)) + continue; + break; + } + for (cur = sudo_defs_table; cur->name != NULL; cur++) { + if (strcmp(def->var, cur->name) == 0) + break; + } + if (cur->name == NULL) { + if (!quiet) + warningx(_("unknown defaults entry `%s'"), def->var); + rc = false; + } + } + debug_return_bool(rc); +} + static bool store_int(char *val, struct sudo_defs_types *def, int op) { diff --git a/plugins/sudoers/defaults.h b/plugins/sudoers/defaults.h index d6231c751..bd8ddf89f 100644 --- a/plugins/sudoers/defaults.h +++ b/plugins/sudoers/defaults.h @@ -93,7 +93,7 @@ struct sudo_defs_types { #define T_PATH 0x200 /* - * Argument to update_defaults() + * Argument to update_defaults() and check_defaults() */ #define SETDEF_GENERIC 0x01 #define SETDEF_HOST 0x02 @@ -107,8 +107,9 @@ struct sudo_defs_types { */ void dump_default(void); void init_defaults(void); -bool set_default(char *, char *, int); -int update_defaults(int); +bool set_default(char *var, char *val, int op); +bool update_defaults(int what); +bool check_defaults(int what, bool quiet); extern struct sudo_defs_types sudo_defs_table[]; diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index b6632f63b..55c57fdd5 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -500,10 +500,10 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) } fclose(yyin); if (!parse_error) { - if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER) || + if (!check_defaults(SETDEF_ALL, quiet) || check_aliases(strict, quiet) != 0) { parse_error = true; - errorfile = sp->path; + errorfile = NULL; } } @@ -527,10 +527,11 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) tq_foreach_fwd(&sudoerslist, sp) { if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) { edit_sudoers(sp, editor, args, errorlineno); - break; + if (errorfile != NULL) + break; } } - if (sp == NULL) { + if (errorfile != NULL && sp == NULL) { errorx(1, _("internal error, unable to find %s in list!"), sudoers); } @@ -825,9 +826,12 @@ check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms) parse_error = true; errorfile = sudoers_path; } - if (!parse_error && check_aliases(strict, quiet) != 0) { - parse_error = true; - errorfile = sudoers_path; + if (!parse_error) { + if (!check_defaults(SETDEF_ALL, quiet) || + check_aliases(strict, quiet) != 0) { + parse_error = true; + errorfile = NULL; + } } ok = !parse_error; -- 2.40.0