From 93cef1efac4e2b4930c23cdc35c0b916365ccabc Mon Sep 17 00:00:00 2001 From: Tomas Sykora Date: Tue, 21 Feb 2017 14:56:24 +0100 Subject: [PATCH] Add ignore_unknown_defaults flag to ignore unknown Defaults entries in sudoers instead of producing a warning. Patch: sudo-1.8.19p2-ignore-unknown-defaults.patch Resolves: rhbz#1413160 --- doc/sudoers.cat | 6 ++++++ doc/sudoers.man.in | 11 +++++++++++ doc/sudoers.mdoc.in | 10 ++++++++++ plugins/sudoers/def_data.c | 4 ++++ plugins/sudoers/def_data.h | 2 ++ plugins/sudoers/def_data.in | 3 +++ plugins/sudoers/defaults.c | 3 ++- 7 files changed, 38 insertions(+), 1 deletion(-) diff --git a/doc/sudoers.cat b/doc/sudoers.cat index 76dbf28..50cf78a 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1071,6 +1071,12 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS meaningful for the cn=defaults section. This flag is _o_f_f by default. + ignore_unknown_defaults + If set, ssuuddoo will not produce a warning if it + encounters an unknown Defaults entry in the _^Hs_^Hu_^Hd_^Ho_^He_^Hr_^Hs + file or an unknown sudoOption in LDAP. This flag is + _o_f_f by default. + insults If set, ssuuddoo will insult users when they enter an incorrect password. This flag is _o_f_f by default. diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index 8673da0..4be3760 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -2266,6 +2266,17 @@ This flag is \fIoff\fR by default. .TP 18n +ignore_unknown_defaults +If set, +\fBsudo\fR +will not produce a warning if it encounters an unknown Defaults entry +in the +\fIsudoers\fR +file or an unknown sudoOption in LDAP. +This flag is +\fIoff\fR +by default. +.TP 18n insults If set, \fBsudo\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index 74b6f01..f3fe5e6 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -2124,6 +2124,16 @@ section. This flag is .Em off by default. +.It ignore_unknown_defaults +If set, +.Nm sudo +will not produce a warning if it encounters an unknown Defaults entry +in the +.Em sudoers +file or an unknown sudoOption in LDAP. +This flag is +.Em off +by default. .It insults If set, .Nm sudo diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c index 3926fed..3d787c2 100644 --- a/plugins/sudoers/def_data.c +++ b/plugins/sudoers/def_data.c @@ -443,6 +443,10 @@ struct sudo_defs_types sudo_defs_table[] = { N_("Don't pre-resolve all group names"), NULL, }, { + "ignore_unknown_defaults", T_FLAG, + N_("Ignore unknown Defaults entries in sudoers instead of producing a warning"), + NULL, + }, { NULL, 0, NULL } }; diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h index b5e61b4..f5773a3 100644 --- a/plugins/sudoers/def_data.h +++ b/plugins/sudoers/def_data.h @@ -208,6 +208,8 @@ #define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag) #define I_LEGACY_GROUP_PROCESSING 104 #define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag) +#define I_IGNORE_UNKNOWN_DEFAULTS 105 +#define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag) enum def_tuple { never, diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index f1c9265..8f63d70 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -328,3 +328,6 @@ cmnd_no_wait legacy_group_processing T_FLAG "Don't pre-resolve all group names" +ignore_unknown_defaults + T_FLAG + "Ignore unknown Defaults entries in sudoers instead of producing a warning" diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index 9e60d94..5f93f80 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -79,6 +79,7 @@ static struct strmap priorities[] = { }; static struct early_default early_defaults[] = { + { I_IGNORE_UNKNOWN_DEFAULTS }, #ifdef FQDN { I_FQDN, true }, #else @@ -206,7 +207,7 @@ find_default(const char *name, const char *file, int lineno, bool quiet) if (strcmp(name, sudo_defs_table[i].name) == 0) debug_return_int(i); } - if (!quiet) { + if (!quiet && !def_ignore_unknown_defaults) { if (lineno > 0) { sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""), file, lineno, name); -- 2.7.4