rpms / sudo

Clone
Source Code
GIT

Blame SOURCES/sudo-1.8.19p2-ignore-unknown-defaults.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   97c7894c8103303f6e92ebe4f7274ee3d197740a
  2.   SOURCES
  3.   sudo-1.8.19p2-ignore-unknown-defaults.patch
Blob History Raw
0e1944 
From 93cef1efac4e2b4930c23cdc35c0b916365ccabc Mon Sep 17 00:00:00 2001
0e1944 
From: Tomas Sykora <tosykora@redhat.com>
0e1944 
Date: Tue, 21 Feb 2017 14:56:24 +0100
0e1944 
Subject: [PATCH] Add ignore_unknown_defaults flag to ignore unknown Defaults
0e1944 
 entries in sudoers instead of producing a warning.
0e1944
0e1944 
Patch: sudo-1.8.19p2-ignore-unknown-defaults.patch
0e1944 
Resolves:
0e1944 
rhbz#1413160
0e1944 
---
0e1944 
 doc/sudoers.cat             |  6 ++++++
0e1944 
 doc/sudoers.man.in          | 11 +++++++++++
0e1944 
 doc/sudoers.mdoc.in         | 10 ++++++++++
0e1944 
 plugins/sudoers/def_data.c  |  4 ++++
0e1944 
 plugins/sudoers/def_data.h  |  2 ++
0e1944 
 plugins/sudoers/def_data.in |  3 +++
0e1944 
 plugins/sudoers/defaults.c  |  3 ++-
0e1944 
 7 files changed, 38 insertions(+), 1 deletion(-)
0e1944
0e1944 
diff --git a/doc/sudoers.cat b/doc/sudoers.cat
0e1944 
index 76dbf28..50cf78a 100644
0e1944 
--- a/doc/sudoers.cat
0e1944 
+++ b/doc/sudoers.cat
0e1944 
@@ -1071,6 +1071,12 @@ S?SU?UD?DO?OE?ER?RS?S O?OP?PT?TI?IO?ON?NS?S
0e1944 
                        meaningful for the cn=defaults section.  This flag is
0e1944 
                        _?o_?f_?f by default.
0e1944
0e1944 
+     ignore_unknown_defaults
0e1944 
+                       If set, s?su?ud?do?o will not produce a warning if it
0e1944 
+                       encounters an unknown Defaults entry in the _^Hs_^Hu_^Hd_^Ho_^He_^Hr_^Hs
0e1944 
+                       file or an unknown sudoOption in LDAP.  This flag is
0e1944 
+                       _?o_?f_?f by default.
0e1944 
+
0e1944 
      insults           If set, s?su?ud?do?o will insult users when they enter an
0e1944 
                        incorrect password.  This flag is _?o_?f_?f by default.
0e1944
0e1944 
diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in
0e1944 
index 8673da0..4be3760 100644
0e1944 
--- a/doc/sudoers.man.in
0e1944 
+++ b/doc/sudoers.man.in
0e1944 
@@ -2266,6 +2266,17 @@ This flag is
0e1944 
 \fIoff\fR
0e1944 
 by default.
0e1944 
 .TP 18n
0e1944 
+ignore_unknown_defaults
0e1944 
+If set,
0e1944 
+\fBsudo\fR
0e1944 
+will not produce a warning if it encounters an unknown Defaults entry
0e1944 
+in the
0e1944 
+\fIsudoers\fR
0e1944 
+file or an unknown sudoOption in LDAP.
0e1944 
+This flag is
0e1944 
+\fIoff\fR
0e1944 
+by default.
0e1944 
+.TP 18n
0e1944 
 insults
0e1944 
 If set,
0e1944 
 \fBsudo\fR
0e1944 
diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in
0e1944 
index 74b6f01..f3fe5e6 100644
0e1944 
--- a/doc/sudoers.mdoc.in
0e1944 
+++ b/doc/sudoers.mdoc.in
0e1944 
@@ -2124,6 +2124,16 @@ section.
0e1944 
 This flag is
0e1944 
 .Em off
0e1944 
 by default.
0e1944 
+.It ignore_unknown_defaults
0e1944 
+If set,
0e1944 
+.Nm sudo
0e1944 
+will not produce a warning if it encounters an unknown Defaults entry
0e1944 
+in the
0e1944 
+.Em sudoers
0e1944 
+file or an unknown sudoOption in LDAP.
0e1944 
+This flag is
0e1944 
+.Em off
0e1944 
+by default.
0e1944 
 .It insults
0e1944 
 If set,
0e1944 
 .Nm sudo
0e1944 
diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
0e1944 
index 3926fed..3d787c2 100644
0e1944 
--- a/plugins/sudoers/def_data.c
0e1944 
+++ b/plugins/sudoers/def_data.c
0e1944 
@@ -443,6 +443,10 @@ struct sudo_defs_types sudo_defs_table[] = {
0e1944 
 	N_("Don't pre-resolve all group names"),
0e1944 
 	NULL,
0e1944 
     }, {
0e1944 
+       "ignore_unknown_defaults", T_FLAG,
0e1944 
+       N_("Ignore unknown Defaults entries in sudoers instead of producing a warning"),
0e1944 
+       NULL,
0e1944 
+    }, {
0e1944 
 	NULL, 0, NULL
0e1944 
     }
0e1944 
 };
0e1944 
diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
0e1944 
index b5e61b4..f5773a3 100644
0e1944 
--- a/plugins/sudoers/def_data.h
0e1944 
+++ b/plugins/sudoers/def_data.h
0e1944 
@@ -208,6 +208,8 @@
0e1944 
 #define def_cmnd_no_wait        (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
0e1944 
 #define I_LEGACY_GROUP_PROCESSING 104
0e1944 
 #define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
0e1944 
+#define I_IGNORE_UNKNOWN_DEFAULTS 105
0e1944 
+#define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag)
0e1944
0e1944 
 enum def_tuple {
0e1944 
 	never,
0e1944 
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
0e1944 
index f1c9265..8f63d70 100644
0e1944 
--- a/plugins/sudoers/def_data.in
0e1944 
+++ b/plugins/sudoers/def_data.in
0e1944 
@@ -328,3 +328,6 @@ cmnd_no_wait
0e1944 
 legacy_group_processing
0e1944 
 	T_FLAG
0e1944 
 	"Don't pre-resolve all group names"
0e1944 
+ignore_unknown_defaults
0e1944 
+        T_FLAG
0e1944 
+        "Ignore unknown Defaults entries in sudoers instead of producing a warning"
0e1944 
diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
0e1944 
index 9e60d94..5f93f80 100644
0e1944 
--- a/plugins/sudoers/defaults.c
0e1944 
+++ b/plugins/sudoers/defaults.c
0e1944 
@@ -79,6 +79,7 @@ static struct strmap priorities[] = {
0e1944 
 };
0e1944
0e1944 
 static struct early_default early_defaults[] = {
0e1944 
+    { I_IGNORE_UNKNOWN_DEFAULTS },
0e1944 
 #ifdef FQDN
0e1944 
     { I_FQDN, true },
0e1944 
 #else
0e1944 
@@ -206,7 +207,7 @@ find_default(const char *name, const char *file, int lineno, bool quiet)
0e1944 
 	if (strcmp(name, sudo_defs_table[i].name) == 0)
0e1944 
 	    debug_return_int(i);
0e1944 
     }
0e1944 
-    if (!quiet) {
0e1944 
+    if (!quiet && !def_ignore_unknown_defaults) {
0e1944 
 	if (lineno > 0) {
0e1944 
 	    sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""),
0e1944 
 		file, lineno, name);
0e1944 
--
0e1944 
2.7.4
0e1944

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation