version 1.2, 1999/12/10 06:45:11 |
version 1.3, 2000/01/24 04:22:53 |
|
|
/* |
/* |
* Copyright (c) 1999 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 1999-2000 Todd C. Miller <Todd.Miller@courtesan.com> |
* All rights reserved. |
* All rights reserved. |
* |
* |
* Redistribution and use in source and binary forms, with or without |
* Redistribution and use in source and binary forms, with or without |
|
|
#include "sudo.h" |
#include "sudo.h" |
|
|
#ifndef lint |
#ifndef lint |
static const char rcsid[] = "$Sudo: defaults.c,v 1.13 1999/12/02 20:31:24 millert Exp $"; |
static const char rcsid[] = "$Sudo: defaults.c,v 1.17 2000/01/17 23:46:24 millert Exp $"; |
#endif /* lint */ |
#endif /* lint */ |
|
|
/* |
/* |
|
|
static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); |
static int store_syslogfac __P((char *, struct sudo_defs_types *, int)); |
static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); |
static int store_syslogpri __P((char *, struct sudo_defs_types *, int)); |
static int store_mode __P((char *, struct sudo_defs_types *, int)); |
static int store_mode __P((char *, struct sudo_defs_types *, int)); |
|
static int store_pwflag __P((char *, struct sudo_defs_types *, int)); |
|
|
/* |
/* |
* Table describing compile-time and run-time options. |
* Table describing compile-time and run-time options. |
*/ |
*/ |
struct sudo_defs_types sudo_defs_table[] = { |
struct sudo_defs_types sudo_defs_table[] = { |
{ |
{ |
"syslog_ifac", T_INT, { 0 }, |
"syslog_ifac", T_INT, NULL |
NULL |
|
}, { |
}, { |
"syslog_igoodpri", T_INT, { 0 }, |
"syslog_igoodpri", T_INT, NULL |
NULL |
|
}, { |
}, { |
"syslog_ibadpri", T_INT, { 0 }, |
"syslog_ibadpri", T_INT, NULL |
NULL |
|
}, { |
}, { |
"syslog", T_LOGFAC|T_BOOL, { 0 }, |
"syslog", T_LOGFAC|T_BOOL, |
"Syslog facility if syslog is being used for logging: %s" |
"Syslog facility if syslog is being used for logging: %s" |
}, { |
}, { |
"syslog_goodpri", T_LOGPRI, { 0 }, |
"syslog_goodpri", T_LOGPRI, |
"Syslog priority to use when user authenticates successfully: %s" |
"Syslog priority to use when user authenticates successfully: %s" |
}, { |
}, { |
"syslog_badpri", T_LOGPRI, { 0 }, |
"syslog_badpri", T_LOGPRI, |
"Syslog priority to use when user authenticates unsuccessfully: %s" |
"Syslog priority to use when user authenticates unsuccessfully: %s" |
}, { |
}, { |
"long_otp_prompt", T_FLAG, { 0 }, |
"long_otp_prompt", T_FLAG, |
"Put OTP prompt on its own line" |
"Put OTP prompt on its own line" |
}, { |
}, { |
"ignore_dot", T_FLAG, { 0 }, |
"ignore_dot", T_FLAG, |
"Ignore '.' in $PATH" |
"Ignore '.' in $PATH" |
}, { |
}, { |
"mail_always", T_FLAG, { 0 }, |
"mail_always", T_FLAG, |
"Always send mail when sudo is run" |
"Always send mail when sudo is run" |
}, { |
}, { |
"mail_no_user", T_FLAG, { 0 }, |
"mail_no_user", T_FLAG, |
"Send mail if the user is not in sudoers" |
"Send mail if the user is not in sudoers" |
}, { |
}, { |
"mail_no_host", T_FLAG, { 0 }, |
"mail_no_host", T_FLAG, |
"Send mail if the user is not in sudoers for this host" |
"Send mail if the user is not in sudoers for this host" |
}, { |
}, { |
"mail_no_perms", T_FLAG, { 0 }, |
"mail_no_perms", T_FLAG, |
"Send mail if the user is not allowed to run a command" |
"Send mail if the user is not allowed to run a command" |
}, { |
}, { |
"tty_tickets", T_FLAG, { 0 }, |
"tty_tickets", T_FLAG, |
"Use a separate timestamp for each user/tty combo" |
"Use a separate timestamp for each user/tty combo" |
}, { |
}, { |
"lecture", T_FLAG, { 0 }, |
"lecture", T_FLAG, |
"Lecture user the first time they run sudo" |
"Lecture user the first time they run sudo" |
}, { |
}, { |
"authenticate", T_FLAG, { 0 }, |
"authenticate", T_FLAG, |
"Require users to authenticate by default" |
"Require users to authenticate by default" |
}, { |
}, { |
"root_sudo", T_FLAG, { 0 }, |
"root_sudo", T_FLAG, |
"Root may run sudo" |
"Root may run sudo" |
}, { |
}, { |
"log_host", T_FLAG, { 0 }, |
"log_host", T_FLAG, |
"Log the hostname in the (non-syslog) log file" |
"Log the hostname in the (non-syslog) log file" |
}, { |
}, { |
"log_year", T_FLAG, { 0 }, |
"log_year", T_FLAG, |
"Log the year in the (non-syslog) log file" |
"Log the year in the (non-syslog) log file" |
}, { |
}, { |
"set_home", T_FLAG, { 0 }, |
"shell_noargs", T_FLAG, |
|
"If sudo is invoked with no arguments, start a shell" |
|
}, { |
|
"set_home", T_FLAG, |
"Set $HOME to the target user when starting a shell with -s" |
"Set $HOME to the target user when starting a shell with -s" |
}, { |
}, { |
"path_info", T_FLAG, { 0 }, |
"path_info", T_FLAG, |
"Allow some information gathering to give useful error messages" |
"Allow some information gathering to give useful error messages" |
}, { |
}, { |
"fqdn", T_FLAG, { 0 }, |
"fqdn", T_FLAG, |
"Require fully-qualified hsotnames in the sudoers file" |
"Require fully-qualified hsotnames in the sudoers file" |
}, { |
}, { |
"insults", T_FLAG, { 0 }, |
"insults", T_FLAG, |
"Insult the user when they enter an incorrect password" |
"Insult the user when they enter an incorrect password" |
}, { |
}, { |
"requiretty", T_FLAG, { 0 }, |
"requiretty", T_FLAG, |
"Only allow the user to run sudo if they have a tty" |
"Only allow the user to run sudo if they have a tty" |
}, { |
}, { |
"loglinelen", T_INT|T_BOOL, { 0 }, |
"loglinelen", T_INT|T_BOOL, |
"Length at which to wrap log file lines (0 for no wrap): %d" |
"Length at which to wrap log file lines (0 for no wrap): %d" |
}, { |
}, { |
"timestamp_timeout", T_INT|T_BOOL, { 0 }, |
"timestamp_timeout", T_INT|T_BOOL, |
"Authentication timestamp timeout: %d minutes" |
"Authentication timestamp timeout: %d minutes" |
}, { |
}, { |
"passwd_timeout", T_INT|T_BOOL, { 0 }, |
"passwd_timeout", T_INT|T_BOOL, |
"Password prompt timeout: %d minutes" |
"Password prompt timeout: %d minutes" |
}, { |
}, { |
"passwd_tries", T_INT, { 0 }, |
"passwd_tries", T_INT, |
"Number of tries to enter a password: %d" |
"Number of tries to enter a password: %d" |
}, { |
}, { |
"umask", T_MODE|T_BOOL, { 0 }, |
"umask", T_MODE|T_BOOL, |
"Umask to use or 0777 to use user's: 0%o" |
"Umask to use or 0777 to use user's: 0%o" |
}, { |
}, { |
"logfile", T_STR|T_BOOL|T_PATH, { 0 }, |
"logfile", T_STR|T_BOOL|T_PATH, |
"Path to log file: %s" |
"Path to log file: %s" |
}, { |
}, { |
"mailerpath", T_STR|T_BOOL|T_PATH, { 0 }, |
"mailerpath", T_STR|T_BOOL|T_PATH, |
"Path to mail program: %s" |
"Path to mail program: %s" |
}, { |
}, { |
"mailerflags", T_STR|T_BOOL, { 0 }, |
"mailerflags", T_STR|T_BOOL, |
"Flags for mail program: %s" |
"Flags for mail program: %s" |
}, { |
}, { |
"mailto", T_STR|T_BOOL, { 0 }, |
"mailto", T_STR|T_BOOL, |
"Address to send mail to: %s" |
"Address to send mail to: %s" |
}, { |
}, { |
"mailsub", T_STR, { 0 }, |
"mailsub", T_STR, |
"Subject line for mail messages: %s" |
"Subject line for mail messages: %s" |
}, { |
}, { |
"badpass_message", T_STR, { 0 }, |
"badpass_message", T_STR, |
"Incorrect password message: %s" |
"Incorrect password message: %s" |
}, { |
}, { |
"timestampdir", T_STR|T_PATH, { 0 }, |
"timestampdir", T_STR|T_PATH, |
"Path to authentication timestamp dir: %s" |
"Path to authentication timestamp dir: %s" |
}, { |
}, { |
"exempt_group", T_STR|T_BOOL, { 0 }, |
"exempt_group", T_STR|T_BOOL, |
"Users in this group are exempt from password and PATH requirements: %s" |
"Users in this group are exempt from password and PATH requirements: %s" |
}, { |
}, { |
"passprompt", T_STR, { 0 }, |
"passprompt", T_STR, |
"Default password prompt: %s" |
"Default password prompt: %s" |
}, { |
}, { |
"runas_default", T_STR, { 0 }, |
"runas_default", T_STR, |
"Default user to run commands as: %s" |
"Default user to run commands as: %s" |
}, { |
}, { |
"secure_path", T_STR|T_BOOL, { 0 }, |
"secure_path", T_STR|T_BOOL, |
"Value to override user's $PATH with: %s" |
"Value to override user's $PATH with: %s" |
}, { |
}, { |
NULL, 0, { 0 }, NULL |
"listpw_i", T_INT, NULL |
|
}, { |
|
"verifypw_i", T_INT, NULL |
|
}, { |
|
"listpw", T_PWFLAG, |
|
"When to require a password for 'list' pseudocommand: %s" |
|
}, { |
|
"verifypw", T_PWFLAG, |
|
"When to require a password for 'verify' pseudocommand: %s" |
|
}, { |
|
NULL, 0, NULL |
} |
} |
}; |
}; |
|
|
|
|
case T_STR: |
case T_STR: |
case T_LOGFAC: |
case T_LOGFAC: |
case T_LOGPRI: |
case T_LOGPRI: |
|
case T_PWFLAG: |
if (cur->sd_un.str) { |
if (cur->sd_un.str) { |
(void) printf(cur->desc, cur->sd_un.str); |
(void) printf(cur->desc, cur->sd_un.str); |
putchar('\n'); |
putchar('\n'); |
|
|
return(FALSE); |
return(FALSE); |
} |
} |
break; |
break; |
|
case T_PWFLAG: |
|
if (!store_pwflag(val, cur, op)) { |
|
if (val) |
|
(void) fprintf(stderr, |
|
"%s: value '%s' is invalid for option '%s'\n", Argv[0], |
|
val, var); |
|
else |
|
(void) fprintf(stderr, |
|
"%s: no value specified for `%s' on line %d\n", Argv[0], |
|
var, sudolineno); |
|
return(FALSE); |
|
} |
|
break; |
case T_STR: |
case T_STR: |
if (!val) { |
if (!val) { |
/* Check for bogus boolean usage or lack of a value. */ |
/* Check for bogus boolean usage or lack of a value. */ |
|
|
case T_STR: |
case T_STR: |
case T_LOGFAC: |
case T_LOGFAC: |
case T_LOGPRI: |
case T_LOGPRI: |
|
case T_PWFLAG: |
if (def->sd_un.str) { |
if (def->sd_un.str) { |
free(def->sd_un.str); |
free(def->sd_un.str); |
def->sd_un.str = NULL; |
def->sd_un.str = NULL; |
|
|
#ifdef HOST_IN_LOG |
#ifdef HOST_IN_LOG |
def_flag(I_LOG_HOST) = TRUE; |
def_flag(I_LOG_HOST) = TRUE; |
#endif |
#endif |
|
#ifdef SHELL_IF_NO_ARGS |
|
def_flag(I_SHELL_NOARGS) = TRUE; |
|
#endif |
#ifdef SHELL_SETS_HOME |
#ifdef SHELL_SETS_HOME |
def_flag(I_SET_HOME) = TRUE; |
def_flag(I_SET_HOME) = TRUE; |
#endif |
#endif |
|
|
(void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE); |
(void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE); |
#endif |
#endif |
|
|
|
/* Password flags also have a string and integer component. */ |
|
(void) store_pwflag("any", &sudo_defs_table[I_LISTPWSTR], TRUE); |
|
(void) store_pwflag("all", &sudo_defs_table[I_VERIFYPWSTR], TRUE); |
|
|
/* Then initialize the int-like things. */ |
/* Then initialize the int-like things. */ |
#ifdef SUDO_UMASK |
#ifdef SUDO_UMASK |
def_mode(I_UMASK) = SUDO_UMASK; |
def_mode(I_UMASK) = SUDO_UMASK; |
|
|
struct strmap *fac; |
struct strmap *fac; |
|
|
if (op == FALSE) { |
if (op == FALSE) { |
free(def->sd_un.str); |
if (def->sd_un.str) { |
def->sd_un.str = NULL; |
free(def->sd_un.str); |
|
def->sd_un.str = NULL; |
|
} |
return(TRUE); |
return(TRUE); |
} |
} |
#ifdef LOG_NFACILITIES |
#ifdef LOG_NFACILITIES |
|
|
return(FALSE); |
return(FALSE); |
def->sd_un.mode = (mode_t)l; |
def->sd_un.mode = (mode_t)l; |
} |
} |
|
return(TRUE); |
|
} |
|
|
|
static int |
|
store_pwflag(val, def, op) |
|
char *val; |
|
struct sudo_defs_types *def; |
|
int op; |
|
{ |
|
int isub, flags; |
|
|
|
if (strcmp(def->name, "verifypw") == 0) |
|
isub = I_VERIFYPW; |
|
else |
|
isub = I_LISTPW; |
|
|
|
/* Handle !foo. */ |
|
if (op == FALSE) { |
|
if (def->sd_un.str) { |
|
free(def->sd_un.str); |
|
def->sd_un.str = NULL; |
|
} |
|
def->sd_un.str = estrdup("never"); |
|
sudo_defs_table[isub].sd_un.ival = PWCHECK_NEVER; |
|
return(TRUE); |
|
} |
|
if (!val) |
|
return(FALSE); |
|
|
|
/* Convert strings to integer values. */ |
|
if (strcmp(val, "all") == 0) |
|
flags = PWCHECK_ALL; |
|
else if (strcmp(val, "any") == 0) |
|
flags = PWCHECK_ANY; |
|
else if (strcmp(val, "never") == 0) |
|
flags = PWCHECK_NEVER; |
|
else if (strcmp(val, "always") == 0) |
|
flags = PWCHECK_ALWAYS; |
|
else |
|
return(FALSE); |
|
|
|
/* Store both name and number. */ |
|
if (def->sd_un.str) |
|
free(def->sd_un.str); |
|
def->sd_un.str = estrdup(val); |
|
sudo_defs_table[isub].sd_un.ival = flags; |
|
|
return(TRUE); |
return(TRUE); |
} |
} |