2 * Copyright (c) 1999-2001, 2003-2004 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 #include <sys/types.h>
24 #include <sys/param.h>
33 #endif /* STDC_HEADERS */
37 # ifdef HAVE_STRINGS_H
40 #endif /* HAVE_STRING_H */
43 #endif /* HAVE_UNISTD_H */
48 # include "emul/err.h"
49 #endif /* HAVE_ERR_H */
55 static const char rcsid[] = "$Sudo: defaults.c,v 1.48 2004/06/06 23:58:10 millert Exp $";
59 * For converting between syslog numbers and strings.
66 #ifdef LOG_NFACILITIES
67 static struct strmap facilities[] = {
69 { "authpriv", LOG_AUTHPRIV },
72 { "daemon", LOG_DAEMON },
74 { "local0", LOG_LOCAL0 },
75 { "local1", LOG_LOCAL1 },
76 { "local2", LOG_LOCAL2 },
77 { "local3", LOG_LOCAL3 },
78 { "local4", LOG_LOCAL4 },
79 { "local5", LOG_LOCAL5 },
80 { "local6", LOG_LOCAL6 },
81 { "local7", LOG_LOCAL7 },
84 #endif /* LOG_NFACILITIES */
86 static struct strmap priorities[] = {
87 { "alert", LOG_ALERT },
89 { "debug", LOG_DEBUG },
90 { "emerg", LOG_EMERG },
93 { "notice", LOG_NOTICE },
94 { "warning", LOG_WARNING },
98 extern int sudolineno;
103 static int store_int __P((char *, struct sudo_defs_types *, int));
104 static int store_list __P((char *, struct sudo_defs_types *, int));
105 static int store_mode __P((char *, struct sudo_defs_types *, int));
106 static int store_str __P((char *, struct sudo_defs_types *, int));
107 static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
108 static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
109 static int store_tuple __P((char *, struct sudo_defs_types *, int));
110 static int store_uint __P((char *, struct sudo_defs_types *, int));
111 static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops));
112 static const char *logfac2str __P((int));
113 static const char *logpri2str __P((int));
116 * Table describing compile-time and run-time options.
118 #include <def_data.c>
121 * Print version and configure info.
126 struct sudo_defs_types *cur;
127 struct list_member *item;
128 struct def_values *def;
130 for (cur = sudo_defs_table; cur->name; cur++) {
132 switch (cur->type & T_MASK) {
138 if (cur->sd_un.str) {
139 (void) printf(cur->desc, cur->sd_un.str);
144 if (cur->sd_un.ival) {
145 (void) printf(cur->desc, logfac2str(cur->sd_un.ival));
150 if (cur->sd_un.ival) {
151 (void) printf(cur->desc, logpri2str(cur->sd_un.ival));
157 (void) printf(cur->desc, cur->sd_un.ival);
161 (void) printf(cur->desc, cur->sd_un.mode);
165 if (cur->sd_un.list) {
167 for (item = cur->sd_un.list; item; item = item->next)
168 printf("\t%s\n", item->value);
172 for (def = cur->values; def->sval; def++) {
173 if (cur->sd_un.ival == def->ival) {
174 (void) printf(cur->desc, def->sval);
186 * List each option along with its description.
191 struct sudo_defs_types *cur;
194 (void) puts("Available options in a sudoers ``Defaults'' line:\n");
195 for (cur = sudo_defs_table; cur->name; cur++) {
196 if (cur->name && cur->desc) {
197 switch (cur->type & T_MASK) {
199 (void) printf("%s: %s\n", cur->name, cur->desc);
202 p = strrchr(cur->desc, ':');
204 (void) printf("%s: %.*s\n", cur->name,
205 (int) (p - cur->desc), cur->desc);
207 (void) printf("%s: %s\n", cur->name, cur->desc);
215 * Sets/clears an entry in the defaults structure
216 * If a variable that takes a value is used in a boolean
217 * context with op == 0, disable that variable.
218 * Eg. you may want to turn off logging to a file for some hosts.
219 * This is only meaningful for variables that are *optional*.
222 set_default(var, val, op)
225 int op; /* TRUE or FALSE */
227 struct sudo_defs_types *cur;
230 for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
231 if (strcmp(var, cur->name) == 0)
235 warnx("unknown defaults entry `%s' referenced near line %d",
240 switch (cur->type & T_MASK) {
242 if (!store_syslogfac(val, cur, op)) {
244 warnx("value `%s' is invalid for option `%s'", val, var);
246 warnx("no value specified for `%s' on line %d",
252 if (!store_syslogpri(val, cur, op)) {
254 warnx("value `%s' is invalid for option `%s'", val, var);
256 warnx("no value specified for `%s' on line %d",
263 /* Check for bogus boolean usage or lack of a value. */
264 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
265 warnx("no value specified for `%s' on line %d",
270 if (ISSET(cur->type, T_PATH) && val && *val != '/') {
271 warnx("values for `%s' must start with a '/'", var);
274 if (!store_str(val, cur, op)) {
275 warnx("value `%s' is invalid for option `%s'", val, var);
281 /* Check for bogus boolean usage or lack of a value. */
282 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
283 warnx("no value specified for `%s' on line %d",
288 if (!store_int(val, cur, op)) {
289 warnx("value `%s' is invalid for option `%s'", val, var);
295 /* Check for bogus boolean usage or lack of a value. */
296 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
297 warnx("no value specified for `%s' on line %d",
302 if (!store_uint(val, cur, op)) {
303 warnx("value `%s' is invalid for option `%s'", val, var);
309 /* Check for bogus boolean usage or lack of a value. */
310 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
311 warnx("no value specified for `%s' on line %d",
316 if (!store_mode(val, cur, op)) {
317 warnx("value `%s' is invalid for option `%s'", val, var);
323 warnx("option `%s' does not take a value on line %d",
327 cur->sd_un.flag = op;
329 /* Special action for I_FQDN. Move to own switch if we get more */
330 if (num == I_FQDN && op)
335 /* Check for bogus boolean usage or lack of a value. */
336 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
337 warnx("no value specified for `%s' on line %d",
342 if (!store_list(val, cur, op)) {
343 warnx("value `%s' is invalid for option `%s'", val, var);
348 if (!val && !ISSET(cur->type, T_BOOL)) {
349 warnx("no value specified for `%s' on line %d",
353 if (!store_tuple(val, cur, op)) {
354 warnx("value `%s' is invalid for option `%s'", val, var);
364 * Set default options to compiled-in values.
365 * Any of these may be overridden at runtime by a "Defaults" file.
370 static int firsttime = 1;
371 struct sudo_defs_types *def;
373 /* Free any strings that were set. */
375 for (def = sudo_defs_table; def->name; def++)
376 switch (def->type & T_MASK) {
378 if (def->sd_un.str) {
379 free(def->sd_un.str);
380 def->sd_un.str = NULL;
384 list_op(NULL, 0, def, freeall);
389 /* First initialize the flags. */
390 #ifdef LONG_OTP_PROMPT
391 def_long_otp_prompt = TRUE;
393 #ifdef IGNORE_DOT_PATH
394 def_ignore_dot = TRUE;
396 #ifdef ALWAYS_SEND_MAIL
397 def_mail_always = TRUE;
399 #ifdef SEND_MAIL_WHEN_NO_USER
400 def_mail_no_user = TRUE;
402 #ifdef SEND_MAIL_WHEN_NO_HOST
403 def_mail_no_host = TRUE;
405 #ifdef SEND_MAIL_WHEN_NOT_OK
406 def_mail_no_perms = TRUE;
408 #ifdef USE_TTY_TICKETS
409 def_tty_tickets = TRUE;
414 #ifndef NO_AUTHENTICATION
415 def_authenticate = TRUE;
418 def_root_sudo = TRUE;
423 #ifdef SHELL_IF_NO_ARGS
424 def_shell_noargs = TRUE;
426 #ifdef SHELL_SETS_HOME
429 #ifndef DONT_LEAK_PATH_INFO
430 def_path_info = TRUE;
439 def_env_editor = TRUE;
441 def_set_logname = TRUE;
443 /* Syslog options need special care since they both strings and ints */
444 #if (LOGGING & SLOG_SYSLOG)
445 (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
446 (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
448 (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
452 /* Password flags also have a string and integer component. */
453 (void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
454 (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
456 /* Then initialize the int-like things. */
458 def_umask = SUDO_UMASK;
462 def_loglinelen = MAXLOGFILELEN;
463 def_timestamp_timeout = TIMEOUT;
464 def_passwd_timeout = PASSWORD_TIMEOUT;
465 def_passwd_tries = TRIES_FOR_PASSWORD;
467 /* Now do the strings */
468 def_mailto = estrdup(MAILTO);
469 def_mailsub = estrdup(MAILSUBJECT);
470 def_badpass_message = estrdup(INCORRECT_PASSWORD);
471 def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
472 def_passprompt = estrdup(PASSPROMPT);
473 def_runas_default = estrdup(RUNAS_DEFAULT);
474 #ifdef _PATH_SUDO_SENDMAIL
475 def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
476 def_mailerflags = estrdup("-t");
478 #if (LOGGING & SLOG_FILE)
479 def_logfile = estrdup(_PATH_SUDO_LOGFILE);
482 def_exempt_group = estrdup(EXEMPTGROUP);
484 def_editor = estrdup(EDITOR);
485 #ifdef _PATH_SUDO_NOEXEC
486 def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
489 /* Finally do the lists (currently just environment tables). */
493 * The following depend on the above values.
494 * We use a pointer to the string so that if its
495 * value changes we get the change.
497 if (user_runas == NULL)
498 user_runas = &def_runas_default;
504 store_int(val, def, op)
506 struct sudo_defs_types *def;
515 l = strtol(val, &endp, 10);
518 /* XXX - should check against INT_MAX */
519 def->sd_un.ival = (unsigned int)l;
522 return(def->callback(val));
527 store_uint(val, def, op)
529 struct sudo_defs_types *def;
538 l = strtol(val, &endp, 10);
539 if (*endp != '\0' || l < 0)
541 /* XXX - should check against INT_MAX */
542 def->sd_un.ival = (unsigned int)l;
545 return(def->callback(val));
550 store_tuple(val, def, op)
552 struct sudo_defs_types *def;
555 struct def_values *v;
558 * Since enums are really just ints we store the value as an ival.
559 * In the future, there may be multiple enums for different tuple
560 * types we want to avoid and special knowledge of the tuple type.
561 * This does assume that the first entry in the tuple enum will
562 * be the equivalent to a boolean "false".
565 def->sd_un.ival = (op == FALSE) ? 0 : 1;
567 for (v = def->values; v->sval != NULL; v++) {
568 if (strcmp(v->sval, val) == 0) {
569 def->sd_un.ival = v->ival;
577 return(def->callback(val));
582 store_str(val, def, op)
584 struct sudo_defs_types *def;
589 free(def->sd_un.str);
591 def->sd_un.str = NULL;
593 def->sd_un.str = estrdup(val);
595 return(def->callback(val));
600 store_list(str, def, op)
602 struct sudo_defs_types *def;
607 /* Remove all old members. */
608 if (op == FALSE || op == TRUE)
609 list_op(NULL, 0, def, freeall);
611 /* Split str into multiple space-separated words and act on each one. */
615 /* Remove leading blanks, if nothing but blanks we are done. */
616 for (start = end; isblank(*start); start++)
621 /* Find end position and perform operation. */
622 for (end = start; *end && !isblank(*end); end++)
624 list_op(start, end - start, def, op == '-' ? delete : add);
625 } while (*end++ != '\0');
631 store_syslogfac(val, def, op)
633 struct sudo_defs_types *def;
639 def->sd_un.ival = FALSE;
642 #ifdef LOG_NFACILITIES
645 for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
647 if (fac->name == NULL)
648 return(FALSE); /* not found */
650 def->sd_un.ival = fac->num;
652 def->sd_un.ival = -1;
653 #endif /* LOG_NFACILITIES */
661 #ifdef LOG_NFACILITIES
664 for (fac = facilities; fac->name && fac->num != n; fac++)
669 #endif /* LOG_NFACILITIES */
673 store_syslogpri(val, def, op)
675 struct sudo_defs_types *def;
680 if (op == FALSE || !val)
683 for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
685 if (pri->name == NULL)
686 return(FALSE); /* not found */
688 def->sd_un.ival = pri->num;
698 for (pri = priorities; pri->name && pri->num != n; pri++)
704 store_mode(val, def, op)
706 struct sudo_defs_types *def;
713 def->sd_un.mode = (mode_t)0777;
715 l = strtol(val, &endp, 8);
716 if (*endp != '\0' || l < 0 || l > 0777)
718 def->sd_un.mode = (mode_t)l;
721 return(def->callback(val));
726 list_op(val, len, def, op)
729 struct sudo_defs_types *def;
732 struct list_member *cur, *prev, *tmp;
735 for (cur = def->sd_un.list; cur; ) {
741 def->sd_un.list = NULL;
745 for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
746 if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
749 return; /* already exists */
753 prev->next = cur->next;
755 def->sd_un.list = cur->next;
762 /* Add new node to the head of the list. */
764 cur = emalloc(sizeof(struct list_member));
765 cur->value = emalloc(len + 1);
766 (void) memcpy(cur->value, val, len);
767 cur->value[len] = '\0';
768 cur->next = def->sd_un.list;
769 def->sd_un.list = cur;
projects / debian / sudo / blob