2 * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 #include <sys/types.h>
24 #include <sys/param.h>
33 #endif /* STDC_HEADERS */
37 # ifdef HAVE_STRINGS_H
40 #endif /* HAVE_STRING_H */
43 #endif /* HAVE_UNISTD_H */
48 # include "emul/err.h"
49 #endif /* HAVE_ERR_H */
55 __unused static const char rcsid[] = "$Sudo: defaults.c,v 1.48.2.5 2007/06/18 15:51:35 millert Exp $";
59 * For converting between syslog numbers and strings.
66 #ifdef LOG_NFACILITIES
67 static struct strmap facilities[] = {
69 { "authpriv", LOG_AUTHPRIV },
72 { "daemon", LOG_DAEMON },
74 { "local0", LOG_LOCAL0 },
75 { "local1", LOG_LOCAL1 },
76 { "local2", LOG_LOCAL2 },
77 { "local3", LOG_LOCAL3 },
78 { "local4", LOG_LOCAL4 },
79 { "local5", LOG_LOCAL5 },
80 { "local6", LOG_LOCAL6 },
81 { "local7", LOG_LOCAL7 },
84 #endif /* LOG_NFACILITIES */
86 static struct strmap priorities[] = {
87 { "alert", LOG_ALERT },
89 { "debug", LOG_DEBUG },
90 { "emerg", LOG_EMERG },
93 { "notice", LOG_NOTICE },
94 { "warning", LOG_WARNING },
98 extern int sudolineno;
103 static int store_int __P((char *, struct sudo_defs_types *, int));
104 static int store_list __P((char *, struct sudo_defs_types *, int));
105 static int store_mode __P((char *, struct sudo_defs_types *, int));
106 static int store_str __P((char *, struct sudo_defs_types *, int));
107 static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
108 static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
109 static int store_tuple __P((char *, struct sudo_defs_types *, int));
110 static int store_uint __P((char *, struct sudo_defs_types *, int));
111 static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops));
112 static const char *logfac2str __P((int));
113 static const char *logpri2str __P((int));
116 * Table describing compile-time and run-time options.
118 #include <def_data.c>
121 * Print version and configure info.
126 struct sudo_defs_types *cur;
127 struct list_member *item;
128 struct def_values *def;
130 for (cur = sudo_defs_table; cur->name; cur++) {
132 switch (cur->type & T_MASK) {
138 if (cur->sd_un.str) {
139 (void) printf(cur->desc, cur->sd_un.str);
144 if (cur->sd_un.ival) {
145 (void) printf(cur->desc, logfac2str(cur->sd_un.ival));
150 if (cur->sd_un.ival) {
151 (void) printf(cur->desc, logpri2str(cur->sd_un.ival));
157 (void) printf(cur->desc, cur->sd_un.ival);
161 (void) printf(cur->desc, cur->sd_un.mode);
165 if (cur->sd_un.list) {
167 for (item = cur->sd_un.list; item; item = item->next)
168 printf("\t%s\n", item->value);
172 for (def = cur->values; def->sval; def++) {
173 if (cur->sd_un.ival == def->ival) {
174 (void) printf(cur->desc, def->sval);
186 * List each option along with its description.
191 struct sudo_defs_types *cur;
194 (void) puts("Available options in a sudoers ``Defaults'' line:\n");
195 for (cur = sudo_defs_table; cur->name; cur++) {
196 if (cur->name && cur->desc) {
197 switch (cur->type & T_MASK) {
199 (void) printf("%s: %s\n", cur->name, cur->desc);
202 p = strrchr(cur->desc, ':');
204 (void) printf("%s: %.*s\n", cur->name,
205 (int) (p - cur->desc), cur->desc);
207 (void) printf("%s: %s\n", cur->name, cur->desc);
215 * Sets/clears an entry in the defaults structure
216 * If a variable that takes a value is used in a boolean
217 * context with op == 0, disable that variable.
218 * Eg. you may want to turn off logging to a file for some hosts.
219 * This is only meaningful for variables that are *optional*.
222 set_default(var, val, op)
225 int op; /* TRUE or FALSE */
227 struct sudo_defs_types *cur;
230 for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
231 if (strcmp(var, cur->name) == 0)
235 warnx("unknown defaults entry `%s' referenced near line %d",
240 switch (cur->type & T_MASK) {
242 if (!store_syslogfac(val, cur, op)) {
244 warnx("value `%s' is invalid for option `%s'", val, var);
246 warnx("no value specified for `%s' on line %d",
252 if (!store_syslogpri(val, cur, op)) {
254 warnx("value `%s' is invalid for option `%s'", val, var);
256 warnx("no value specified for `%s' on line %d",
263 /* Check for bogus boolean usage or lack of a value. */
264 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
265 warnx("no value specified for `%s' on line %d",
270 if (ISSET(cur->type, T_PATH) && val && *val != '/') {
271 warnx("values for `%s' must start with a '/'", var);
274 if (!store_str(val, cur, op)) {
275 warnx("value `%s' is invalid for option `%s'", val, var);
281 /* Check for bogus boolean usage or lack of a value. */
282 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
283 warnx("no value specified for `%s' on line %d",
288 if (!store_int(val, cur, op)) {
289 warnx("value `%s' is invalid for option `%s'", val, var);
295 /* Check for bogus boolean usage or lack of a value. */
296 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
297 warnx("no value specified for `%s' on line %d",
302 if (!store_uint(val, cur, op)) {
303 warnx("value `%s' is invalid for option `%s'", val, var);
309 /* Check for bogus boolean usage or lack of a value. */
310 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
311 warnx("no value specified for `%s' on line %d",
316 if (!store_mode(val, cur, op)) {
317 warnx("value `%s' is invalid for option `%s'", val, var);
323 warnx("option `%s' does not take a value on line %d",
327 cur->sd_un.flag = op;
329 /* Special action for I_FQDN. Move to own switch if we get more */
330 if (num == I_FQDN && op)
335 /* Check for bogus boolean usage or lack of a value. */
336 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
337 warnx("no value specified for `%s' on line %d",
342 if (!store_list(val, cur, op)) {
343 warnx("value `%s' is invalid for option `%s'", val, var);
348 if (!val && !ISSET(cur->type, T_BOOL)) {
349 warnx("no value specified for `%s' on line %d",
353 if (!store_tuple(val, cur, op)) {
354 warnx("value `%s' is invalid for option `%s'", val, var);
364 * Set default options to compiled-in values.
365 * Any of these may be overridden at runtime by a "Defaults" file.
370 static int firsttime = 1;
371 struct sudo_defs_types *def;
373 /* Free any strings that were set. */
375 for (def = sudo_defs_table; def->name; def++)
376 switch (def->type & T_MASK) {
378 efree(def->sd_un.str);
379 def->sd_un.str = NULL;
382 list_op(NULL, 0, def, freeall);
387 /* First initialize the flags. */
388 #ifdef LONG_OTP_PROMPT
389 def_long_otp_prompt = TRUE;
391 #ifdef IGNORE_DOT_PATH
392 def_ignore_dot = TRUE;
394 #ifdef ALWAYS_SEND_MAIL
395 def_mail_always = TRUE;
397 #ifdef SEND_MAIL_WHEN_NO_USER
398 def_mail_no_user = TRUE;
400 #ifdef SEND_MAIL_WHEN_NO_HOST
401 def_mail_no_host = TRUE;
403 #ifdef SEND_MAIL_WHEN_NOT_OK
404 def_mail_no_perms = TRUE;
406 #ifdef USE_TTY_TICKETS
407 def_tty_tickets = TRUE;
412 #ifndef NO_AUTHENTICATION
413 def_authenticate = TRUE;
416 def_root_sudo = TRUE;
421 #ifdef SHELL_IF_NO_ARGS
422 def_shell_noargs = TRUE;
424 #ifdef SHELL_SETS_HOME
427 #ifndef DONT_LEAK_PATH_INFO
428 def_path_info = TRUE;
437 def_env_editor = TRUE;
439 def_env_reset = TRUE;
440 def_set_logname = TRUE;
442 /* Syslog options need special care since they both strings and ints */
443 #if (LOGGING & SLOG_SYSLOG)
444 (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
445 (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
447 (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
451 /* Password flags also have a string and integer component. */
452 (void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
453 (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
455 /* Then initialize the int-like things. */
457 def_umask = SUDO_UMASK;
461 def_loglinelen = MAXLOGFILELEN;
462 def_timestamp_timeout = TIMEOUT;
463 def_passwd_timeout = PASSWORD_TIMEOUT;
464 def_passwd_tries = TRIES_FOR_PASSWORD;
466 /* Now do the strings */
467 def_mailto = estrdup(MAILTO);
468 def_mailsub = estrdup(MAILSUBJECT);
469 def_badpass_message = estrdup(INCORRECT_PASSWORD);
470 def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
471 def_passprompt = estrdup(PASSPROMPT);
472 def_runas_default = estrdup(RUNAS_DEFAULT);
473 #ifdef _PATH_SUDO_SENDMAIL
474 def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
475 def_mailerflags = estrdup("-t");
477 #if (LOGGING & SLOG_FILE)
478 def_logfile = estrdup(_PATH_SUDO_LOGFILE);
481 def_exempt_group = estrdup(EXEMPTGROUP);
483 def_editor = estrdup(EDITOR);
484 #ifdef _PATH_SUDO_NOEXEC
485 def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
488 /* Finally do the lists (currently just environment tables). */
492 * The following depend on the above values.
493 * We use a pointer to the string so that if its
494 * value changes we get the change.
496 if (user_runas == NULL)
497 user_runas = &def_runas_default;
503 store_int(val, def, op)
505 struct sudo_defs_types *def;
514 l = strtol(val, &endp, 10);
517 /* XXX - should check against INT_MAX */
518 def->sd_un.ival = (unsigned int)l;
521 return(def->callback(val));
526 store_uint(val, def, op)
528 struct sudo_defs_types *def;
537 l = strtol(val, &endp, 10);
538 if (*endp != '\0' || l < 0)
540 /* XXX - should check against INT_MAX */
541 def->sd_un.ival = (unsigned int)l;
544 return(def->callback(val));
549 store_tuple(val, def, op)
551 struct sudo_defs_types *def;
554 struct def_values *v;
557 * Since enums are really just ints we store the value as an ival.
558 * In the future, there may be multiple enums for different tuple
559 * types we want to avoid and special knowledge of the tuple type.
560 * This does assume that the first entry in the tuple enum will
561 * be the equivalent to a boolean "false".
564 def->sd_un.ival = (op == FALSE) ? 0 : 1;
566 for (v = def->values; v->sval != NULL; v++) {
567 if (strcmp(v->sval, val) == 0) {
568 def->sd_un.ival = v->ival;
576 return(def->callback(val));
581 store_str(val, def, op)
583 struct sudo_defs_types *def;
587 efree(def->sd_un.str);
589 def->sd_un.str = NULL;
591 def->sd_un.str = estrdup(val);
593 return(def->callback(val));
598 store_list(str, def, op)
600 struct sudo_defs_types *def;
605 /* Remove all old members. */
606 if (op == FALSE || op == TRUE)
607 list_op(NULL, 0, def, freeall);
609 /* Split str into multiple space-separated words and act on each one. */
613 /* Remove leading blanks, if nothing but blanks we are done. */
614 for (start = end; isblank(*start); start++)
619 /* Find end position and perform operation. */
620 for (end = start; *end && !isblank(*end); end++)
622 list_op(start, end - start, def, op == '-' ? delete : add);
623 } while (*end++ != '\0');
629 store_syslogfac(val, def, op)
631 struct sudo_defs_types *def;
637 def->sd_un.ival = FALSE;
640 #ifdef LOG_NFACILITIES
643 for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
645 if (fac->name == NULL)
646 return(FALSE); /* not found */
648 def->sd_un.ival = fac->num;
650 def->sd_un.ival = -1;
651 #endif /* LOG_NFACILITIES */
659 #ifdef LOG_NFACILITIES
662 for (fac = facilities; fac->name && fac->num != n; fac++)
667 #endif /* LOG_NFACILITIES */
671 store_syslogpri(val, def, op)
673 struct sudo_defs_types *def;
678 if (op == FALSE || !val)
681 for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
683 if (pri->name == NULL)
684 return(FALSE); /* not found */
686 def->sd_un.ival = pri->num;
696 for (pri = priorities; pri->name && pri->num != n; pri++)
702 store_mode(val, def, op)
704 struct sudo_defs_types *def;
711 def->sd_un.mode = (mode_t)0777;
713 l = strtol(val, &endp, 8);
714 if (*endp != '\0' || l < 0 || l > 0777)
716 def->sd_un.mode = (mode_t)l;
719 return(def->callback(val));
724 list_op(val, len, def, op)
727 struct sudo_defs_types *def;
730 struct list_member *cur, *prev, *tmp;
733 for (cur = def->sd_un.list; cur; ) {
739 def->sd_un.list = NULL;
743 for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
744 if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
747 return; /* already exists */
751 prev->next = cur->next;
753 def->sd_un.list = cur->next;
760 /* Add new node to the head of the list. */
762 cur = emalloc(sizeof(struct list_member));
763 cur->value = emalloc(len + 1);
764 (void) memcpy(cur->value, val, len);
765 cur->value[len] = '\0';
766 cur->next = def->sd_un.list;
767 def->sd_un.list = cur;
projects / debian / sudo / blob