mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

Don't set/run early Defaults if a custom defaults_list is specified.

Browse Source 
Defaults settings passed in by the front end are already "early"
so there is no need to treat any of them as special.

Otherwise, we end up running the early defaults callbacks before
sudoers has been parsed.  This means that, for instance, it is not
possible to disable the fqdn flag before its callback is run if
sudo is build with the --with-fqdn option.  Bug #1016.
This commit is contained in:
Todd C. Miller
2022-01-18 15:38:57 -07:00
parent 28cfe868ec
commit e1c2288fbc
1 changed files with 28 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
plugins/sudoers/defaults.c
View File

@@ -742,6 +742,7 @@ update_defaults(struct sudoers_parse_tree *parse_tree,
struct defaults_list *defs, int what, bool quiet)
{
struct defaults *d;
bool global_defaults = false;
bool ret = true;
debug_decl(update_defaults, SUDOERS_DEBUG_DEFAULTS);
@@ -749,38 +750,45 @@ update_defaults(struct sudoers_parse_tree *parse_tree,
"what: 0x%02x", what);
/* If no defaults list specified, use the global one in the parse tree. */
if (defs == NULL)
if (defs == NULL) {
defs = &parse_tree->defaults;
global_defaults = true;
}
/*
* First apply Defaults values marked as early.
* If using the global defaults list, apply Defaults values marked as early.
*/
TAILQ_FOREACH(d, defs, entries) {
struct early_default *early = is_early_default(d->var);
if (early == NULL)
continue;
if (global_defaults) {
TAILQ_FOREACH(d, defs, entries) {
struct early_default *early = is_early_default(d->var);
if (early == NULL)
continue;
/* Defaults type and binding must match. */
if (!default_type_matches(d, what) ||
!default_binding_matches(parse_tree, d, what))
continue;
/* Defaults type and binding must match. */
if (!default_type_matches(d, what) ||
!default_binding_matches(parse_tree, d, what))
continue;
/* Copy the value to sudo_defs_table and mark as early. */
if (!set_early_default(d->var, d->val, d->op, d->file, d->line,
d->column, quiet, early))
/* Copy the value to sudo_defs_table and mark as early. */
if (!set_early_default(d->var, d->val, d->op, d->file, d->line,
d->column, quiet, early))
ret = false;
}
/* Run callbacks for early defaults (if any) */
if (!run_early_defaults())
ret = false;
}
/* Run callbacks for early defaults (if any) */
if (!run_early_defaults())
ret = false;
/*
* Then set the rest of the defaults.
* Set the rest of the defaults and run their callbacks, if any.
*/
TAILQ_FOREACH(d, defs, entries) {
/* Skip Defaults marked as early, we already did them. */
if (is_early_default(d->var))
continue;
if (global_defaults) {
/* Skip Defaults marked as early, we already did them. */
if (is_early_default(d->var))
continue;
}
/* Defaults type and binding must match. */
if (!default_type_matches(d, what) ||