mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 09:57:41 +00:00
Deprecate chroot support
This commit is contained in:
Todd C. Miller
parent
fffcc07c53
commit
7a6ee32a93
@ -712,6 +712,9 @@ before running the
|
|||||||
\fIcommand\fR.
|
\fIcommand\fR.
|
||||||
The security policy may return an error if the user does not have
|
The security policy may return an error if the user does not have
|
||||||
permission to specify the root directory.
|
permission to specify the root directory.
|
||||||
|
.sp
|
||||||
|
This option is deprecated and will be removed in a future version of
|
||||||
|
\fBsudo\fR.
|
||||||
.if \n(SL \{\
|
.if \n(SL \{\
|
||||||
.TP 8n
|
.TP 8n
|
||||||
\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR
|
\fB\-r\fR \fIrole\fR, \fB\--role\fR=\fIrole\fR
|
||||||
|
|||||||
@ -667,6 +667,9 @@ before running the
|
|||||||
.Ar command .
|
.Ar command .
|
||||||
The security policy may return an error if the user does not have
|
The security policy may return an error if the user does not have
|
||||||
permission to specify the root directory.
|
permission to specify the root directory.
|
||||||
|
.Pp
|
||||||
|
This option is deprecated and will be removed in a future version of
|
||||||
|
.Nm .
|
||||||
.if \n(SL \{\
|
.if \n(SL \{\
|
||||||
.It Fl r Ar role , Fl -role Ns = Ns Ar role
|
.It Fl r Ar role , Fl -role Ns = Ns Ar role
|
||||||
Run the
|
Run the
|
||||||
|
|||||||
@ -26,7 +26,7 @@
|
|||||||
.nr BA @BAMAN@
|
.nr BA @BAMAN@
|
||||||
.nr LC @LCMAN@
|
.nr LC @LCMAN@
|
||||||
.nr PS @PSMAN@
|
.nr PS @PSMAN@
|
||||||
.TH "SUDOERS" "@mansectform@" "February 22, 2025" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
|
.TH "SUDOERS" "@mansectform@" "June 7, 2025" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
|
||||||
.nh
|
.nh
|
||||||
.if n .ad l
|
.if n .ad l
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
@ -1868,6 +1868,10 @@ user's home directory.
|
|||||||
.PP
|
.PP
|
||||||
This setting is only supported by version 1.9.3 or higher.
|
This setting is only supported by version 1.9.3 or higher.
|
||||||
.SS "Chroot_Spec"
|
.SS "Chroot_Spec"
|
||||||
|
Support for setting the root directory is deprecated and will be removed
|
||||||
|
in a future version of
|
||||||
|
\fBsudo\fR.
|
||||||
|
.PP
|
||||||
The root directory that the command will be run in can be specified
|
The root directory that the command will be run in can be specified
|
||||||
using the
|
using the
|
||||||
\fRCHROOT\fR
|
\fRCHROOT\fR
|
||||||
@ -5647,6 +5651,10 @@ that includes a
|
|||||||
\fIChroot_Spec\fR.
|
\fIChroot_Spec\fR.
|
||||||
.sp
|
.sp
|
||||||
This setting is only supported by version 1.9.3 or higher.
|
This setting is only supported by version 1.9.3 or higher.
|
||||||
|
.sp
|
||||||
|
Support for setting the root directory is deprecated and will be removed
|
||||||
|
in a future version of
|
||||||
|
\fBsudo\fR.
|
||||||
.TP 14n
|
.TP 14n
|
||||||
runcwd
|
runcwd
|
||||||
If set,
|
If set,
|
||||||
@ -6967,12 +6975,7 @@ facility in all cases and for commands to be run with
|
|||||||
the target user's home directory as the working directory.
|
the target user's home directory as the working directory.
|
||||||
We don't want to subject the full time staff to the
|
We don't want to subject the full time staff to the
|
||||||
\fBsudo\fR
|
\fBsudo\fR
|
||||||
lecture and we want to allow them to run commands in a
|
lecture.
|
||||||
chroot(2)
|
|
||||||
\(lqsandbox\(rq
|
|
||||||
via the
|
|
||||||
\fB\-R\fR
|
|
||||||
option.
|
|
||||||
User
|
User
|
||||||
\fBmillert\fR
|
\fBmillert\fR
|
||||||
need not provide a password and we don't want to reset the
|
need not provide a password and we don't want to reset the
|
||||||
@ -7003,7 +7006,7 @@ privileges.
|
|||||||
# Override built-in defaults
|
# Override built-in defaults
|
||||||
Defaults syslog=auth,runcwd=~
|
Defaults syslog=auth,runcwd=~
|
||||||
Defaults>root !set_logname
|
Defaults>root !set_logname
|
||||||
Defaults:FULLTIMERS !lecture,runchroot=*
|
Defaults:FULLTIMERS !lecture
|
||||||
Defaults:millert !authenticate
|
Defaults:millert !authenticate
|
||||||
Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log
|
Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log
|
||||||
Defaults!PAGERS noexec
|
Defaults!PAGERS noexec
|
||||||
|
|||||||
@ -25,7 +25,7 @@
|
|||||||
.nr BA @BAMAN@
|
.nr BA @BAMAN@
|
||||||
.nr LC @LCMAN@
|
.nr LC @LCMAN@
|
||||||
.nr PS @PSMAN@
|
.nr PS @PSMAN@
|
||||||
.Dd February 22, 2025
|
.Dd June 7, 2025
|
||||||
.Dt SUDOERS @mansectform@
|
.Dt SUDOERS @mansectform@
|
||||||
.Os Sudo @PACKAGE_VERSION@
|
.Os Sudo @PACKAGE_VERSION@
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -1772,6 +1772,10 @@ user's home directory.
|
|||||||
.Pp
|
.Pp
|
||||||
This setting is only supported by version 1.9.3 or higher.
|
This setting is only supported by version 1.9.3 or higher.
|
||||||
.Ss Chroot_Spec
|
.Ss Chroot_Spec
|
||||||
|
Support for setting the root directory is deprecated and will be removed
|
||||||
|
in a future version of
|
||||||
|
.Nm sudo .
|
||||||
|
.Pp
|
||||||
The root directory that the command will be run in can be specified
|
The root directory that the command will be run in can be specified
|
||||||
using the
|
using the
|
||||||
.Dv CHROOT
|
.Dv CHROOT
|
||||||
@ -5281,6 +5285,10 @@ that includes a
|
|||||||
.Em Chroot_Spec .
|
.Em Chroot_Spec .
|
||||||
.Pp
|
.Pp
|
||||||
This setting is only supported by version 1.9.3 or higher.
|
This setting is only supported by version 1.9.3 or higher.
|
||||||
|
.Pp
|
||||||
|
Support for setting the root directory is deprecated and will be removed
|
||||||
|
in a future version of
|
||||||
|
.Nm sudo .
|
||||||
.It runcwd
|
.It runcwd
|
||||||
If set,
|
If set,
|
||||||
.Nm sudo
|
.Nm sudo
|
||||||
@ -6462,12 +6470,7 @@ facility in all cases and for commands to be run with
|
|||||||
the target user's home directory as the working directory.
|
the target user's home directory as the working directory.
|
||||||
We don't want to subject the full time staff to the
|
We don't want to subject the full time staff to the
|
||||||
.Nm sudo
|
.Nm sudo
|
||||||
lecture and we want to allow them to run commands in a
|
lecture.
|
||||||
.Xr chroot 2
|
|
||||||
.Dq sandbox
|
|
||||||
via the
|
|
||||||
.Fl R
|
|
||||||
option.
|
|
||||||
User
|
User
|
||||||
.Sy millert
|
.Sy millert
|
||||||
need not provide a password and we don't want to reset the
|
need not provide a password and we don't want to reset the
|
||||||
@ -6497,7 +6500,7 @@ privileges.
|
|||||||
# Override built-in defaults
|
# Override built-in defaults
|
||||||
Defaults syslog=auth,runcwd=~
|
Defaults syslog=auth,runcwd=~
|
||||||
Defaults>root !set_logname
|
Defaults>root !set_logname
|
||||||
Defaults:FULLTIMERS !lecture,runchroot=*
|
Defaults:FULLTIMERS !lecture
|
||||||
Defaults:millert !authenticate
|
Defaults:millert !authenticate
|
||||||
Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log
|
Defaults@SERVERS log_year, logfile=@log_dir@/sudo.log
|
||||||
Defaults!PAGERS noexec
|
Defaults!PAGERS noexec
|
||||||
|
|||||||
@ -884,17 +884,17 @@ static const yytype_int16 yyrline[] =
|
|||||||
277, 280, 286, 289, 295, 296, 303, 312, 321, 331,
|
277, 280, 286, 289, 295, 296, 303, 312, 321, 331,
|
||||||
341, 353, 354, 359, 365, 382, 386, 392, 401, 409,
|
341, 353, 354, 359, 365, 382, 386, 392, 401, 409,
|
||||||
418, 427, 438, 439, 449, 513, 522, 531, 540, 551,
|
418, 427, 438, 439, 449, 513, 522, 531, 540, 551,
|
||||||
552, 559, 562, 576, 580, 586, 602, 618, 623, 627,
|
552, 559, 562, 576, 580, 586, 602, 624, 629, 633,
|
||||||
632, 637, 642, 647, 651, 656, 659, 664, 681, 693,
|
638, 643, 648, 653, 657, 662, 665, 670, 687, 699,
|
||||||
709, 727, 746, 747, 748, 749, 750, 751, 752, 753,
|
715, 733, 752, 753, 754, 755, 756, 757, 758, 759,
|
||||||
754, 755, 756, 759, 765, 768, 773, 778, 787, 796,
|
760, 761, 762, 765, 771, 774, 779, 784, 793, 802,
|
||||||
808, 813, 818, 823, 828, 835, 838, 841, 844, 847,
|
814, 819, 824, 829, 834, 841, 844, 847, 850, 853,
|
||||||
850, 853, 856, 859, 862, 865, 868, 871, 874, 877,
|
856, 859, 862, 865, 868, 871, 874, 877, 880, 883,
|
||||||
880, 883, 888, 902, 911, 932, 955, 956, 959, 959,
|
886, 889, 894, 908, 917, 938, 961, 962, 965, 965,
|
||||||
971, 974, 975, 982, 983, 986, 986, 998, 1001, 1002,
|
977, 980, 981, 988, 989, 992, 992, 1004, 1007, 1008,
|
||||||
1009, 1010, 1013, 1013, 1025, 1028, 1029, 1032, 1032, 1044,
|
1015, 1016, 1019, 1019, 1031, 1034, 1035, 1038, 1038, 1050,
|
||||||
1047, 1048, 1055, 1059, 1065, 1074, 1082, 1091, 1100, 1111,
|
1053, 1054, 1061, 1065, 1071, 1080, 1088, 1097, 1106, 1117,
|
||||||
1112, 1119, 1123, 1129, 1138, 1146
|
1118, 1125, 1129, 1135, 1144, 1152
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -2254,93 +2254,99 @@ yyreduce:
|
|||||||
sudoerserror(N_("\"CHROOT\" path too long"));
|
sudoerserror(N_("\"CHROOT\" path too long"));
|
||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
|
if (parser_conf.strict > 2) {
|
||||||
|
sudoerserror(N_("\"CHROOT\" is deprecated"));
|
||||||
|
YYERROR;
|
||||||
|
} else if (parser_conf.verbose > 0) {
|
||||||
|
parser_warnx(parsed_policy.ctx, sudoers, this_lineno, sudolinebuf.toke_start + 1, false, false, N_("\"CHROOT\" is deprecated"));
|
||||||
|
}
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2254 "gram.c"
|
#line 2260 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 57: /* timeoutspec: CMND_TIMEOUT '=' WORD */
|
case 57: /* timeoutspec: CMND_TIMEOUT '=' WORD */
|
||||||
#line 618 "gram.y"
|
#line 624 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2262 "gram.c"
|
#line 2268 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 58: /* notbeforespec: NOTBEFORE '=' WORD */
|
case 58: /* notbeforespec: NOTBEFORE '=' WORD */
|
||||||
#line 623 "gram.y"
|
#line 629 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2270 "gram.c"
|
#line 2276 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 59: /* notafterspec: NOTAFTER '=' WORD */
|
case 59: /* notafterspec: NOTAFTER '=' WORD */
|
||||||
#line 627 "gram.y"
|
#line 633 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2278 "gram.c"
|
#line 2284 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 60: /* rolespec: ROLE '=' WORD */
|
case 60: /* rolespec: ROLE '=' WORD */
|
||||||
#line 632 "gram.y"
|
#line 638 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2286 "gram.c"
|
#line 2292 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 61: /* typespec: TYPE '=' WORD */
|
case 61: /* typespec: TYPE '=' WORD */
|
||||||
#line 637 "gram.y"
|
#line 643 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2294 "gram.c"
|
#line 2300 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 62: /* apparmor_profilespec: APPARMOR_PROFILE '=' WORD */
|
case 62: /* apparmor_profilespec: APPARMOR_PROFILE '=' WORD */
|
||||||
#line 642 "gram.y"
|
#line 648 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2302 "gram.c"
|
#line 2308 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 63: /* privsspec: PRIVS '=' WORD */
|
case 63: /* privsspec: PRIVS '=' WORD */
|
||||||
#line 647 "gram.y"
|
#line 653 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2310 "gram.c"
|
#line 2316 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 64: /* limitprivsspec: LIMITPRIVS '=' WORD */
|
case 64: /* limitprivsspec: LIMITPRIVS '=' WORD */
|
||||||
#line 651 "gram.y"
|
#line 657 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.string) = (yyvsp[0].string);
|
(yyval.string) = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2318 "gram.c"
|
#line 2324 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 65: /* runasspec: %empty */
|
case 65: /* runasspec: %empty */
|
||||||
#line 656 "gram.y"
|
#line 662 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.runas) = NULL;
|
(yyval.runas) = NULL;
|
||||||
}
|
}
|
||||||
#line 2326 "gram.c"
|
#line 2332 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 66: /* runasspec: '(' runaslist ')' */
|
case 66: /* runasspec: '(' runaslist ')' */
|
||||||
#line 659 "gram.y"
|
#line 665 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.runas) = (yyvsp[-1].runas);
|
(yyval.runas) = (yyvsp[-1].runas);
|
||||||
}
|
}
|
||||||
#line 2334 "gram.c"
|
#line 2340 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 67: /* runaslist: %empty */
|
case 67: /* runaslist: %empty */
|
||||||
#line 664 "gram.y"
|
#line 670 "gram.y"
|
||||||
{
|
{
|
||||||
/* User may run command as themselves. */
|
/* User may run command as themselves. */
|
||||||
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
||||||
@ -2358,11 +2364,11 @@ yyreduce:
|
|||||||
}
|
}
|
||||||
parser_leak_add(LEAK_RUNAS, (yyval.runas));
|
parser_leak_add(LEAK_RUNAS, (yyval.runas));
|
||||||
}
|
}
|
||||||
#line 2356 "gram.c"
|
#line 2362 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 68: /* runaslist: userlist */
|
case 68: /* runaslist: userlist */
|
||||||
#line 681 "gram.y"
|
#line 687 "gram.y"
|
||||||
{
|
{
|
||||||
/* User may run command as a user in userlist. */
|
/* User may run command as a user in userlist. */
|
||||||
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
||||||
@ -2375,11 +2381,11 @@ yyreduce:
|
|||||||
(yyval.runas)->runasusers = (yyvsp[0].member);
|
(yyval.runas)->runasusers = (yyvsp[0].member);
|
||||||
/* $$->runasgroups = NULL; */
|
/* $$->runasgroups = NULL; */
|
||||||
}
|
}
|
||||||
#line 2373 "gram.c"
|
#line 2379 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 69: /* runaslist: userlist ':' grouplist */
|
case 69: /* runaslist: userlist ':' grouplist */
|
||||||
#line 693 "gram.y"
|
#line 699 "gram.y"
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* User may run command as a user in userlist
|
* User may run command as a user in userlist
|
||||||
@ -2396,11 +2402,11 @@ yyreduce:
|
|||||||
(yyval.runas)->runasusers = (yyvsp[-2].member);
|
(yyval.runas)->runasusers = (yyvsp[-2].member);
|
||||||
(yyval.runas)->runasgroups = (yyvsp[0].member);
|
(yyval.runas)->runasgroups = (yyvsp[0].member);
|
||||||
}
|
}
|
||||||
#line 2394 "gram.c"
|
#line 2400 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 70: /* runaslist: ':' grouplist */
|
case 70: /* runaslist: ':' grouplist */
|
||||||
#line 709 "gram.y"
|
#line 715 "gram.y"
|
||||||
{
|
{
|
||||||
/* User may run command as a group in grouplist. */
|
/* User may run command as a group in grouplist. */
|
||||||
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
||||||
@ -2419,11 +2425,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
(yyval.runas)->runasgroups = (yyvsp[0].member);
|
(yyval.runas)->runasgroups = (yyvsp[0].member);
|
||||||
}
|
}
|
||||||
#line 2417 "gram.c"
|
#line 2423 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 71: /* runaslist: ':' */
|
case 71: /* runaslist: ':' */
|
||||||
#line 727 "gram.y"
|
#line 733 "gram.y"
|
||||||
{
|
{
|
||||||
/* User may run command as themselves. */
|
/* User may run command as themselves. */
|
||||||
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
(yyval.runas) = calloc(1, sizeof(struct runascontainer));
|
||||||
@ -2441,114 +2447,114 @@ yyreduce:
|
|||||||
}
|
}
|
||||||
parser_leak_add(LEAK_RUNAS, (yyval.runas));
|
parser_leak_add(LEAK_RUNAS, (yyval.runas));
|
||||||
}
|
}
|
||||||
#line 2439 "gram.c"
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 72: /* reserved_word: ALL */
|
|
||||||
#line 746 "gram.y"
|
|
||||||
{ (yyval.cstring) = "ALL"; }
|
|
||||||
#line 2445 "gram.c"
|
#line 2445 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 73: /* reserved_word: CHROOT */
|
case 72: /* reserved_word: ALL */
|
||||||
#line 747 "gram.y"
|
#line 752 "gram.y"
|
||||||
{ (yyval.cstring) = "CHROOT"; }
|
{ (yyval.cstring) = "ALL"; }
|
||||||
#line 2451 "gram.c"
|
#line 2451 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 74: /* reserved_word: CWD */
|
case 73: /* reserved_word: CHROOT */
|
||||||
#line 748 "gram.y"
|
#line 753 "gram.y"
|
||||||
{ (yyval.cstring) = "CWD"; }
|
{ (yyval.cstring) = "CHROOT"; }
|
||||||
#line 2457 "gram.c"
|
#line 2457 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 75: /* reserved_word: CMND_TIMEOUT */
|
case 74: /* reserved_word: CWD */
|
||||||
#line 749 "gram.y"
|
#line 754 "gram.y"
|
||||||
{ (yyval.cstring) = "CMND_TIMEOUT"; }
|
{ (yyval.cstring) = "CWD"; }
|
||||||
#line 2463 "gram.c"
|
#line 2463 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 76: /* reserved_word: NOTBEFORE */
|
case 75: /* reserved_word: CMND_TIMEOUT */
|
||||||
#line 750 "gram.y"
|
#line 755 "gram.y"
|
||||||
{ (yyval.cstring) = "NOTBEFORE"; }
|
{ (yyval.cstring) = "CMND_TIMEOUT"; }
|
||||||
#line 2469 "gram.c"
|
#line 2469 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 77: /* reserved_word: NOTAFTER */
|
case 76: /* reserved_word: NOTBEFORE */
|
||||||
#line 751 "gram.y"
|
#line 756 "gram.y"
|
||||||
{ (yyval.cstring) = "NOTAFTER"; }
|
{ (yyval.cstring) = "NOTBEFORE"; }
|
||||||
#line 2475 "gram.c"
|
#line 2475 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 78: /* reserved_word: ROLE */
|
case 77: /* reserved_word: NOTAFTER */
|
||||||
#line 752 "gram.y"
|
#line 757 "gram.y"
|
||||||
{ (yyval.cstring) = "ROLE"; }
|
{ (yyval.cstring) = "NOTAFTER"; }
|
||||||
#line 2481 "gram.c"
|
#line 2481 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 79: /* reserved_word: TYPE */
|
case 78: /* reserved_word: ROLE */
|
||||||
#line 753 "gram.y"
|
#line 758 "gram.y"
|
||||||
{ (yyval.cstring) = "TYPE"; }
|
{ (yyval.cstring) = "ROLE"; }
|
||||||
#line 2487 "gram.c"
|
#line 2487 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 80: /* reserved_word: PRIVS */
|
case 79: /* reserved_word: TYPE */
|
||||||
#line 754 "gram.y"
|
#line 759 "gram.y"
|
||||||
{ (yyval.cstring) = "PRIVS"; }
|
{ (yyval.cstring) = "TYPE"; }
|
||||||
#line 2493 "gram.c"
|
#line 2493 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 81: /* reserved_word: LIMITPRIVS */
|
case 80: /* reserved_word: PRIVS */
|
||||||
#line 755 "gram.y"
|
#line 760 "gram.y"
|
||||||
{ (yyval.cstring) = "LIMITPRIVS"; }
|
{ (yyval.cstring) = "PRIVS"; }
|
||||||
#line 2499 "gram.c"
|
#line 2499 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 82: /* reserved_word: APPARMOR_PROFILE */
|
case 81: /* reserved_word: LIMITPRIVS */
|
||||||
#line 756 "gram.y"
|
#line 761 "gram.y"
|
||||||
{ (yyval.cstring) = "APPARMOR_PROFILE"; }
|
{ (yyval.cstring) = "LIMITPRIVS"; }
|
||||||
#line 2505 "gram.c"
|
#line 2505 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case 82: /* reserved_word: APPARMOR_PROFILE */
|
||||||
|
#line 762 "gram.y"
|
||||||
|
{ (yyval.cstring) = "APPARMOR_PROFILE"; }
|
||||||
|
#line 2511 "gram.c"
|
||||||
|
break;
|
||||||
|
|
||||||
case 83: /* reserved_alias: reserved_word */
|
case 83: /* reserved_alias: reserved_word */
|
||||||
#line 759 "gram.y"
|
#line 765 "gram.y"
|
||||||
{
|
{
|
||||||
sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].cstring));
|
sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].cstring));
|
||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
#line 2514 "gram.c"
|
#line 2520 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 84: /* options: %empty */
|
case 84: /* options: %empty */
|
||||||
#line 765 "gram.y"
|
#line 771 "gram.y"
|
||||||
{
|
{
|
||||||
init_options(&(yyval.options));
|
init_options(&(yyval.options));
|
||||||
}
|
}
|
||||||
#line 2522 "gram.c"
|
#line 2528 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 85: /* options: options chdirspec */
|
case 85: /* options: options chdirspec */
|
||||||
#line 768 "gram.y"
|
#line 774 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).runcwd);
|
parser_leak_remove(LEAK_PTR, (yyval.options).runcwd);
|
||||||
free((yyval.options).runcwd);
|
free((yyval.options).runcwd);
|
||||||
(yyval.options).runcwd = (yyvsp[0].string);
|
(yyval.options).runcwd = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2532 "gram.c"
|
#line 2538 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 86: /* options: options chrootspec */
|
case 86: /* options: options chrootspec */
|
||||||
#line 773 "gram.y"
|
#line 779 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).runchroot);
|
parser_leak_remove(LEAK_PTR, (yyval.options).runchroot);
|
||||||
free((yyval.options).runchroot);
|
free((yyval.options).runchroot);
|
||||||
(yyval.options).runchroot = (yyvsp[0].string);
|
(yyval.options).runchroot = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2542 "gram.c"
|
#line 2548 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 87: /* options: options notbeforespec */
|
case 87: /* options: options notbeforespec */
|
||||||
#line 778 "gram.y"
|
#line 784 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.options).notbefore = parse_gentime((yyvsp[0].string));
|
(yyval.options).notbefore = parse_gentime((yyvsp[0].string));
|
||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
@ -2558,11 +2564,11 @@ yyreduce:
|
|||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#line 2556 "gram.c"
|
#line 2562 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 88: /* options: options notafterspec */
|
case 88: /* options: options notafterspec */
|
||||||
#line 787 "gram.y"
|
#line 793 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.options).notafter = parse_gentime((yyvsp[0].string));
|
(yyval.options).notafter = parse_gentime((yyvsp[0].string));
|
||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
@ -2572,11 +2578,11 @@ yyreduce:
|
|||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#line 2570 "gram.c"
|
#line 2576 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 89: /* options: options timeoutspec */
|
case 89: /* options: options timeoutspec */
|
||||||
#line 796 "gram.y"
|
#line 802 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.options).timeout = parse_timeout((yyvsp[0].string));
|
(yyval.options).timeout = parse_timeout((yyvsp[0].string));
|
||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
@ -2589,197 +2595,197 @@ yyreduce:
|
|||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#line 2587 "gram.c"
|
#line 2593 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 90: /* options: options rolespec */
|
case 90: /* options: options rolespec */
|
||||||
#line 808 "gram.y"
|
#line 814 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).role);
|
parser_leak_remove(LEAK_PTR, (yyval.options).role);
|
||||||
free((yyval.options).role);
|
free((yyval.options).role);
|
||||||
(yyval.options).role = (yyvsp[0].string);
|
(yyval.options).role = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2597 "gram.c"
|
#line 2603 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 91: /* options: options typespec */
|
case 91: /* options: options typespec */
|
||||||
#line 813 "gram.y"
|
#line 819 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).type);
|
parser_leak_remove(LEAK_PTR, (yyval.options).type);
|
||||||
free((yyval.options).type);
|
free((yyval.options).type);
|
||||||
(yyval.options).type = (yyvsp[0].string);
|
(yyval.options).type = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2607 "gram.c"
|
#line 2613 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 92: /* options: options apparmor_profilespec */
|
case 92: /* options: options apparmor_profilespec */
|
||||||
#line 818 "gram.y"
|
#line 824 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile);
|
parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile);
|
||||||
free((yyval.options).apparmor_profile);
|
free((yyval.options).apparmor_profile);
|
||||||
(yyval.options).apparmor_profile = (yyvsp[0].string);
|
(yyval.options).apparmor_profile = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2617 "gram.c"
|
#line 2623 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 93: /* options: options privsspec */
|
case 93: /* options: options privsspec */
|
||||||
#line 823 "gram.y"
|
#line 829 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).privs);
|
parser_leak_remove(LEAK_PTR, (yyval.options).privs);
|
||||||
free((yyval.options).privs);
|
free((yyval.options).privs);
|
||||||
(yyval.options).privs = (yyvsp[0].string);
|
(yyval.options).privs = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2627 "gram.c"
|
#line 2633 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 94: /* options: options limitprivsspec */
|
case 94: /* options: options limitprivsspec */
|
||||||
#line 828 "gram.y"
|
#line 834 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_PTR, (yyval.options).limitprivs);
|
parser_leak_remove(LEAK_PTR, (yyval.options).limitprivs);
|
||||||
free((yyval.options).limitprivs);
|
free((yyval.options).limitprivs);
|
||||||
(yyval.options).limitprivs = (yyvsp[0].string);
|
(yyval.options).limitprivs = (yyvsp[0].string);
|
||||||
}
|
}
|
||||||
#line 2637 "gram.c"
|
#line 2643 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 95: /* cmndtag: %empty */
|
case 95: /* cmndtag: %empty */
|
||||||
#line 835 "gram.y"
|
#line 841 "gram.y"
|
||||||
{
|
{
|
||||||
TAGS_INIT(&(yyval.tag));
|
TAGS_INIT(&(yyval.tag));
|
||||||
}
|
}
|
||||||
#line 2645 "gram.c"
|
#line 2651 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 96: /* cmndtag: cmndtag NOPASSWD */
|
case 96: /* cmndtag: cmndtag NOPASSWD */
|
||||||
#line 838 "gram.y"
|
#line 844 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).nopasswd = true;
|
(yyval.tag).nopasswd = true;
|
||||||
}
|
}
|
||||||
#line 2653 "gram.c"
|
#line 2659 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 97: /* cmndtag: cmndtag PASSWD */
|
case 97: /* cmndtag: cmndtag PASSWD */
|
||||||
#line 841 "gram.y"
|
#line 847 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).nopasswd = false;
|
(yyval.tag).nopasswd = false;
|
||||||
}
|
}
|
||||||
#line 2661 "gram.c"
|
#line 2667 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 98: /* cmndtag: cmndtag NOEXEC */
|
case 98: /* cmndtag: cmndtag NOEXEC */
|
||||||
#line 844 "gram.y"
|
#line 850 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).noexec = true;
|
(yyval.tag).noexec = true;
|
||||||
}
|
}
|
||||||
#line 2669 "gram.c"
|
#line 2675 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 99: /* cmndtag: cmndtag EXEC */
|
case 99: /* cmndtag: cmndtag EXEC */
|
||||||
#line 847 "gram.y"
|
#line 853 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).noexec = false;
|
(yyval.tag).noexec = false;
|
||||||
}
|
}
|
||||||
#line 2677 "gram.c"
|
#line 2683 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 100: /* cmndtag: cmndtag INTERCEPT */
|
case 100: /* cmndtag: cmndtag INTERCEPT */
|
||||||
#line 850 "gram.y"
|
#line 856 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).intercept = true;
|
(yyval.tag).intercept = true;
|
||||||
}
|
}
|
||||||
#line 2685 "gram.c"
|
#line 2691 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 101: /* cmndtag: cmndtag NOINTERCEPT */
|
case 101: /* cmndtag: cmndtag NOINTERCEPT */
|
||||||
#line 853 "gram.y"
|
#line 859 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).intercept = false;
|
(yyval.tag).intercept = false;
|
||||||
}
|
}
|
||||||
#line 2693 "gram.c"
|
#line 2699 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 102: /* cmndtag: cmndtag SETENV */
|
case 102: /* cmndtag: cmndtag SETENV */
|
||||||
#line 856 "gram.y"
|
#line 862 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).setenv = true;
|
(yyval.tag).setenv = true;
|
||||||
}
|
}
|
||||||
#line 2701 "gram.c"
|
#line 2707 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 103: /* cmndtag: cmndtag NOSETENV */
|
case 103: /* cmndtag: cmndtag NOSETENV */
|
||||||
#line 859 "gram.y"
|
#line 865 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).setenv = false;
|
(yyval.tag).setenv = false;
|
||||||
}
|
}
|
||||||
#line 2709 "gram.c"
|
#line 2715 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 104: /* cmndtag: cmndtag LOG_INPUT */
|
case 104: /* cmndtag: cmndtag LOG_INPUT */
|
||||||
#line 862 "gram.y"
|
#line 868 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).log_input = true;
|
(yyval.tag).log_input = true;
|
||||||
}
|
}
|
||||||
#line 2717 "gram.c"
|
#line 2723 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 105: /* cmndtag: cmndtag NOLOG_INPUT */
|
case 105: /* cmndtag: cmndtag NOLOG_INPUT */
|
||||||
#line 865 "gram.y"
|
#line 871 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).log_input = false;
|
(yyval.tag).log_input = false;
|
||||||
}
|
}
|
||||||
#line 2725 "gram.c"
|
#line 2731 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 106: /* cmndtag: cmndtag LOG_OUTPUT */
|
case 106: /* cmndtag: cmndtag LOG_OUTPUT */
|
||||||
#line 868 "gram.y"
|
#line 874 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).log_output = true;
|
(yyval.tag).log_output = true;
|
||||||
}
|
}
|
||||||
#line 2733 "gram.c"
|
#line 2739 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 107: /* cmndtag: cmndtag NOLOG_OUTPUT */
|
case 107: /* cmndtag: cmndtag NOLOG_OUTPUT */
|
||||||
#line 871 "gram.y"
|
#line 877 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).log_output = false;
|
(yyval.tag).log_output = false;
|
||||||
}
|
}
|
||||||
#line 2741 "gram.c"
|
#line 2747 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 108: /* cmndtag: cmndtag FOLLOWLNK */
|
case 108: /* cmndtag: cmndtag FOLLOWLNK */
|
||||||
#line 874 "gram.y"
|
#line 880 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).follow = true;
|
(yyval.tag).follow = true;
|
||||||
}
|
}
|
||||||
#line 2749 "gram.c"
|
#line 2755 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 109: /* cmndtag: cmndtag NOFOLLOWLNK */
|
case 109: /* cmndtag: cmndtag NOFOLLOWLNK */
|
||||||
#line 877 "gram.y"
|
#line 883 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).follow = false;
|
(yyval.tag).follow = false;
|
||||||
}
|
}
|
||||||
#line 2757 "gram.c"
|
#line 2763 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 110: /* cmndtag: cmndtag MAIL */
|
case 110: /* cmndtag: cmndtag MAIL */
|
||||||
#line 880 "gram.y"
|
#line 886 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).send_mail = true;
|
(yyval.tag).send_mail = true;
|
||||||
}
|
}
|
||||||
#line 2765 "gram.c"
|
#line 2771 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 111: /* cmndtag: cmndtag NOMAIL */
|
case 111: /* cmndtag: cmndtag NOMAIL */
|
||||||
#line 883 "gram.y"
|
#line 889 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.tag).send_mail = false;
|
(yyval.tag).send_mail = false;
|
||||||
}
|
}
|
||||||
#line 2773 "gram.c"
|
#line 2779 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 112: /* cmnd: ALL */
|
case 112: /* cmnd: ALL */
|
||||||
#line 888 "gram.y"
|
#line 894 "gram.y"
|
||||||
{
|
{
|
||||||
struct sudo_command *c;
|
struct sudo_command *c;
|
||||||
|
|
||||||
@ -2794,11 +2800,11 @@ yyreduce:
|
|||||||
}
|
}
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 2792 "gram.c"
|
#line 2798 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 113: /* cmnd: ALIAS */
|
case 113: /* cmnd: ALIAS */
|
||||||
#line 902 "gram.y"
|
#line 908 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), ALIAS);
|
(yyval.member) = new_member((yyvsp[0].string), ALIAS);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -2808,11 +2814,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 2806 "gram.c"
|
#line 2812 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 114: /* cmnd: COMMAND */
|
case 114: /* cmnd: COMMAND */
|
||||||
#line 911 "gram.y"
|
#line 917 "gram.y"
|
||||||
{
|
{
|
||||||
struct sudo_command *c;
|
struct sudo_command *c;
|
||||||
|
|
||||||
@ -2834,11 +2840,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].command).args);
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].command).args);
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 2832 "gram.c"
|
#line 2838 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 115: /* cmnd: WORD */
|
case 115: /* cmnd: WORD */
|
||||||
#line 932 "gram.y"
|
#line 938 "gram.y"
|
||||||
{
|
{
|
||||||
if (strcmp((yyvsp[0].string), "list") == 0) {
|
if (strcmp((yyvsp[0].string), "list") == 0) {
|
||||||
struct sudo_command *c;
|
struct sudo_command *c;
|
||||||
@ -2860,20 +2866,20 @@ yyreduce:
|
|||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#line 2858 "gram.c"
|
#line 2864 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 118: /* $@1: %empty */
|
case 118: /* $@1: %empty */
|
||||||
#line 959 "gram.y"
|
#line 965 "gram.y"
|
||||||
{
|
{
|
||||||
alias_line = this_lineno;
|
alias_line = this_lineno;
|
||||||
alias_column = (int)sudolinebuf.toke_start + 1;
|
alias_column = (int)sudolinebuf.toke_start + 1;
|
||||||
}
|
}
|
||||||
#line 2867 "gram.c"
|
#line 2873 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 119: /* hostalias: ALIAS $@1 '=' hostlist */
|
case 119: /* hostalias: ALIAS $@1 '=' hostlist */
|
||||||
#line 962 "gram.y"
|
#line 968 "gram.y"
|
||||||
{
|
{
|
||||||
if (!alias_add(&parsed_policy, (yyvsp[-3].string), HOSTALIAS,
|
if (!alias_add(&parsed_policy, (yyvsp[-3].string), HOSTALIAS,
|
||||||
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
||||||
@ -2883,30 +2889,30 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
}
|
}
|
||||||
#line 2881 "gram.c"
|
#line 2887 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 122: /* hostlist: hostlist ',' ophost */
|
case 122: /* hostlist: hostlist ',' ophost */
|
||||||
#line 975 "gram.y"
|
#line 981 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
||||||
(yyval.member) = (yyvsp[-2].member);
|
(yyval.member) = (yyvsp[-2].member);
|
||||||
}
|
}
|
||||||
#line 2891 "gram.c"
|
#line 2897 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 125: /* $@2: %empty */
|
case 125: /* $@2: %empty */
|
||||||
#line 986 "gram.y"
|
#line 992 "gram.y"
|
||||||
{
|
{
|
||||||
alias_line = this_lineno;
|
alias_line = this_lineno;
|
||||||
alias_column = (int)sudolinebuf.toke_start + 1;
|
alias_column = (int)sudolinebuf.toke_start + 1;
|
||||||
}
|
}
|
||||||
#line 2900 "gram.c"
|
#line 2906 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 126: /* cmndalias: ALIAS $@2 '=' cmndlist */
|
case 126: /* cmndalias: ALIAS $@2 '=' cmndlist */
|
||||||
#line 989 "gram.y"
|
#line 995 "gram.y"
|
||||||
{
|
{
|
||||||
if (!alias_add(&parsed_policy, (yyvsp[-3].string), CMNDALIAS,
|
if (!alias_add(&parsed_policy, (yyvsp[-3].string), CMNDALIAS,
|
||||||
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
||||||
@ -2916,30 +2922,30 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
}
|
}
|
||||||
#line 2914 "gram.c"
|
#line 2920 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 129: /* cmndlist: cmndlist ',' digcmnd */
|
case 129: /* cmndlist: cmndlist ',' digcmnd */
|
||||||
#line 1002 "gram.y"
|
#line 1008 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
||||||
(yyval.member) = (yyvsp[-2].member);
|
(yyval.member) = (yyvsp[-2].member);
|
||||||
}
|
}
|
||||||
#line 2924 "gram.c"
|
#line 2930 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 132: /* $@3: %empty */
|
case 132: /* $@3: %empty */
|
||||||
#line 1013 "gram.y"
|
#line 1019 "gram.y"
|
||||||
{
|
{
|
||||||
alias_line = this_lineno;
|
alias_line = this_lineno;
|
||||||
alias_column = (int)sudolinebuf.toke_start + 1;
|
alias_column = (int)sudolinebuf.toke_start + 1;
|
||||||
}
|
}
|
||||||
#line 2933 "gram.c"
|
#line 2939 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 133: /* runasalias: ALIAS $@3 '=' userlist */
|
case 133: /* runasalias: ALIAS $@3 '=' userlist */
|
||||||
#line 1016 "gram.y"
|
#line 1022 "gram.y"
|
||||||
{
|
{
|
||||||
if (!alias_add(&parsed_policy, (yyvsp[-3].string), RUNASALIAS,
|
if (!alias_add(&parsed_policy, (yyvsp[-3].string), RUNASALIAS,
|
||||||
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
||||||
@ -2949,20 +2955,20 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
}
|
}
|
||||||
#line 2947 "gram.c"
|
#line 2953 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 137: /* $@4: %empty */
|
case 137: /* $@4: %empty */
|
||||||
#line 1032 "gram.y"
|
#line 1038 "gram.y"
|
||||||
{
|
{
|
||||||
alias_line = this_lineno;
|
alias_line = this_lineno;
|
||||||
alias_column = (int)sudolinebuf.toke_start + 1;
|
alias_column = (int)sudolinebuf.toke_start + 1;
|
||||||
}
|
}
|
||||||
#line 2956 "gram.c"
|
#line 2962 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 138: /* useralias: ALIAS $@4 '=' userlist */
|
case 138: /* useralias: ALIAS $@4 '=' userlist */
|
||||||
#line 1035 "gram.y"
|
#line 1041 "gram.y"
|
||||||
{
|
{
|
||||||
if (!alias_add(&parsed_policy, (yyvsp[-3].string), USERALIAS,
|
if (!alias_add(&parsed_policy, (yyvsp[-3].string), USERALIAS,
|
||||||
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
sudoers, alias_line, alias_column, (yyvsp[0].member))) {
|
||||||
@ -2972,39 +2978,39 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[-3].string));
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
}
|
}
|
||||||
#line 2970 "gram.c"
|
#line 2976 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 141: /* userlist: userlist ',' opuser */
|
case 141: /* userlist: userlist ',' opuser */
|
||||||
#line 1048 "gram.y"
|
#line 1054 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
||||||
(yyval.member) = (yyvsp[-2].member);
|
(yyval.member) = (yyvsp[-2].member);
|
||||||
}
|
}
|
||||||
#line 2980 "gram.c"
|
#line 2986 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 142: /* opuser: user */
|
case 142: /* opuser: user */
|
||||||
#line 1055 "gram.y"
|
#line 1061 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = (yyvsp[0].member);
|
(yyval.member) = (yyvsp[0].member);
|
||||||
(yyval.member)->negated = false;
|
(yyval.member)->negated = false;
|
||||||
}
|
}
|
||||||
#line 2989 "gram.c"
|
#line 2995 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 143: /* opuser: '!' user */
|
case 143: /* opuser: '!' user */
|
||||||
#line 1059 "gram.y"
|
#line 1065 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = (yyvsp[0].member);
|
(yyval.member) = (yyvsp[0].member);
|
||||||
(yyval.member)->negated = true;
|
(yyval.member)->negated = true;
|
||||||
}
|
}
|
||||||
#line 2998 "gram.c"
|
#line 3004 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 144: /* user: ALIAS */
|
case 144: /* user: ALIAS */
|
||||||
#line 1065 "gram.y"
|
#line 1071 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), ALIAS);
|
(yyval.member) = new_member((yyvsp[0].string), ALIAS);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3014,11 +3020,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3012 "gram.c"
|
#line 3018 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 145: /* user: ALL */
|
case 145: /* user: ALL */
|
||||||
#line 1074 "gram.y"
|
#line 1080 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member(NULL, ALL);
|
(yyval.member) = new_member(NULL, ALL);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3027,11 +3033,11 @@ yyreduce:
|
|||||||
}
|
}
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3025 "gram.c"
|
#line 3031 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 146: /* user: NETGROUP */
|
case 146: /* user: NETGROUP */
|
||||||
#line 1082 "gram.y"
|
#line 1088 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), NETGROUP);
|
(yyval.member) = new_member((yyvsp[0].string), NETGROUP);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3041,11 +3047,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3039 "gram.c"
|
#line 3045 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 147: /* user: USERGROUP */
|
case 147: /* user: USERGROUP */
|
||||||
#line 1091 "gram.y"
|
#line 1097 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), USERGROUP);
|
(yyval.member) = new_member((yyvsp[0].string), USERGROUP);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3055,11 +3061,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3053 "gram.c"
|
#line 3059 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 148: /* user: WORD */
|
case 148: /* user: WORD */
|
||||||
#line 1100 "gram.y"
|
#line 1106 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), WORD);
|
(yyval.member) = new_member((yyvsp[0].string), WORD);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3069,39 +3075,39 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3067 "gram.c"
|
#line 3073 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 150: /* grouplist: grouplist ',' opgroup */
|
case 150: /* grouplist: grouplist ',' opgroup */
|
||||||
#line 1112 "gram.y"
|
#line 1118 "gram.y"
|
||||||
{
|
{
|
||||||
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member));
|
||||||
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries);
|
||||||
(yyval.member) = (yyvsp[-2].member);
|
(yyval.member) = (yyvsp[-2].member);
|
||||||
}
|
}
|
||||||
#line 3077 "gram.c"
|
#line 3083 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 151: /* opgroup: group */
|
case 151: /* opgroup: group */
|
||||||
#line 1119 "gram.y"
|
#line 1125 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = (yyvsp[0].member);
|
(yyval.member) = (yyvsp[0].member);
|
||||||
(yyval.member)->negated = false;
|
(yyval.member)->negated = false;
|
||||||
}
|
}
|
||||||
#line 3086 "gram.c"
|
#line 3092 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 152: /* opgroup: '!' group */
|
case 152: /* opgroup: '!' group */
|
||||||
#line 1123 "gram.y"
|
#line 1129 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = (yyvsp[0].member);
|
(yyval.member) = (yyvsp[0].member);
|
||||||
(yyval.member)->negated = true;
|
(yyval.member)->negated = true;
|
||||||
}
|
}
|
||||||
#line 3095 "gram.c"
|
#line 3101 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 153: /* group: ALIAS */
|
case 153: /* group: ALIAS */
|
||||||
#line 1129 "gram.y"
|
#line 1135 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), ALIAS);
|
(yyval.member) = new_member((yyvsp[0].string), ALIAS);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3111,11 +3117,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3109 "gram.c"
|
#line 3115 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 154: /* group: ALL */
|
case 154: /* group: ALL */
|
||||||
#line 1138 "gram.y"
|
#line 1144 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member(NULL, ALL);
|
(yyval.member) = new_member(NULL, ALL);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3124,11 +3130,11 @@ yyreduce:
|
|||||||
}
|
}
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3122 "gram.c"
|
#line 3128 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 155: /* group: WORD */
|
case 155: /* group: WORD */
|
||||||
#line 1146 "gram.y"
|
#line 1152 "gram.y"
|
||||||
{
|
{
|
||||||
(yyval.member) = new_member((yyvsp[0].string), WORD);
|
(yyval.member) = new_member((yyvsp[0].string), WORD);
|
||||||
if ((yyval.member) == NULL) {
|
if ((yyval.member) == NULL) {
|
||||||
@ -3138,11 +3144,11 @@ yyreduce:
|
|||||||
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
parser_leak_remove(LEAK_PTR, (yyvsp[0].string));
|
||||||
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
parser_leak_add(LEAK_MEMBER, (yyval.member));
|
||||||
}
|
}
|
||||||
#line 3136 "gram.c"
|
#line 3142 "gram.c"
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
||||||
#line 3140 "gram.c"
|
#line 3146 "gram.c"
|
||||||
|
|
||||||
default: break;
|
default: break;
|
||||||
}
|
}
|
||||||
@ -3335,7 +3341,7 @@ yyreturnlab:
|
|||||||
return yyresult;
|
return yyresult;
|
||||||
}
|
}
|
||||||
|
|
||||||
#line 1156 "gram.y"
|
#line 1162 "gram.y"
|
||||||
|
|
||||||
/* Like yyerror() but takes a printf-style format string. */
|
/* Like yyerror() but takes a printf-style format string. */
|
||||||
void
|
void
|
||||||
|
|||||||
@ -611,6 +611,12 @@ chrootspec : CHROOT '=' WORD {
|
|||||||
sudoerserror(N_("\"CHROOT\" path too long"));
|
sudoerserror(N_("\"CHROOT\" path too long"));
|
||||||
YYERROR;
|
YYERROR;
|
||||||
}
|
}
|
||||||
|
if (parser_conf.strict > 2) {
|
||||||
|
sudoerserror(N_("\"CHROOT\" is deprecated"));
|
||||||
|
YYERROR;
|
||||||
|
} else if (parser_conf.verbose > 0) {
|
||||||
|
parser_warnx(parsed_policy.ctx, sudoers, this_lineno, sudolinebuf.toke_start + 1, false, false, N_("\"CHROOT\" is deprecated"));
|
||||||
|
}
|
||||||
$$ = $3;
|
$$ = $3;
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
|||||||
@ -4,7 +4,9 @@ DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
|
|||||||
DEFAULTS DEFVAR = WORD(2)
|
DEFAULTS DEFVAR = WORD(2)
|
||||||
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
|
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
|
||||||
#
|
#
|
||||||
WORD(6) ALL = CHROOT = WORD(5) CWD = WORD(5) COMMAND
|
WORD(6) ALL = CHROOT = WORD(5) sudoers:7:20: "CHROOT" is deprecated
|
||||||
WORD(6) ALL = CHROOT = BEGINSTR STRBODY ENDSTR WORD(4) CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND
|
CWD = WORD(5) COMMAND
|
||||||
|
WORD(6) ALL = CHROOT = BEGINSTR STRBODY ENDSTR WORD(4) sudoers:8:29: "CHROOT" is deprecated
|
||||||
|
CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND
|
||||||
WORD(6) ALL = CWD = WORD(5) COMMAND , CWD = WORD(5) COMMAND
|
WORD(6) ALL = CWD = WORD(5) COMMAND , CWD = WORD(5) COMMAND
|
||||||
WORD(6) ALL = CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND , CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND
|
WORD(6) ALL = CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND , CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
sudoers:2:19: "CHROOT" is deprecated
|
||||||
Parses OK
|
Parses OK
|
||||||
|
|
||||||
Entries for user root:
|
Entries for user root:
|
||||||
|
|||||||
@ -15,6 +15,7 @@ Password required
|
|||||||
Command denied
|
Command denied
|
||||||
|
|
||||||
User cannot override the sudoers chroot:
|
User cannot override the sudoers chroot:
|
||||||
|
sudoers:1:19: "CHROOT" is deprecated
|
||||||
Parses OK
|
Parses OK
|
||||||
|
|
||||||
Entries for user root:
|
Entries for user root:
|
||||||
@ -29,6 +30,7 @@ Password required
|
|||||||
Command unmatched
|
Command unmatched
|
||||||
|
|
||||||
User can chroot if sudoers rule sets chroot to '*':
|
User can chroot if sudoers rule sets chroot to '*':
|
||||||
|
sudoers:1:19: "CHROOT" is deprecated
|
||||||
Parses OK
|
Parses OK
|
||||||
|
|
||||||
Entries for user root:
|
Entries for user root:
|
||||||
|
|||||||
@ -25,6 +25,16 @@
|
|||||||
|
|
||||||
#include <sudoers.h>
|
#include <sudoers.h>
|
||||||
|
|
||||||
|
static bool
|
||||||
|
cb_runchroot(struct sudoers_context *ctx, const char *file, int line, int column, const union sudo_defs_val *sd_un, int op)
|
||||||
|
{
|
||||||
|
parser_warnx(ctx, file, line, column, ctx->parser_conf.strict > 1,
|
||||||
|
!ctx->parser_conf.verbose,
|
||||||
|
N_("\"runchroot\" is deprecated and will be removed in a future sudo release"));
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set visudo Defaults callbacks.
|
* Set visudo Defaults callbacks.
|
||||||
*/
|
*/
|
||||||
@ -36,5 +46,8 @@ set_callbacks(void)
|
|||||||
/* Set locale callback. */
|
/* Set locale callback. */
|
||||||
sudo_defs_table[I_SUDOERS_LOCALE].callback = sudoers_locale_callback;
|
sudo_defs_table[I_SUDOERS_LOCALE].callback = sudoers_locale_callback;
|
||||||
|
|
||||||
|
/* The "runchroot" setting is deprecated. */
|
||||||
|
sudo_defs_table[I_RUNCHROOT].callback = cb_runchroot;
|
||||||
|
|
||||||
debug_return;
|
debug_return;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -454,6 +454,8 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
|
|||||||
usage();
|
usage();
|
||||||
if (sudo_settings[ARG_CHROOT].value != NULL)
|
if (sudo_settings[ARG_CHROOT].value != NULL)
|
||||||
usage();
|
usage();
|
||||||
|
sudo_warnx("%s",
|
||||||
|
U_("the -R option will be removed in a future version of sudo"));
|
||||||
sudo_settings[ARG_CHROOT].value = optarg;
|
sudo_settings[ARG_CHROOT].value = optarg;
|
||||||
break;
|
break;
|
||||||
#ifdef HAVE_SELINUX
|
#ifdef HAVE_SELINUX
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user