2
0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00

cvtsudoers: fix a regression when merging matching Defaults.

If a host is specified with a sudoers file, we have to treat Defaults
as Defaults@host checking for duplicates.
This commit is contained in:
Todd C. Miller 2021-12-20 12:57:02 -07:00
parent 4ffc3142c5
commit 149e8208b5
4 changed files with 26 additions and 1 deletions

View File

@ -761,6 +761,8 @@ plugins/sudoers/regress/cvtsudoers/test33.out.ok
plugins/sudoers/regress/cvtsudoers/test33.sh plugins/sudoers/regress/cvtsudoers/test33.sh
plugins/sudoers/regress/cvtsudoers/test34.out.ok plugins/sudoers/regress/cvtsudoers/test34.out.ok
plugins/sudoers/regress/cvtsudoers/test34.sh plugins/sudoers/regress/cvtsudoers/test34.sh
plugins/sudoers/regress/cvtsudoers/test35.out.ok
plugins/sudoers/regress/cvtsudoers/test35.sh
plugins/sudoers/regress/cvtsudoers/test4.out.ok plugins/sudoers/regress/cvtsudoers/test4.out.ok
plugins/sudoers/regress/cvtsudoers/test4.sh plugins/sudoers/regress/cvtsudoers/test4.sh
plugins/sudoers/regress/cvtsudoers/test5.out.ok plugins/sudoers/regress/cvtsudoers/test5.out.ok

View File

@ -659,7 +659,7 @@ defaults_has_conflict(struct defaults *def,
while ((parse_tree = TAILQ_NEXT(parse_tree, entries)) != NULL) { while ((parse_tree = TAILQ_NEXT(parse_tree, entries)) != NULL) {
struct defaults *d; struct defaults *d;
TAILQ_FOREACH(d, &parse_tree->defaults, entries) { TAILQ_FOREACH(d, &parse_tree->defaults, entries) {
if (defaults_var_matches(def, d, true)) { if (defaults_var_matches(def, d, parse_tree->lhost == NULL)) {
if (!defaults_val_matches(def, d)) { if (!defaults_val_matches(def, d)) {
log_warnx(U_("%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d"), log_warnx(U_("%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d"),
def->file, def->line, def->column, def->var, def->file, def->line, def->column, def->var,

View File

@ -0,0 +1,15 @@
Defaults@xerxes log_output
Defaults@xyzzy log_output
Defaults!/usr/bin/sudoreplay !log_output
Defaults!/usr/local/bin/sudoreplay !log_output
Defaults!REBOOT !log_output
User_Alias ADMINS = millert, dowdy, mikef
Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice,\
/usr/bin/pkill, /usr/bin/top
Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
Host_Alias WEBSERVERS = www1, www2, www3
Host_Alias WEBSERVERS_1 = www1, www2, www3, www5
Host_Alias WEBSERVERS_2 = www1, www2, www3, www4
root ALL = (ALL) ALL

View File

@ -0,0 +1,8 @@
#!/bin/sh
#
# Test cvtsudoers merge
#
: ${CVTSUDOERS=cvtsudoers}
$CVTSUDOERS -f sudoers -l /dev/null xerxes:${TESTDIR}/sudoers1 xyzzy:${TESTDIR}/sudoers2 ${TESTDIR}/sudoers3