3 files changed, 70 insertions, 37 deletions

diff --git a/usr.bin/sudo/ChangeLog b/usr.bin/sudo/ChangeLog
index a20a1fc7fe5..ef26b882c7e 100644
--- a/usr.bin/sudo/ChangeLog
+++ b/usr.bin/sudo/ChangeLog
@@ -1,3 +1,18 @@
+2009-06-23 14:29  millert
+
+	* sudoers.pod: Document that we accept env_pam-style environment
+	  files
+
+2009-06-23 14:24  millert
+
+	* env.c: Adapt to accept pam_env-style /etc/environment which
+	  allows shell-style lines such as: export EDITOR="/usr/bin/vi"
+
+2009-06-23 12:22  millert
+
+	* sudoers.pod: Make it clear that env_delete only works when
+	  !env_reset.  From Loïc Minier
+
 2009-06-15 17:19  millert
 
 	* sudo.pod, sudoers.pod: Add non-unix group bits, adapted from
diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c
index 54b685dfa85..3049dff9330 100644
--- a/usr.bin/sudo/env.c
+++ b/usr.bin/sudo/env.c
@@ -43,13 +43,14 @@
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
+#include <ctype.h>
 #include <errno.h>
 #include <pwd.h>
 
 #include "sudo.h"
 
 #ifndef lint
-__unused static const char rcsid[] = "$Sudo: env.c,v 1.105 2009/06/15 13:10:01 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: env.c,v 1.106 2009/06/23 18:24:42 millert Exp $";
 #endif /* lint */
 
 /*
@@ -849,7 +850,11 @@ validate_env_vars(env_vars)
 
 /*
  * Read in /etc/environment ala AIX and Linux.
- * Lines are in the form of NAME=VALUE
+ * Lines may be in either of three formats:
+ *  NAME=VALUE
+ *  NAME="VALUE"
+ *  NAME='VALUE'
+ * with an optional "export" prefix so the shell can source the file.
  * Invalid lines, blank lines, or lines consisting solely of a comment
  * character are skipped.
  */
@@ -859,21 +864,45 @@ read_env_file(path, overwrite)
     int overwrite;
 {
     FILE *fp;
-    char *cp;
+    char *cp, *var, *val;
+    size_t var_len, val_len;
 
     if ((fp = fopen(path, "r")) == NULL)
 	return;
 
-    while ((cp = sudo_parseln(fp)) != NULL) {
+    while ((var = sudo_parseln(fp)) != NULL) {
 	/* Skip blank or comment lines */
-	if (*cp == '\0')
+	if (*var == '\0')
 	    continue;
 
-	/* Must be of the form name=value */
-	if (strchr(cp, '=') == NULL)
+	/* Skip optional "export " */
+	if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) {
+	    var += 7;
+	    while (isspace((unsigned char) *var)) {
+		var++;
+	    }
+	}
+
+	/* Must be of the form name=["']value['"] */
+	for (val = var; *val != '\0' && *val != '='; val++)
+	    ;
+	if (var == val || *val != '=')
 	    continue;
+	var_len = (size_t)(val - var);
+	val_len = strlen(++val);
+
+	/* Strip leading and trailing single/double quotes */
+	if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) {
+	    val[val_len - 1] = '\0';
+	    val++;
+	    val_len -= 2;
+	}
+
+	cp = emalloc(var_len + 1 + val_len + 1);
+	memcpy(cp, var, var_len + 1); /* includes '=' */
+	memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */
 
-	sudo_putenv(estrdup(cp), TRUE, overwrite);
+	sudo_putenv(cp, TRUE, overwrite);
     }
     fclose(fp);
 }
diff --git a/usr.bin/sudo/sudoers.pod b/usr.bin/sudo/sudoers.pod
index 70febd580f9..847052432ab 100644
--- a/usr.bin/sudo/sudoers.pod
+++ b/usr.bin/sudo/sudoers.pod
@@ -18,7 +18,7 @@ Sponsored in part by the Defense Advanced Research Projects
 Agency (DARPA) and Air Force Research Laboratory, Air Force
 Materiel Command, USAF, under agreement number F39502-99-1-0512.
 
-$Sudo: sudoers.pod,v 1.170 2009/06/15 21:19:47 millert Exp $
+$Sudo: sudoers.pod,v 1.172 2009/06/23 18:29:02 millert Exp $
 =pod
 
 =head1 NAME
@@ -990,13 +990,6 @@ two consecutive C<%> characters are collapsed into a single C<%> character
 
 The default value is C<@passprompt@>.
 
-=item role
-
-The default SELinux role to use when constructing a new security
-context to run the command.  The default role may be overridden on
-a per-command basis in I<sudoers> or via command line options.
-This option is only available whe B<sudo> is built with SELinux support.
-
 =item runas_default
 
 The default user to run commands as if the B<-u> option is not specified
@@ -1030,13 +1023,6 @@ The default is F<@timedir@>.
 The owner of the timestamp directory and the timestamps stored therein.
 The default is C<root>.
 
-=item type
-
-The default SELinux type to use when constructing a new security
-context to run the command.  The default type may be overridden on
-a per-command basis in I<sudoers> or via command line options.
-This option is only available whe B<sudo> is built with SELinux support.
-
 =back
 
 B<Strings that can be used in a boolean context>:
@@ -1056,11 +1042,13 @@ environment variable.
 
 =item env_file
 
-The I<env_file> options specifies the fully qualified path to a file
-containing variables to be set in the environment of the program
-being run.  Entries in this file should be of the form C<VARIABLE=value>.
-Variables in this file are subject to other B<sudo> environment
-settings such as I<env_keep> and I<env_check>.
+The I<env_file> options specifies the fully qualified path to a
+file containing variables to be set in the environment of the program
+being run.  Entries in this file should either be of the form
+C<VARIABLE=value> or C<export VARIABLE=value>.  The value may
+optionally be surrounded by single or double quotes.  Variables in
+this file are subject to other B<sudo> environment settings such
+as I<env_keep> and I<env_check>.
 
 =item exempt_group
 
@@ -1225,15 +1213,16 @@ the I<-V> option.
 
 =item env_delete
 
-Environment variables to be removed from the user's environment.
-The argument may be a double-quoted, space-separated list or a
-single value without double-quotes.  The list can be replaced, added
-to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
-C<!> operators respectively.  The default list of environment
-variables to remove is displayed when B<sudo> is run by root with the
-I<-V> option.  Note that many operating systems will remove potentially
-dangerous variables from the environment of any setuid process (such
-as B<sudo>).
+Environment variables to be removed from the user's environment
+when the I<env_reset> option is not in effect.  The argument may
+be a double-quoted, space-separated list or a single value without
+double-quotes.  The list can be replaced, added to, deleted from,
+or disabled by using the C<=>, C<+=>, C<-=>, and C<!> operators
+respectively.  The default list of environment variables to remove
+is displayed when B<sudo> is run by root with the I<-V> option.
+Note that many operating systems will remove potentially dangerous
+variables from the environment of any setuid process (such as
+B<sudo>).
 
 =item env_keep