diff --git a/plugins/sudoers/display.c b/plugins/sudoers/display.c index 6e4a6fc28..48ba0b8c1 100644 --- a/plugins/sudoers/display.c +++ b/plugins/sudoers/display.c @@ -36,8 +36,8 @@ #include static int -display_priv_short(struct sudoers_parse_tree *parse_tree, struct passwd *pw, - struct userspec *us, struct sudo_lbuf *lbuf) +display_priv_short(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const struct userspec *us, struct sudo_lbuf *lbuf) { struct privilege *priv; int nfound = 0; @@ -103,7 +103,7 @@ display_priv_short(struct sudoers_parse_tree *parse_tree, struct passwd *pw, * Returns true if we should start a new long entry, else false. */ static bool -new_long_entry(struct cmndspec *cs, struct cmndspec *prev_cs) +new_long_entry(const struct cmndspec *cs, const struct cmndspec *prev_cs) { debug_decl(new_long_entry, SUDOERS_DEBUG_PARSER); @@ -141,12 +141,13 @@ new_long_entry(struct cmndspec *cs, struct cmndspec *prev_cs) } static void -display_cmndspec_long(struct sudoers_parse_tree *parse_tree, struct passwd *pw, - struct userspec *us, struct privilege *priv, struct cmndspec *cs, - struct cmndspec *prev_cs, struct sudo_lbuf *lbuf) +display_cmndspec_long(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const struct userspec *us, + const struct privilege *priv, const struct cmndspec *cs, + const struct cmndspec *prev_cs, struct sudo_lbuf *lbuf) { - struct defaults *d; - struct member *m; + const struct defaults *d; + const struct member *m; debug_decl(display_cmndspec_long, SUDOERS_DEBUG_PARSER); if (new_long_entry(cs, prev_cs)) { @@ -261,15 +262,15 @@ display_cmndspec_long(struct sudoers_parse_tree *parse_tree, struct passwd *pw, } static int -display_priv_long(struct sudoers_parse_tree *parse_tree, struct passwd *pw, - struct userspec *us, struct sudo_lbuf *lbuf) +display_priv_long(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const struct userspec *us, struct sudo_lbuf *lbuf) { - struct privilege *priv; + const struct privilege *priv; int nfound = 0; debug_decl(display_priv_long, SUDOERS_DEBUG_PARSER); TAILQ_FOREACH(priv, &us->privileges, entries) { - struct cmndspec *cs, *prev_cs; + const struct cmndspec *cs, *prev_cs; if (hostlist_matches(parse_tree, pw, &priv->hostlist) != ALLOW) continue; @@ -285,10 +286,10 @@ display_priv_long(struct sudoers_parse_tree *parse_tree, struct passwd *pw, } static int -sudo_display_userspecs(struct sudoers_parse_tree *parse_tree, struct passwd *pw, - struct sudo_lbuf *lbuf, bool verbose) +sudo_display_userspecs(struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, struct sudo_lbuf *lbuf, bool verbose) { - struct userspec *us; + const struct userspec *us; int nfound = 0; debug_decl(sudo_display_userspecs, SUDOERS_DEBUG_PARSER); @@ -310,10 +311,10 @@ sudo_display_userspecs(struct sudoers_parse_tree *parse_tree, struct passwd *pw, * Display matching Defaults entries for the given user on this host. */ static int -display_defaults(struct sudoers_parse_tree *parse_tree, struct passwd *pw, - struct sudo_lbuf *lbuf) +display_defaults(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, struct sudo_lbuf *lbuf) { - struct defaults *d; + const struct defaults *d; const char *prefix; int nfound = 0; debug_decl(display_defaults, SUDOERS_DEBUG_PARSER); @@ -351,12 +352,12 @@ display_defaults(struct sudoers_parse_tree *parse_tree, struct passwd *pw, * Display Defaults entries of the given type. */ static int -display_bound_defaults_by_type(struct sudoers_parse_tree *parse_tree, +display_bound_defaults_by_type(const struct sudoers_parse_tree *parse_tree, int deftype, struct sudo_lbuf *lbuf) { - struct defaults *d; - struct defaults_binding *binding = NULL; - struct member *m; + const struct defaults *d; + const struct defaults_binding *binding = NULL; + const struct member *m; const char *dsep; short atype; int nfound = 0; @@ -412,8 +413,8 @@ display_bound_defaults_by_type(struct sudoers_parse_tree *parse_tree, * Display Defaults entries that are per-runas or per-command */ static int -display_bound_defaults(struct sudoers_parse_tree *parse_tree, - struct passwd *pw, struct sudo_lbuf *lbuf) +display_bound_defaults(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, struct sudo_lbuf *lbuf) { int nfound = 0; debug_decl(display_bound_defaults, SUDOERS_DEBUG_PARSER); @@ -449,9 +450,9 @@ output(const char *buf) * Returns true on success or -1 on error. */ int -display_privs(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) +display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose) { - struct sudo_nss *nss; + const struct sudo_nss *nss; struct sudo_lbuf def_buf, priv_buf; int cols, count, n; unsigned int olen; @@ -536,14 +537,14 @@ bad: } static int -display_cmnd_check(struct sudoers_parse_tree *parse_tree, struct passwd *pw, - time_t now, struct sudoers_match_info *match_info) +display_cmnd_check(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, time_t now, struct sudoers_match_info *match_info) { int host_match, runas_match, cmnd_match = UNSPEC; char *saved_user_cmnd, *saved_user_base; - struct cmndspec *cs; - struct privilege *priv; - struct userspec *us; + const struct privilege *priv; + const struct userspec *us; + const struct cmndspec *cs; debug_decl(display_cmnd_check, SUDOERS_DEBUG_PARSER); /* @@ -599,7 +600,7 @@ done: * Returns true if the command is allowed, false if not or -1 on error. */ int -display_cmnd(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) +display_cmnd(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose) { struct sudoers_match_info match_info = { NULL }; struct sudo_lbuf lbuf; diff --git a/plugins/sudoers/fmtsudoers.c b/plugins/sudoers/fmtsudoers.c index 5f38953d1..96ffe2eab 100644 --- a/plugins/sudoers/fmtsudoers.c +++ b/plugins/sudoers/fmtsudoers.c @@ -40,13 +40,13 @@ */ static bool sudoers_format_member_int(struct sudo_lbuf *lbuf, - const struct sudoers_parse_tree *parse_tree, char *name, int type, + const struct sudoers_parse_tree *parse_tree, const char *name, int type, bool negated, const char *separator, short alias_type) { struct alias *a; - struct member *m; - struct sudo_command *c; - struct command_digest *digest; + const struct member *m; + const struct sudo_command *c; + const struct command_digest *digest; debug_decl(sudoers_format_member_int, SUDOERS_DEBUG_UTIL); switch (type) { @@ -136,7 +136,7 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf, bool sudoers_format_member(struct sudo_lbuf *lbuf, - const struct sudoers_parse_tree *parse_tree, struct member *m, + const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *separator, short alias_type) { return sudoers_format_member_int(lbuf, parse_tree, m->name, m->type, @@ -185,10 +185,11 @@ sudoers_defaults_to_tags(const char *var, const char *val, int op, * Convert a defaults list to command tags. */ bool -sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags) +sudoers_defaults_list_to_tags(const struct defaults_list *defs, + struct cmndtag *tags) { + const struct defaults *d; bool ret = true; - struct defaults *d; debug_decl(sudoers_defaults_list_to_tags, SUDOERS_DEBUG_UTIL); TAGS_INIT(tags); @@ -222,8 +223,8 @@ sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags) */ bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, - const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, - struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases) + const struct sudoers_parse_tree *parse_tree, const struct cmndspec *cs, + const struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases) { debug_decl(sudoers_format_cmndspec, SUDOERS_DEBUG_UTIL); @@ -298,7 +299,7 @@ sudoers_format_cmndspec(struct sudo_lbuf *lbuf, * Format and append a defaults entry to the specified lbuf. */ bool -sudoers_format_default(struct sudo_lbuf *lbuf, struct defaults *d) +sudoers_format_default(struct sudo_lbuf *lbuf, const struct defaults *d) { debug_decl(sudoers_format_default, SUDOERS_DEBUG_UTIL); diff --git a/plugins/sudoers/fmtsudoers_cvt.c b/plugins/sudoers/fmtsudoers_cvt.c index fe52d8da7..ab55d1195 100644 --- a/plugins/sudoers/fmtsudoers_cvt.c +++ b/plugins/sudoers/fmtsudoers_cvt.c @@ -37,12 +37,12 @@ */ bool sudoers_format_privilege(struct sudo_lbuf *lbuf, - const struct sudoers_parse_tree *parse_tree, struct privilege *priv, + const struct sudoers_parse_tree *parse_tree, const struct privilege *priv, bool expand_aliases) { - struct cmndspec *cs, *prev_cs; + const struct cmndspec *cs, *prev_cs; + const struct member *m; struct cmndtag tags; - struct member *m; debug_decl(sudoers_format_privilege, SUDOERS_DEBUG_UTIL); /* Convert per-privilege defaults to tags. */ @@ -101,11 +101,11 @@ sudoers_format_privilege(struct sudo_lbuf *lbuf, bool sudoers_format_userspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, - struct userspec *us, bool expand_aliases) + const struct userspec *us, bool expand_aliases) { - struct privilege *priv; - struct sudoers_comment *comment; - struct member *m; + const struct sudoers_comment *comment; + const struct privilege *priv; + const struct member *m; debug_decl(sudoers_format_userspec, SUDOERS_DEBUG_UTIL); /* Print comments (if any). */ @@ -142,7 +142,7 @@ sudoers_format_userspecs(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush) { - struct userspec *us; + const struct userspec *us; debug_decl(sudoers_format_userspecs, SUDOERS_DEBUG_UTIL); TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { @@ -164,10 +164,10 @@ sudoers_format_userspecs(struct sudo_lbuf *lbuf, */ bool sudoers_format_default_line(struct sudo_lbuf *lbuf, - const struct sudoers_parse_tree *parse_tree, struct defaults *d, + const struct sudoers_parse_tree *parse_tree, const struct defaults *d, struct defaults **next, bool expand_aliases) { - struct member *m; + const struct member *m; short alias_type; debug_decl(sudoers_format_default_line, SUDOERS_DEBUG_UTIL); diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 952f20b43..d53babf35 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -299,10 +299,10 @@ struct defaults { }; struct sudoers_match_info { - struct sudoers_parse_tree *parse_tree; - struct userspec *us; /* matching userspec */ - struct privilege *priv; /* matching privilege */ - struct cmndspec *cs; /* matching cmndspec */ + const struct sudoers_parse_tree *parse_tree; + const struct userspec *us; /* matching userspec */ + const struct privilege *priv; /* matching privilege */ + const struct cmndspec *cs; /* matching cmndspec */ }; /* @@ -331,7 +331,7 @@ struct cmnd_info { /* * Optional callback for sudoers_lookup(). */ -typedef void (*sudoers_lookup_callback_fn_t)(struct sudoers_parse_tree *parse_tree, struct userspec *us, int user_match, struct privilege *priv, int host_match, struct cmndspec *cs, int date_match, int runas_match, int cmnd_match, void *closure); +typedef void (*sudoers_lookup_callback_fn_t)(const struct sudoers_parse_tree *parse_tree, const struct userspec *us, int user_match, const struct privilege *priv, int host_match, const struct cmndspec *cs, int date_match, int runas_match, int cmnd_match, void *closure); /* * Parse configuration settings, passed to init_parser(). @@ -487,24 +487,24 @@ struct sudo_nss_list; unsigned int sudoers_lookup(struct sudo_nss_list *snl, struct passwd *pw, time_t now, sudoers_lookup_callback_fn_t callback, void *cb_data, int *cmnd_status, int pwflag); /* display.c */ -int display_privs(struct sudo_nss_list *snl, struct passwd *pw, bool verbose); -int display_cmnd(struct sudo_nss_list *snl, struct passwd *pw, bool verbose); +int display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose); +int display_cmnd(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose); /* parse_ldif.c */ bool sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, FILE *fp, const char *sudoers_base, bool store_options); /* fmtsudoers.c */ struct sudo_lbuf; -bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases); -bool sudoers_format_default(struct sudo_lbuf *lbuf, struct defaults *d); -bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, short alias_type); +bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const struct cmndspec *cs, const struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases); +bool sudoers_format_default(struct sudo_lbuf *lbuf, const struct defaults *d); +bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *separator, short alias_type); bool sudoers_defaults_to_tags(const char *var, const char *val, int op, struct cmndtag *tags); -bool sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags); +bool sudoers_defaults_list_to_tags(const struct defaults_list *defs, struct cmndtag *tags); /* fmtsudoers_cvt.c */ -bool sudoers_format_privilege(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct privilege *priv, bool expand_aliases); -bool sudoers_format_userspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases); +bool sudoers_format_privilege(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const struct privilege *priv, bool expand_aliases); +bool sudoers_format_userspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const struct userspec *us, bool expand_aliases); bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush); -bool sudoers_format_default_line(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct defaults *d, struct defaults **next, bool expand_aliases); +bool sudoers_format_default_line(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const struct defaults *d, struct defaults **next, bool expand_aliases); #endif /* SUDOERS_PARSE_H */ diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index 392a609ea..72a500e72 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -815,14 +815,14 @@ sudoers_lookup(struct sudo_nss_list *snl, struct passwd *pw, time_t now, /* STUB */ int -display_cmnd(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) +display_cmnd(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose) { return true; } /* STUB */ int -display_privs(struct sudo_nss_list *snl, struct passwd *pw, bool verbose) +display_privs(const struct sudo_nss_list *snl, struct passwd *pw, bool verbose) { return true; } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index e0152d7d5..75394c508 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -326,9 +326,10 @@ done: } static void -cb_lookup(struct sudoers_parse_tree *parse_tree, struct userspec *us, - int user_match, struct privilege *priv, int host_match, struct cmndspec *cs, - int date_match, int runas_match, int cmnd_match, void *closure) +cb_lookup(const struct sudoers_parse_tree *parse_tree, + const struct userspec *us, int user_match, const struct privilege *priv, + int host_match, const struct cmndspec *cs, int date_match, int runas_match, + int cmnd_match, void *closure) { struct sudoers_match_info *info = closure; diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index c9143d870..93b670592 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -74,7 +74,7 @@ static bool cb_runas_default(const char *file, int line, int column, const union static int testsudoers_error(const char * restrict buf); static int testsudoers_output(const char * restrict buf); sudo_noreturn static void usage(void); -static void cb_lookup(struct sudoers_parse_tree *parse_tree, struct userspec *us, int user_match, struct privilege *priv, int host_match, struct cmndspec *cs, int date_match, int runas_match, int cmnd_match, void *closure); +static void cb_lookup(const struct sudoers_parse_tree *parse_tree, const struct userspec *us, int user_match, const struct privilege *priv, int host_match, const struct cmndspec *cs, int date_match, int runas_match, int cmnd_match, void *closure); static int testsudoers_query(const struct sudo_nss *nss, struct passwd *pw); /* @@ -626,11 +626,12 @@ set_cmnd_path(const char *runchroot) } static void -cb_lookup(struct sudoers_parse_tree *parse_tree, struct userspec *us, - int user_match, struct privilege *priv, int host_match, struct cmndspec *cs, - int date_match, int runas_match, int cmnd_match, void *closure) +cb_lookup(const struct sudoers_parse_tree *parse_tree, + const struct userspec *us, int user_match, const struct privilege *priv, + int host_match, const struct cmndspec *cs, int date_match, int runas_match, + int cmnd_match, void *closure) { - static struct privilege *prev_priv; + static const struct privilege *prev_priv; struct sudo_lbuf lbuf; /* Only output info for the selected user. */