mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

defaults_check_conflict: it is only really a conflict if the binding match

Browse Source 
If the Defaults name matched but the binding does not, we can simply
leave it be.  Fixes a problem where given two sudoers sources that
have a host specified, if they contain conflicting Defaults entries
we would drop one of the Defaults instead of keeping both after
making them host-specific.
This commit is contained in:
Todd C. Miller 2022-01-31 19:18:04 -07:00
parent 8f4351a897
commit 960bf99656
4 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MANIFEST
View File

@ -768,6 +768,8 @@ plugins/sudoers/regress/cvtsudoers/test36.out.ok
plugins/sudoers/regress/cvtsudoers/test36.sh plugins/sudoers/regress/cvtsudoers/test36.sh
plugins/sudoers/regress/cvtsudoers/test37.out.ok plugins/sudoers/regress/cvtsudoers/test37.out.ok
plugins/sudoers/regress/cvtsudoers/test37.sh plugins/sudoers/regress/cvtsudoers/test37.sh
plugins/sudoers/regress/cvtsudoers/test38.out.ok
plugins/sudoers/regress/cvtsudoers/test38.sh
plugins/sudoers/regress/cvtsudoers/test4.out.ok plugins/sudoers/regress/cvtsudoers/test4.out.ok
plugins/sudoers/regress/cvtsudoers/test4.sh plugins/sudoers/regress/cvtsudoers/test4.sh
plugins/sudoers/regress/cvtsudoers/test5.out.ok plugins/sudoers/regress/cvtsudoers/test5.out.ok

6
plugins/sudoers/cvtsudoers_merge.c
View File

@ -822,12 +822,18 @@ defaults_check_conflict(struct defaults *def,
} }
debug_return_int(CONFLICT_RESOLVED); debug_return_int(CONFLICT_RESOLVED);
} }
/*
* If the value doesn't match but the Defaults name did we don't
* consider that a conflict.
*/
if (!mergeable) {
log_warnx(U_("%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d"), log_warnx(U_("%s:%d:%d: conflicting Defaults entry \"%s\" host-specific in %s:%d:%d"),
def->file, def->line, def->column, def->var, def->file, def->line, def->column, def->var,
d->file, d->line, d->column); d->file, d->line, d->column);
debug_return_int(CONFLICT_UNRESOLVED); debug_return_int(CONFLICT_UNRESOLVED);
} }
} }
}
debug_return_int(CONFLICT_NONE); debug_return_int(CONFLICT_NONE);
} }

14
plugins/sudoers/regress/cvtsudoers/test38.out.ok Normal file
View File

@ -0,0 +1,14 @@
Defaults@xerxes\
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
Defaults@xyzzy\
secure_path=/opt/sudo/bin\:/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User_Alias ADMINS = millert, dowdy, mikef
Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice,\
/usr/bin/pkill, /usr/bin/top
Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
Host_Alias WEBSERVERS_1 = www1, www2, www3, www5
root ALL = (ALL) ALL
ALL ALL = (ALL) /usr/bin/id

10
plugins/sudoers/regress/cvtsudoers/test38.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
#
# Test cvtsudoers merge:
# * two files, each bound to a host
# * only difference is a conflicting secure_path definition
#
: ${CVTSUDOERS=cvtsudoers}
$CVTSUDOERS -f sudoers -l /dev/null xerxes:${TESTDIR}/sudoers3 xyzzy:${TESTDIR}/sudoers4