2 * Copyright (c) 1999-2005, 2007-2008
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
24 #include <sys/types.h>
25 #include <sys/param.h>
34 #endif /* STDC_HEADERS */
38 # ifdef HAVE_STRINGS_H
41 #endif /* HAVE_STRING_H */
44 #endif /* HAVE_UNISTD_H */
53 __unused static const char rcsid[] = "$Sudo: defaults.c,v 1.73 2008/11/09 14:13:12 millert Exp $";
57 * For converting between syslog numbers and strings.
64 #ifdef LOG_NFACILITIES
65 static struct strmap facilities[] = {
67 { "authpriv", LOG_AUTHPRIV },
70 { "daemon", LOG_DAEMON },
72 { "local0", LOG_LOCAL0 },
73 { "local1", LOG_LOCAL1 },
74 { "local2", LOG_LOCAL2 },
75 { "local3", LOG_LOCAL3 },
76 { "local4", LOG_LOCAL4 },
77 { "local5", LOG_LOCAL5 },
78 { "local6", LOG_LOCAL6 },
79 { "local7", LOG_LOCAL7 },
82 #endif /* LOG_NFACILITIES */
84 static struct strmap priorities[] = {
85 { "alert", LOG_ALERT },
87 { "debug", LOG_DEBUG },
88 { "emerg", LOG_EMERG },
91 { "notice", LOG_NOTICE },
92 { "warning", LOG_WARNING },
99 static int store_int __P((char *, struct sudo_defs_types *, int));
100 static int store_list __P((char *, struct sudo_defs_types *, int));
101 static int store_mode __P((char *, struct sudo_defs_types *, int));
102 static int store_str __P((char *, struct sudo_defs_types *, int));
103 static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
104 static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
105 static int store_tuple __P((char *, struct sudo_defs_types *, int));
106 static int store_uint __P((char *, struct sudo_defs_types *, int));
107 static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops));
108 static const char *logfac2str __P((int));
109 static const char *logpri2str __P((int));
112 * Table describing compile-time and run-time options.
114 #include <def_data.c>
117 * Print version and configure info.
122 struct sudo_defs_types *cur;
123 struct list_member *item;
124 struct def_values *def;
126 for (cur = sudo_defs_table; cur->name; cur++) {
128 switch (cur->type & T_MASK) {
134 if (cur->sd_un.str) {
135 (void) printf(cur->desc, cur->sd_un.str);
140 if (cur->sd_un.ival) {
141 (void) printf(cur->desc, logfac2str(cur->sd_un.ival));
146 if (cur->sd_un.ival) {
147 (void) printf(cur->desc, logpri2str(cur->sd_un.ival));
153 (void) printf(cur->desc, cur->sd_un.ival);
157 (void) printf(cur->desc, cur->sd_un.mode);
161 if (cur->sd_un.list) {
163 for (item = cur->sd_un.list; item; item = item->next)
164 printf("\t%s\n", item->value);
168 for (def = cur->values; def->sval; def++) {
169 if (cur->sd_un.ival == def->ival) {
170 (void) printf(cur->desc, def->sval);
182 * List each option along with its description.
187 struct sudo_defs_types *cur;
190 (void) puts("Available options in a sudoers ``Defaults'' line:\n");
191 for (cur = sudo_defs_table; cur->name; cur++) {
192 if (cur->name && cur->desc) {
193 switch (cur->type & T_MASK) {
195 (void) printf("%s: %s\n", cur->name, cur->desc);
198 p = strrchr(cur->desc, ':');
200 (void) printf("%s: %.*s\n", cur->name,
201 (int) (p - cur->desc), cur->desc);
203 (void) printf("%s: %s\n", cur->name, cur->desc);
211 * Sets/clears an entry in the defaults structure
212 * If a variable that takes a value is used in a boolean
213 * context with op == 0, disable that variable.
214 * Eg. you may want to turn off logging to a file for some hosts.
215 * This is only meaningful for variables that are *optional*.
218 set_default(var, val, op)
221 int op; /* TRUE or FALSE */
223 struct sudo_defs_types *cur;
226 for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
227 if (strcmp(var, cur->name) == 0)
231 warningx("unknown defaults entry `%s'", var);
235 switch (cur->type & T_MASK) {
237 if (!store_syslogfac(val, cur, op)) {
239 warningx("value `%s' is invalid for option `%s'", val, var);
241 warningx("no value specified for `%s'", var);
246 if (!store_syslogpri(val, cur, op)) {
248 warningx("value `%s' is invalid for option `%s'", val, var);
250 warningx("no value specified for `%s'", var);
256 /* Check for bogus boolean usage or lack of a value. */
257 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
258 warningx("no value specified for `%s'", var);
262 if (ISSET(cur->type, T_PATH) && val && *val != '/') {
263 warningx("values for `%s' must start with a '/'", var);
266 if (!store_str(val, cur, op)) {
267 warningx("value `%s' is invalid for option `%s'", val, var);
273 /* Check for bogus boolean usage or lack of a value. */
274 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
275 warningx("no value specified for `%s'", var);
279 if (!store_int(val, cur, op)) {
280 warningx("value `%s' is invalid for option `%s'", val, var);
286 /* Check for bogus boolean usage or lack of a value. */
287 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
288 warningx("no value specified for `%s'", var);
292 if (!store_uint(val, cur, op)) {
293 warningx("value `%s' is invalid for option `%s'", val, var);
299 /* Check for bogus boolean usage or lack of a value. */
300 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
301 warningx("no value specified for `%s'", var);
305 if (!store_mode(val, cur, op)) {
306 warningx("value `%s' is invalid for option `%s'", val, var);
312 warningx("option `%s' does not take a value", var);
315 cur->sd_un.flag = op;
317 /* Special action for I_FQDN. Move to own switch if we get more */
318 if (num == I_FQDN && op)
323 /* Check for bogus boolean usage or lack of a value. */
324 if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
325 warningx("no value specified for `%s'", var);
329 if (!store_list(val, cur, op)) {
330 warningx("value `%s' is invalid for option `%s'", val, var);
335 if (!val && !ISSET(cur->type, T_BOOL)) {
336 warningx("no value specified for `%s'", var);
339 if (!store_tuple(val, cur, op)) {
340 warningx("value `%s' is invalid for option `%s'", val, var);
350 * Set default options to compiled-in values.
351 * Any of these may be overridden at runtime by a "Defaults" file.
356 static int firsttime = 1;
357 struct sudo_defs_types *def;
359 /* Clear any old settings. */
361 for (def = sudo_defs_table; def->name; def++) {
362 switch (def->type & T_MASK) {
364 efree(def->sd_un.str);
365 def->sd_un.str = NULL;
368 list_op(NULL, 0, def, freeall);
371 zero_bytes(&def->sd_un, sizeof(def->sd_un));
375 /* First initialize the flags. */
376 #ifdef LONG_OTP_PROMPT
377 def_long_otp_prompt = TRUE;
379 #ifdef IGNORE_DOT_PATH
380 def_ignore_dot = TRUE;
382 #ifdef ALWAYS_SEND_MAIL
383 def_mail_always = TRUE;
385 #ifdef SEND_MAIL_WHEN_NO_USER
386 def_mail_no_user = TRUE;
388 #ifdef SEND_MAIL_WHEN_NO_HOST
389 def_mail_no_host = TRUE;
391 #ifdef SEND_MAIL_WHEN_NOT_OK
392 def_mail_no_perms = TRUE;
394 #ifdef USE_TTY_TICKETS
395 def_tty_tickets = TRUE;
400 #ifndef NO_AUTHENTICATION
401 def_authenticate = TRUE;
404 def_root_sudo = TRUE;
409 #ifdef SHELL_IF_NO_ARGS
410 def_shell_noargs = TRUE;
412 #ifdef SHELL_SETS_HOME
415 #ifndef DONT_LEAK_PATH_INFO
416 def_path_info = TRUE;
425 def_env_editor = TRUE;
427 #ifdef _PATH_SUDO_ASKPASS
428 def_askpass = estrdup(_PATH_SUDO_ASKPASS);
430 def_sudoers_locale = estrdup("C");
431 def_env_reset = TRUE;
432 def_set_logname = TRUE;
433 def_closefrom = STDERR_FILENO + 1;
435 /* Syslog options need special care since they both strings and ints */
436 #if (LOGGING & SLOG_SYSLOG)
437 (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
438 (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
440 (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
444 /* Password flags also have a string and integer component. */
445 (void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
446 (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
448 /* Then initialize the int-like things. */
450 def_umask = SUDO_UMASK;
454 def_loglinelen = MAXLOGFILELEN;
455 def_timestamp_timeout = TIMEOUT;
456 def_passwd_timeout = PASSWORD_TIMEOUT;
457 def_passwd_tries = TRIES_FOR_PASSWORD;
459 /* Now do the strings */
460 def_mailto = estrdup(MAILTO);
461 def_mailsub = estrdup(MAILSUBJECT);
462 def_badpass_message = estrdup(INCORRECT_PASSWORD);
463 def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
464 def_passprompt = estrdup(PASSPROMPT);
465 def_runas_default = estrdup(RUNAS_DEFAULT);
466 #ifdef _PATH_SUDO_SENDMAIL
467 def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
468 def_mailerflags = estrdup("-t");
470 #if (LOGGING & SLOG_FILE)
471 def_logfile = estrdup(_PATH_SUDO_LOGFILE);
474 def_exempt_group = estrdup(EXEMPTGROUP);
477 def_secure_path = estrdup(SECURE_PATH);
479 def_editor = estrdup(EDITOR);
480 #ifdef _PATH_SUDO_NOEXEC
481 def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
484 /* Finally do the lists (currently just environment tables). */
491 * Update the defaults based on what was set by sudoers.
492 * Pass in a an OR'd list of which default types to update.
495 update_defaults(what)
498 struct defaults *def;
500 tq_foreach_fwd(&defaults, def) {
503 if (ISSET(what, SETDEF_GENERIC) &&
504 !set_default(def->var, def->val, def->op))
508 if (ISSET(what, SETDEF_USER) &&
509 userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
510 !set_default(def->var, def->val, def->op))
514 if (ISSET(what, SETDEF_RUNAS) &&
515 runaslist_matches(&def->binding, NULL) == ALLOW &&
516 !set_default(def->var, def->val, def->op))
520 if (ISSET(what, SETDEF_HOST) &&
521 hostlist_matches(&def->binding) == ALLOW &&
522 !set_default(def->var, def->val, def->op))
526 if (ISSET(what, SETDEF_CMND) &&
527 cmndlist_matches(&def->binding) == ALLOW &&
528 !set_default(def->var, def->val, def->op))
537 store_int(val, def, op)
539 struct sudo_defs_types *def;
548 l = strtol(val, &endp, 10);
551 /* XXX - should check against INT_MAX */
552 def->sd_un.ival = (unsigned int)l;
555 return(def->callback(val));
560 store_uint(val, def, op)
562 struct sudo_defs_types *def;
571 l = strtol(val, &endp, 10);
572 if (*endp != '\0' || l < 0)
574 /* XXX - should check against INT_MAX */
575 def->sd_un.ival = (unsigned int)l;
578 return(def->callback(val));
583 store_tuple(val, def, op)
585 struct sudo_defs_types *def;
588 struct def_values *v;
591 * Since enums are really just ints we store the value as an ival.
592 * In the future, there may be multiple enums for different tuple
593 * types we want to avoid and special knowledge of the tuple type.
594 * This does assume that the first entry in the tuple enum will
595 * be the equivalent to a boolean "false".
598 def->sd_un.ival = (op == FALSE) ? 0 : 1;
600 for (v = def->values; v->sval != NULL; v++) {
601 if (strcmp(v->sval, val) == 0) {
602 def->sd_un.ival = v->ival;
610 return(def->callback(val));
615 store_str(val, def, op)
617 struct sudo_defs_types *def;
621 efree(def->sd_un.str);
623 def->sd_un.str = NULL;
625 def->sd_un.str = estrdup(val);
627 return(def->callback(val));
632 store_list(str, def, op)
634 struct sudo_defs_types *def;
639 /* Remove all old members. */
640 if (op == FALSE || op == TRUE)
641 list_op(NULL, 0, def, freeall);
643 /* Split str into multiple space-separated words and act on each one. */
647 /* Remove leading blanks, if nothing but blanks we are done. */
648 for (start = end; isblank(*start); start++)
653 /* Find end position and perform operation. */
654 for (end = start; *end && !isblank(*end); end++)
656 list_op(start, end - start, def, op == '-' ? delete : add);
657 } while (*end++ != '\0');
663 store_syslogfac(val, def, op)
665 struct sudo_defs_types *def;
671 def->sd_un.ival = FALSE;
674 #ifdef LOG_NFACILITIES
677 for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
679 if (fac->name == NULL)
680 return(FALSE); /* not found */
682 def->sd_un.ival = fac->num;
684 def->sd_un.ival = -1;
685 #endif /* LOG_NFACILITIES */
693 #ifdef LOG_NFACILITIES
696 for (fac = facilities; fac->name && fac->num != n; fac++)
701 #endif /* LOG_NFACILITIES */
705 store_syslogpri(val, def, op)
707 struct sudo_defs_types *def;
712 if (op == FALSE || !val)
715 for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
717 if (pri->name == NULL)
718 return(FALSE); /* not found */
720 def->sd_un.ival = pri->num;
730 for (pri = priorities; pri->name && pri->num != n; pri++)
736 store_mode(val, def, op)
738 struct sudo_defs_types *def;
745 def->sd_un.mode = (mode_t)0777;
747 l = strtol(val, &endp, 8);
748 if (*endp != '\0' || l < 0 || l > 0777)
750 def->sd_un.mode = (mode_t)l;
753 return(def->callback(val));
758 list_op(val, len, def, op)
761 struct sudo_defs_types *def;
764 struct list_member *cur, *prev, *tmp;
767 for (cur = def->sd_un.list; cur; ) {
773 def->sd_un.list = NULL;
777 for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
778 if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
781 return; /* already exists */
785 prev->next = cur->next;
787 def->sd_un.list = cur->next;
794 /* Add new node to the head of the list. */
796 cur = emalloc(sizeof(struct list_member));
797 cur->value = emalloc(len + 1);
798 (void) memcpy(cur->value, val, len);
799 cur->value[len] = '\0';
800 cur->next = def->sd_un.list;
801 def->sd_un.list = cur;
projects / debian / sudo / blob