powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
base/SOURCES/sudo-1.8.19p2-ignore-unknow...

143 lines
4.5 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

From 93cef1efac4e2b4930c23cdc35c0b916365ccabc Mon Sep 17 00:00:00 2001
From: Tomas Sykora <tosykora@redhat.com>
Date: Tue, 21 Feb 2017 14:56:24 +0100
Subject: [PATCH] Add ignore_unknown_defaults flag to ignore unknown Defaults
entries in sudoers instead of producing a warning.
Patch: sudo-1.8.19p2-ignore-unknown-defaults.patch
Resolves:
rhbz#1413160
---
doc/sudoers.cat | 6 ++++++
doc/sudoers.man.in | 11 +++++++++++
doc/sudoers.mdoc.in | 10 ++++++++++
plugins/sudoers/def_data.c | 4 ++++
plugins/sudoers/def_data.h | 2 ++
plugins/sudoers/def_data.in | 3 +++
plugins/sudoers/defaults.c | 3 ++-
7 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/doc/sudoers.cat b/doc/sudoers.cat
index 76dbf28..50cf78a 100644
--- a/doc/sudoers.cat
+++ b/doc/sudoers.cat
@@ -1071,6 +1071,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
meaningful for the cn=defaults section. This flag is
_o_f_f by default.
+ ignore_unknown_defaults
+ If set, ssuuddoo will not produce a warning if it
+ encounters an unknown Defaults entry in the _^Hs_^Hu_^Hd_^Ho_^He_^Hr_^Hs
+ file or an unknown sudoOption in LDAP. This flag is
+ _o_f_f by default.
+
insults If set, ssuuddoo will insult users when they enter an
incorrect password. This flag is _o_f_f by default.
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
index 8673da0..4be3760 100644
--- a/doc/sudoers.man.in
+++ b/doc/sudoers.man.in
@@ -2266,6 +2266,17 @@ This flag is
\fIoff\fR
by default.
.TP 18n
+ignore_unknown_defaults
+If set,
+\fBsudo\fR
+will not produce a warning if it encounters an unknown Defaults entry
+in the
+\fIsudoers\fR
+file or an unknown sudoOption in LDAP.
+This flag is
+\fIoff\fR
+by default.
+.TP 18n
insults
If set,
\fBsudo\fR
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
index 74b6f01..f3fe5e6 100644
--- a/doc/sudoers.mdoc.in
+++ b/doc/sudoers.mdoc.in
@@ -2124,6 +2124,16 @@ section.
This flag is
.Em off
by default.
+.It ignore_unknown_defaults
+If set,
+.Nm sudo
+will not produce a warning if it encounters an unknown Defaults entry
+in the
+.Em sudoers
+file or an unknown sudoOption in LDAP.
+This flag is
+.Em off
+by default.
.It insults
If set,
.Nm sudo
diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
index 3926fed..3d787c2 100644
--- a/plugins/sudoers/def_data.c
+++ b/plugins/sudoers/def_data.c
@@ -443,6 +443,10 @@ struct sudo_defs_types sudo_defs_table[] = {
N_("Don't pre-resolve all group names"),
NULL,
}, {
+ "ignore_unknown_defaults", T_FLAG,
+ N_("Ignore unknown Defaults entries in sudoers instead of producing a warning"),
+ NULL,
+ }, {
NULL, 0, NULL
}
};
diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
index b5e61b4..f5773a3 100644
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -208,6 +208,8 @@
#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
#define I_LEGACY_GROUP_PROCESSING 104
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
+#define I_IGNORE_UNKNOWN_DEFAULTS 105
+#define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag)
enum def_tuple {
never,
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
index f1c9265..8f63d70 100644
--- a/plugins/sudoers/def_data.in
+++ b/plugins/sudoers/def_data.in
@@ -328,3 +328,6 @@ cmnd_no_wait
legacy_group_processing
T_FLAG
"Don't pre-resolve all group names"
+ignore_unknown_defaults
+ T_FLAG
+ "Ignore unknown Defaults entries in sudoers instead of producing a warning"
diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
index 9e60d94..5f93f80 100644
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -79,6 +79,7 @@ static struct strmap priorities[] = {
};
static struct early_default early_defaults[] = {
+ { I_IGNORE_UNKNOWN_DEFAULTS },
#ifdef FQDN
{ I_FQDN, true },
#else
@@ -206,7 +207,7 @@ find_default(const char *name, const char *file, int lineno, bool quiet)
if (strcmp(name, sudo_defs_table[i].name) == 0)
debug_return_int(i);
}
- if (!quiet) {
+ if (!quiet && !def_ignore_unknown_defaults) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""),
file, lineno, name);
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink