|
|
From 93cef1efac4e2b4930c23cdc35c0b916365ccabc Mon Sep 17 00:00:00 2001 |
|
|
From: Tomas Sykora <tosykora@redhat.com> |
|
|
Date: Tue, 21 Feb 2017 14:56:24 +0100 |
|
|
Subject: [PATCH] Add ignore_unknown_defaults flag to ignore unknown Defaults |
|
|
entries in sudoers instead of producing a warning. |
|
|
|
|
|
Patch: sudo-1.8.19p2-ignore-unknown-defaults.patch |
|
|
Resolves: |
|
|
rhbz#1413160 |
|
|
--- |
|
|
doc/sudoers.cat | 6 ++++++ |
|
|
doc/sudoers.man.in | 11 +++++++++++ |
|
|
doc/sudoers.mdoc.in | 10 ++++++++++ |
|
|
plugins/sudoers/def_data.c | 4 ++++ |
|
|
plugins/sudoers/def_data.h | 2 ++ |
|
|
plugins/sudoers/def_data.in | 3 +++ |
|
|
plugins/sudoers/defaults.c | 3 ++- |
|
|
7 files changed, 38 insertions(+), 1 deletion(-) |
|
|
|
|
|
diff --git a/doc/sudoers.cat b/doc/sudoers.cat |
|
|
index 76dbf28..50cf78a 100644 |
|
|
--- a/doc/sudoers.cat |
|
|
+++ b/doc/sudoers.cat |
|
|
@@ -1071,6 +1071,12 @@ S�SU�UD�DO�OE�ER�RS�S O�OP�PT�TI�IO�ON�NS�S |
|
|
meaningful for the cn=defaults section. This flag is |
|
|
_�o_�f_�f by default. |
|
|
|
|
|
+ ignore_unknown_defaults |
|
|
+ If set, s�su�ud�do�o will not produce a warning if it |
|
|
+ encounters an unknown Defaults entry in the _^Hs_^Hu_^Hd_^Ho_^He_^Hr_^Hs |
|
|
+ file or an unknown sudoOption in LDAP. This flag is |
|
|
+ _�o_�f_�f by default. |
|
|
+ |
|
|
insults If set, s�su�ud�do�o will insult users when they enter an |
|
|
incorrect password. This flag is _�o_�f_�f by default. |
|
|
|
|
|
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in |
|
|
index 8673da0..4be3760 100644 |
|
|
--- a/doc/sudoers.man.in |
|
|
+++ b/doc/sudoers.man.in |
|
|
@@ -2266,6 +2266,17 @@ This flag is |
|
|
\fIoff\fR |
|
|
by default. |
|
|
.TP 18n |
|
|
+ignore_unknown_defaults |
|
|
+If set, |
|
|
+\fBsudo\fR |
|
|
+will not produce a warning if it encounters an unknown Defaults entry |
|
|
+in the |
|
|
+\fIsudoers\fR |
|
|
+file or an unknown sudoOption in LDAP. |
|
|
+This flag is |
|
|
+\fIoff\fR |
|
|
+by default. |
|
|
+.TP 18n |
|
|
insults |
|
|
If set, |
|
|
\fBsudo\fR |
|
|
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in |
|
|
index 74b6f01..f3fe5e6 100644 |
|
|
--- a/doc/sudoers.mdoc.in |
|
|
+++ b/doc/sudoers.mdoc.in |
|
|
@@ -2124,6 +2124,16 @@ section. |
|
|
This flag is |
|
|
.Em off |
|
|
by default. |
|
|
+.It ignore_unknown_defaults |
|
|
+If set, |
|
|
+.Nm sudo |
|
|
+will not produce a warning if it encounters an unknown Defaults entry |
|
|
+in the |
|
|
+.Em sudoers |
|
|
+file or an unknown sudoOption in LDAP. |
|
|
+This flag is |
|
|
+.Em off |
|
|
+by default. |
|
|
.It insults |
|
|
If set, |
|
|
.Nm sudo |
|
|
diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c |
|
|
index 3926fed..3d787c2 100644 |
|
|
--- a/plugins/sudoers/def_data.c |
|
|
+++ b/plugins/sudoers/def_data.c |
|
|
@@ -443,6 +443,10 @@ struct sudo_defs_types sudo_defs_table[] = { |
|
|
N_("Don't pre-resolve all group names"), |
|
|
NULL, |
|
|
}, { |
|
|
+ "ignore_unknown_defaults", T_FLAG, |
|
|
+ N_("Ignore unknown Defaults entries in sudoers instead of producing a warning"), |
|
|
+ NULL, |
|
|
+ }, { |
|
|
NULL, 0, NULL |
|
|
} |
|
|
}; |
|
|
diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h |
|
|
index b5e61b4..f5773a3 100644 |
|
|
--- a/plugins/sudoers/def_data.h |
|
|
+++ b/plugins/sudoers/def_data.h |
|
|
@@ -208,6 +208,8 @@ |
|
|
#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag) |
|
|
#define I_LEGACY_GROUP_PROCESSING 104 |
|
|
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag) |
|
|
+#define I_IGNORE_UNKNOWN_DEFAULTS 105 |
|
|
+#define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag) |
|
|
|
|
|
enum def_tuple { |
|
|
never, |
|
|
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in |
|
|
index f1c9265..8f63d70 100644 |
|
|
--- a/plugins/sudoers/def_data.in |
|
|
+++ b/plugins/sudoers/def_data.in |
|
|
@@ -328,3 +328,6 @@ cmnd_no_wait |
|
|
legacy_group_processing |
|
|
T_FLAG |
|
|
"Don't pre-resolve all group names" |
|
|
+ignore_unknown_defaults |
|
|
+ T_FLAG |
|
|
+ "Ignore unknown Defaults entries in sudoers instead of producing a warning" |
|
|
diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c |
|
|
index 9e60d94..5f93f80 100644 |
|
|
--- a/plugins/sudoers/defaults.c |
|
|
+++ b/plugins/sudoers/defaults.c |
|
|
@@ -79,6 +79,7 @@ static struct strmap priorities[] = { |
|
|
}; |
|
|
|
|
|
static struct early_default early_defaults[] = { |
|
|
+ { I_IGNORE_UNKNOWN_DEFAULTS }, |
|
|
#ifdef FQDN |
|
|
{ I_FQDN, true }, |
|
|
#else |
|
|
@@ -206,7 +207,7 @@ find_default(const char *name, const char *file, int lineno, bool quiet) |
|
|
if (strcmp(name, sudo_defs_table[i].name) == 0) |
|
|
debug_return_int(i); |
|
|
} |
|
|
- if (!quiet) { |
|
|
+ if (!quiet && !def_ignore_unknown_defaults) { |
|
|
if (lineno > 0) { |
|
|
sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""), |
|
|
file, lineno, name); |
|
|
-- |
|
|
2.7.4 |
|
|
|
|
|
|
