From 13672f28df17d152d890b551ea659778d31b9273 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 28 Jun 2022 16:33:15 -0600 Subject: [PATCH] Make sudo pass -Wwrite-strings --- configure | 2 +- configure.ac | 2 +- include/sudo_iolog.h | 2 +- lib/eventlog/eventlog.c | 4 +- lib/eventlog/logwrap.c | 2 +- lib/iolog/host_port.c | 4 +- lib/iolog/regress/host_port/host_port_test.c | 4 +- .../regress/iolog_mkpath/check_iolog_mkpath.c | 4 +- lib/util/aix.c | 10 +- lib/util/getgrouplist.c | 2 +- lib/util/getopt_long.c | 4 +- lib/util/lbuf.c | 4 +- lib/util/logfac.c | 2 +- lib/util/logpri.c | 2 +- lib/util/regress/progname/progname_test.c | 2 +- lib/util/snprintf.c | 6 +- lib/util/sudo_conf.c | 6 +- lib/util/sudo_debug.c | 8 +- logsrvd/logsrvd_conf.c | 4 +- logsrvd/logsrvd_local.c | 4 +- logsrvd/logsrvd_relay.c | 2 +- logsrvd/sendlog.c | 100 ++- plugins/audit_json/audit_json.c | 8 +- plugins/python/python_convmessage.c | 4 +- plugins/python/python_plugin_common.c | 2 +- .../python/regress/check_python_examples.c | 10 +- plugins/python/sudo_python_module.c | 8 +- plugins/sudoers/auth/bsdauth.c | 8 +- plugins/sudoers/auth/pam.c | 2 +- plugins/sudoers/auth/sudo_auth.h | 2 +- plugins/sudoers/cvtsudoers.c | 2 +- plugins/sudoers/cvtsudoers_csv.c | 2 +- plugins/sudoers/cvtsudoers_json.c | 2 +- plugins/sudoers/cvtsudoers_ldif.c | 2 +- plugins/sudoers/cvtsudoers_pwutil.c | 6 +- plugins/sudoers/defaults.c | 2 +- plugins/sudoers/defaults.h | 6 +- plugins/sudoers/editor.c | 9 +- plugins/sudoers/env.c | 4 +- plugins/sudoers/exptilde.c | 2 +- plugins/sudoers/getdate.c | 2 +- plugins/sudoers/getdate.y | 2 +- plugins/sudoers/gram.c | 594 +++++++++--------- plugins/sudoers/gram.h | 3 +- plugins/sudoers/gram.y | 16 +- plugins/sudoers/group_plugin.c | 2 +- plugins/sudoers/insults.h | 2 +- plugins/sudoers/iolog.c | 2 +- plugins/sudoers/ldap.c | 4 +- plugins/sudoers/ldap_conf.c | 3 +- plugins/sudoers/log_client.c | 128 ++-- plugins/sudoers/logging.c | 2 +- plugins/sudoers/parse.c | 4 +- plugins/sudoers/policy.c | 4 +- plugins/sudoers/pwutil.c | 2 +- plugins/sudoers/regress/editor/check_editor.c | 20 +- .../sudoers/regress/exptilde/check_exptilde.c | 6 +- plugins/sudoers/regress/fuzz/fuzz_policy.c | 4 +- plugins/sudoers/regress/fuzz/fuzz_sudoers.c | 26 +- .../regress/iolog_plugin/check_iolog_plugin.c | 9 +- .../sudoers/regress/parser/check_gentime.c | 4 +- .../serialize_list/check_serialize_list.c | 6 +- .../sudoers/regress/unescape/check_unesc.c | 6 +- plugins/sudoers/sudoers.c | 6 +- plugins/sudoers/sudoers.h | 8 +- plugins/sudoers/sudoers_hooks.c | 2 +- plugins/sudoers/sudoreplay.c | 2 +- plugins/sudoers/testsudoers.c | 4 +- plugins/sudoers/visudo.c | 22 +- src/edit_open.c | 9 +- src/exec_common.c | 6 +- src/parse_args.c | 6 +- src/regress/noexec/check_noexec.c | 2 +- src/selinux.c | 7 +- src/sudo.c | 18 +- src/sudo_edit.c | 18 +- src/sudo_intercept.c | 8 +- 77 files changed, 590 insertions(+), 640 deletions(-) diff --git a/configure b/configure index 22fd7815d..cd658a2ae 100755 --- a/configure +++ b/configure @@ -32298,7 +32298,7 @@ printf "%s\n" "#define os_init $OS_INIT" >>confdefs.h if test -n "$GCC"; then if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then - CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas -Wmissing-prototypes" + CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas -Wmissing-prototypes -Wwrite-strings" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wshadow" >&5 printf %s "checking whether C compiler accepts -Wshadow... " >&6; } if test ${ax_cv_check_cflags___Wshadow+y} diff --git a/configure.ac b/configure.ac index f903498e0..676166bf5 100644 --- a/configure.ac +++ b/configure.ac @@ -4995,7 +4995,7 @@ if test -n "$GCC"; then dnl dnl Default warnings for development use. dnl - CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas -Wmissing-prototypes" + CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas -Wmissing-prototypes -Wwrite-strings" AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"]) dnl dnl The fallthrough attribute is supported by gcc 7.0 and clang 10. diff --git a/include/sudo_iolog.h b/include/sudo_iolog.h index 83d48dbd9..90aa2099b 100644 --- a/include/sudo_iolog.h +++ b/include/sudo_iolog.h @@ -95,7 +95,7 @@ struct iolog_path_escape { }; /* host_port.c */ -bool iolog_parse_host_port(char *str, char **hostp, char **portp, bool *tlsp, char *defport, char *defport_tls); +bool iolog_parse_host_port(char *str, char **hostp, char **portp, bool *tlsp, const char *defport, const char *defport_tls); /* iolog_path.c */ bool expand_iolog_path(const char *inpath, char *path, size_t pathlen, const struct iolog_path_escape *escapes, void *closure); diff --git a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c index 223ab8a69..15134913c 100644 --- a/lib/eventlog/eventlog.c +++ b/lib/eventlog/eventlog.c @@ -356,7 +356,7 @@ exec_mailer(int pipein) char *last, *mflags, *p, *argv[MAX_MAILFLAGS + 1]; const char *mpath = evl_conf->mailerpath; int i; - char * const root_envp[] = { + const char * const root_envp[] = { "HOME=/", "PATH=/usr/bin:/bin:/usr/sbin:/sbin", "LOGNAME=root", @@ -409,7 +409,7 @@ exec_mailer(int pipein) } sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); if (evl_conf->mailuid == ROOT_UID) - execve(mpath, argv, root_envp); + execve(mpath, argv, (char **)root_envp); else execv(mpath, argv); syslog(LOG_ERR, _("unable to execute %s: %m"), mpath); // -V618 diff --git a/lib/eventlog/logwrap.c b/lib/eventlog/logwrap.c index 615598230..2e6994804 100644 --- a/lib/eventlog/logwrap.c +++ b/lib/eventlog/logwrap.c @@ -35,7 +35,7 @@ size_t eventlog_writeln(FILE *fp, char *line, size_t linelen, size_t maxlen) { - char *indent = ""; + const char *indent = ""; char *beg = line; char *end; int len; diff --git a/lib/iolog/host_port.c b/lib/iolog/host_port.c index ad1a98b27..2b13f574b 100644 --- a/lib/iolog/host_port.c +++ b/lib/iolog/host_port.c @@ -39,7 +39,7 @@ */ bool iolog_parse_host_port(char *str, char **hostp, char **portp, bool *tlsp, - char *defport, char *defport_tls) + const char *defport, const char *defport_tls) { char *flags, *port, *host = str; bool ret = false; @@ -88,7 +88,7 @@ iolog_parse_host_port(char *str, char **hostp, char **portp, bool *tlsp, } if (port == NULL) - port = tls ? defport_tls : defport; + port = tls ? (char *)defport_tls : (char *)defport; else if (*port == '\0') goto done; diff --git a/lib/iolog/regress/host_port/host_port_test.c b/lib/iolog/regress/host_port/host_port_test.c index 065e216e7..9b504e1fe 100644 --- a/lib/iolog/regress/host_port/host_port_test.c +++ b/lib/iolog/regress/host_port/host_port_test.c @@ -45,8 +45,8 @@ struct host_port_test { const char *host; /* parsed host */ const char *port; /* parsed port */ bool tls; /* parsed TLS flag */ - char *defport; /* default port */ - char *defport_tls; /* default port */ + const char *defport; /* default port */ + const char *defport_tls; /* default port */ bool ret; /* return value */ }; diff --git a/lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c b/lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c index 5d05f8239..f0ece1a09 100644 --- a/lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c +++ b/lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c @@ -66,7 +66,7 @@ int main(int argc, char *argv[]) { char testdir[] = "mkpath.XXXXXX"; - char *rmargs[] = { "rm", "-rf", NULL, NULL }; + const char *rmargs[] = { "rm", "-rf", NULL, NULL }; int ch, status, ntests = 0, errors = 0; initprogname(argc > 0 ? argv[0] : "check_iolog_mkpath"); @@ -97,7 +97,7 @@ main(int argc, char *argv[]) } /* Clean up (avoid running via shell) */ - execvp("rm", rmargs); + execvp("rm", (char **)rmargs); wait(&status); return errors; diff --git a/lib/util/aix.c b/lib/util/aix.c index 495637315..8a1c7505a 100644 --- a/lib/util/aix.c +++ b/lib/util/aix.c @@ -52,8 +52,8 @@ struct aix_limit { int resource; - char *soft; - char *hard; + const char *soft; + const char *hard; int factor; }; @@ -68,11 +68,11 @@ static struct aix_limit aix_limits[] = { }; static int -aix_getlimit(char *user, char *lim, int *valp) +aix_getlimit(const char *user, const char *lim, int *valp) { debug_decl(aix_getlimit, SUDO_DEBUG_UTIL); - if (getuserattr(user, lim, valp, SEC_INT) != 0) + if (getuserattr((char *)user, (char *)lim, valp, SEC_INT) != 0) debug_return_int(-1); debug_return_int(0); } @@ -169,7 +169,7 @@ aix_getauthregistry_v1(char *user, char *saved_registry) sudo_warn("%s", U_("unable to open userdb")); goto done; } - ret = getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR); + ret = getuserattr(user, (char *)S_REGISTRY, ®istry, SEC_CHAR); if (ret == 0) { /* sizeof(authdb_t) is guaranteed to be 16 */ if (strlcpy(saved_registry, registry, 16) >= 16) { diff --git a/lib/util/getgrouplist.c b/lib/util/getgrouplist.c index 125d49460..b6170c6ce 100644 --- a/lib/util/getgrouplist.c +++ b/lib/util/getgrouplist.c @@ -238,7 +238,7 @@ str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen) /* Check for YP inclusion/exclusion entries. */ if (*cp == '+' || *cp == '-') { /* Only the name is required for YP inclusion/exclusion entries. */ - grp->gr_passwd = ""; + grp->gr_passwd = (char *)""; grp->gr_gid = 0; grp->gr_mem = NULL; yp = 1; diff --git a/lib/util/getopt_long.c b/lib/util/getopt_long.c index 3a48f0ebb..15b04eef9 100644 --- a/lib/util/getopt_long.c +++ b/lib/util/getopt_long.c @@ -96,7 +96,7 @@ int optreset; /* reset getopt */ #define BADARG ((*options == ':') ? (int)':' : (int)'?') #define INORDER (int)1 -#define EMSG "" +#define EMSG (char *)"" #ifdef GNU_COMPATIBLE #define NO_PREFIX (-1) @@ -202,7 +202,7 @@ parse_long_options(char * const *nargv, const char *options, { char *current_argv, *has_equal; #ifdef GNU_COMPATIBLE - char *current_dash; + const char *current_dash; #endif size_t current_argv_len; int i, match, exact_match, second_partial_match; diff --git a/lib/util/lbuf.c b/lib/util/lbuf.c index f17ae0ca5..735598cc3 100644 --- a/lib/util/lbuf.c +++ b/lib/util/lbuf.c @@ -96,7 +96,7 @@ sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char * { int len, saved_len = lbuf->len; bool ret = false; - char *cp, *s; + const char *cp, *s; va_list ap; debug_decl(sudo_lbuf_append_quoted, SUDO_DEBUG_UTIL); @@ -155,7 +155,7 @@ sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char *fmt, ...) int len, saved_len = lbuf->len; bool ret = false; va_list ap; - char *s; + const char *s; debug_decl(sudo_lbuf_append, SUDO_DEBUG_UTIL); if (sudo_lbuf_error(lbuf)) diff --git a/lib/util/logfac.c b/lib/util/logfac.c index 97a80d965..5a97ac3b1 100644 --- a/lib/util/logfac.c +++ b/lib/util/logfac.c @@ -39,7 +39,7 @@ * For converting between syslog numbers and strings. */ struct strmap { - char *name; + const char *name; int num; }; diff --git a/lib/util/logpri.c b/lib/util/logpri.c index 34d060295..a6503bd76 100644 --- a/lib/util/logpri.c +++ b/lib/util/logpri.c @@ -39,7 +39,7 @@ * For converting between syslog numbers and strings. */ struct strmap { - char *name; + const char *name; int num; }; diff --git a/lib/util/regress/progname/progname_test.c b/lib/util/regress/progname/progname_test.c index 1c7cb13d9..7a0fa5eee 100644 --- a/lib/util/regress/progname/progname_test.c +++ b/lib/util/regress/progname/progname_test.c @@ -35,7 +35,7 @@ sudo_dso_public int main(int argc, char *argv[]); int main(int argc, char *argv[]) { - char *progbase = "progname_test"; + const char *progbase = "progname_test"; int ch; if (argc > 0) diff --git a/lib/util/snprintf.c b/lib/util/snprintf.c index 76278630c..f51742275 100644 --- a/lib/util/snprintf.c +++ b/lib/util/snprintf.c @@ -848,7 +848,7 @@ fp_common: convbuf = NULL; } if ((wcp = GETARG(wchar_t *)) == NULL) { - cp = "(null)"; + cp = (char *)"(null)"; } else { convbuf = __wcsconv(wcp, prec); if (convbuf == NULL) @@ -858,7 +858,7 @@ fp_common: } else #endif /* PRINTF_WIDE_CHAR */ if ((cp = GETARG(char *)) == NULL) - cp = "(null)"; + cp = (char *)"(null)"; if (prec >= 0) { /* * can't use strlen; can only look for the @@ -945,7 +945,7 @@ number: if ((dprec = prec) >= 0) break; default: - cp = "bug in vfprintf: bad base"; + cp = (char *)"bug in xxxprintf: bad base"; size = strlen(cp); goto skipsize; } diff --git a/lib/util/sudo_conf.c b/lib/util/sudo_conf.c index 29518d4d9..5357df1d3 100644 --- a/lib/util/sudo_conf.c +++ b/lib/util/sudo_conf.c @@ -68,7 +68,7 @@ struct sudo_conf_path_table { const char *pname; unsigned int pnamelen; bool dynamic; - char *pval; + const char *pval; }; struct sudo_conf_settings { @@ -221,7 +221,7 @@ parse_path(const char *entry, const char *conf_file, unsigned int lineno) } } if (cur->dynamic) - free(cur->pval); + free((char *)cur->pval); cur->pval = pval; cur->dynamic = true; sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%u: Path %s %s", @@ -769,7 +769,7 @@ sudo_conf_clear_paths_v1(void) for (cur = sudo_conf_data.path_table; cur->pname != NULL; cur++) { if (cur->dynamic) - free(cur->pval); + free((char *)cur->pval); cur->pval = NULL; cur->dynamic = false; } diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index 3fe9675a3..d78536a0c 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -652,7 +652,7 @@ sudo_debug_write2_v1(int fd, const char *func, const char *file, int lineno, /* Append error string if errno is specified. */ if (errnum) { if (len > 0) { - iov[iovcnt].iov_base = ": "; + iov[iovcnt].iov_base = (char *)": "; iov[iovcnt].iov_len = 2; iovcnt++; } @@ -663,7 +663,7 @@ sudo_debug_write2_v1(int fd, const char *func, const char *file, int lineno, /* If function, file and lineno are specified, append them. */ if (func != NULL && file != NULL && lineno != 0) { - iov[iovcnt].iov_base = " @ "; + iov[iovcnt].iov_base = (char *)" @ "; iov[iovcnt].iov_len = 3; iovcnt++; @@ -671,7 +671,7 @@ sudo_debug_write2_v1(int fd, const char *func, const char *file, int lineno, iov[iovcnt].iov_len = strlen(func); iovcnt++; - iov[iovcnt].iov_base = "() "; + iov[iovcnt].iov_base = (char *)"() "; iov[iovcnt].iov_len = 3; iovcnt++; @@ -686,7 +686,7 @@ sudo_debug_write2_v1(int fd, const char *func, const char *file, int lineno, } /* Append newline. */ - iov[iovcnt].iov_base = "\n"; + iov[iovcnt].iov_base = (char *)"\n"; iov[iovcnt].iov_len = 1; iovcnt++; diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c index 322cdf34d..74ce416b8 100644 --- a/logsrvd/logsrvd_conf.c +++ b/logsrvd/logsrvd_conf.c @@ -88,13 +88,13 @@ struct logsrvd_config; typedef bool (*logsrvd_conf_cb_t)(struct logsrvd_config *, const char *, size_t); struct logsrvd_config_entry { - char *conf_str; + const char *conf_str; logsrvd_conf_cb_t setter; size_t offset; }; struct logsrvd_config_section { - char *name; + const char *name; struct logsrvd_config_entry *entries; }; diff --git a/logsrvd/logsrvd_local.c b/logsrvd/logsrvd_local.c index 5119d2ef9..9fb03ba7b 100644 --- a/logsrvd/logsrvd_local.c +++ b/logsrvd/logsrvd_local.c @@ -329,11 +329,11 @@ store_exit_info_json(int dfd, struct eventlog *evlog) } /* Append the exit data and close the object. */ - iov[0].iov_base = ","; + iov[0].iov_base = (char *)","; iov[0].iov_len = 1; iov[1].iov_base = sudo_json_get_buf(&json); iov[1].iov_len = sudo_json_get_len(&json); - iov[2].iov_base = "\n}\n"; + iov[2].iov_base = (char *)"\n}\n"; iov[2].iov_len = 3; if (writev(fd, iov, 3) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, diff --git a/logsrvd/logsrvd_relay.c b/logsrvd/logsrvd_relay.c index 6e20b3cbc..13bf82c43 100644 --- a/logsrvd/logsrvd_relay.c +++ b/logsrvd/logsrvd_relay.c @@ -234,7 +234,7 @@ fmt_client_hello(struct connection_closure *closure) debug_decl(fmt_client_hello, SUDO_DEBUG_UTIL); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__); - hello_msg.client_id = "Sudo Logsrvd " PACKAGE_VERSION; + hello_msg.client_id = (char *)"Sudo Logsrvd " PACKAGE_VERSION; client_msg.u.hello_msg = &hello_msg; client_msg.type_case = CLIENT_MESSAGE__TYPE_HELLO_MSG; diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c index 9b61cb812..0865a9770 100644 --- a/logsrvd/sendlog.c +++ b/logsrvd/sendlog.c @@ -355,7 +355,7 @@ fmt_client_hello(struct client_closure *closure) debug_decl(fmt_client_hello, SUDO_DEBUG_UTIL); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__); - hello_msg.client_id = "Sudo Sendlog " PACKAGE_VERSION; + hello_msg.client_id = (char *)"Sudo Sendlog " PACKAGE_VERSION; /* Schedule ClientMessage */ client_msg.u.hello_msg = &hello_msg; @@ -549,82 +549,52 @@ fmt_info_messages(const struct eventlog *evlog, char *hostname, info_message__init(info_msgs[n]); } +#define fill_str(_n, _v) do { \ + info_msgs[n]->key = (char *)(_n); \ + info_msgs[n]->u.strval = (_v); \ + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; \ + n++; \ +} while (0) + +#define fill_strlist(_n, _v) do { \ + info_msgs[n]->key = (char *)(_n); \ + info_msgs[n]->u.strlistval = (_v); \ + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; \ + n++; \ +} while (0) + +#define fill_num(_n, _v) do { \ + info_msgs[n]->key = (char *)(_n); \ + info_msgs[n]->u.numval = (_v); \ + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; \ + n++; \ +} while (0) + /* Fill in info_msgs */ n = 0; - info_msgs[n]->key = "command"; - info_msgs[n]->u.strval = evlog->command; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - info_msgs[n]->key = "columns"; - info_msgs[n]->u.numval = evlog->columns; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; - - info_msgs[n]->key = "lines"; - info_msgs[n]->u.numval = evlog->lines; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; - - info_msgs[n]->key = "runargv"; - info_msgs[n]->u.strlistval = runargv; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; + fill_num("columns", evlog->columns); + fill_str("command", evlog->command); + fill_num("lines", evlog->lines); + fill_strlist("runargv", runargv); runargv = NULL; - n++; - if (runenv != NULL) { - info_msgs[n]->key = "runenv"; - info_msgs[n]->u.strlistval = runenv; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; + fill_strlist("runenv", runenv); runenv = NULL; - n++; } - if (evlog->rungid != (gid_t)-1) { - info_msgs[n]->key = "rungid"; - info_msgs[n]->u.numval = evlog->rungid; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; + fill_num("rungid", evlog->rungid); } - if (evlog->rungroup != NULL) { - info_msgs[n]->key = "rungroup"; - info_msgs[n]->u.strval = evlog->rungroup; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; + fill_str("rungroup", evlog->rungroup); } - if (evlog->runuid != (uid_t)-1) { - info_msgs[n]->key = "runuid"; - info_msgs[n]->u.numval = evlog->runuid; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; + fill_num("runuid", evlog->runuid); } - - info_msgs[n]->key = "runuser"; - info_msgs[n]->u.strval = evlog->runuser; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - info_msgs[n]->key = "submitcwd"; - info_msgs[n]->u.strval = evlog->cwd; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - info_msgs[n]->key = "submithost"; - info_msgs[n]->u.strval = hostname; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - info_msgs[n]->key = "submituser"; - info_msgs[n]->u.strval = evlog->submituser; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - info_msgs[n]->key = "ttyname"; - info_msgs[n]->u.strval = evlog->ttyname; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; + fill_str("runuser", evlog->runuser); + fill_str("submitcwd", evlog->cwd); + fill_str("submithost", hostname); + fill_str("submituser", evlog->submituser); + fill_str("ttyname", evlog->ttyname); /* Update n_info_msgs. */ *n_info_msgs = n; diff --git a/plugins/audit_json/audit_json.c b/plugins/audit_json/audit_json.c index c6c1f73f8..96ada081c 100644 --- a/plugins/audit_json/audit_json.c +++ b/plugins/audit_json/audit_json.c @@ -68,7 +68,7 @@ static struct audit_state { } state = { -1 }; /* Filter out entries in settings[] that are not really options. */ -char * const settings_filter[] = { +const char * const settings_filter[] = { "debug_flags", "max_groups", "network_addrs", @@ -282,9 +282,9 @@ add_array(struct json_container *json, const char *name, char * const * array) } static bool -filter_key_value(const char *kv, char * const * filter) +filter_key_value(const char *kv, const char * const * filter) { - char * const *cur; + const char * const *cur; const char *cp; size_t namelen; @@ -300,7 +300,7 @@ filter_key_value(const char *kv, char * const * filter) static bool add_key_value_object(struct json_container *json, const char *name, - char * const * array, char * const * filter) + char * const * array, const char * const * filter) { char * const *cur; const char *cp; diff --git a/plugins/python/python_convmessage.c b/plugins/python/python_convmessage.c index 14283dcd7..7b2aa6d0e 100644 --- a/plugins/python/python_convmessage.c +++ b/plugins/python/python_convmessage.c @@ -36,8 +36,8 @@ _sudo_ConvMessage__Init(PyObject *py_self, PyObject *py_args, PyObject *py_kwarg struct sudo_conv_message conv_message = { 0, 0, NULL }; - static char *keywords[] = { "self", "msg_type", "msg", "timeout", NULL }; - if (!PyArg_ParseTupleAndKeywords(py_args ? py_args : py_empty, py_kwargs, "Ois|i:sudo.ConvMessage", keywords, + static const char *keywords[] = { "self", "msg_type", "msg", "timeout", NULL }; + if (!PyArg_ParseTupleAndKeywords(py_args ? py_args : py_empty, py_kwargs, "Ois|i:sudo.ConvMessage", (char **)keywords, &py_self, &(conv_message.msg_type), &(conv_message.msg), &(conv_message.timeout))) goto cleanup; diff --git a/plugins/python/python_plugin_common.c b/plugins/python/python_plugin_common.c index d643f7306..a583a5e58 100644 --- a/plugins/python/python_plugin_common.c +++ b/plugins/python/python_plugin_common.c @@ -101,7 +101,7 @@ _import_module(const char *path) if (strlcpy(path_copy, path, sizeof(path_copy)) >= sizeof(path_copy)) debug_return_ptr(NULL); - char *module_dir = path_copy; + const char *module_dir = path_copy; char *module_name = strrchr(path_copy, '/'); if (module_name == NULL) { module_name = path_copy; diff --git a/plugins/python/regress/check_python_examples.c b/plugins/python/regress/check_python_examples.c index dfee438c5..565d0deb6 100644 --- a/plugins/python/regress/check_python_examples.c +++ b/plugins/python/regress/check_python_examples.c @@ -106,11 +106,11 @@ init(void) memset(&data, 0, sizeof(data)); memset(&example_pwd, 0, sizeof(example_pwd)); - example_pwd.pw_name = "pw_name"; - example_pwd.pw_passwd = "pw_passwd"; - example_pwd.pw_gecos = "pw_gecos"; - example_pwd.pw_shell ="pw_shell"; - example_pwd.pw_dir = "pw_dir"; + example_pwd.pw_name = (char *)"pw_name"; + example_pwd.pw_passwd = (char *)"pw_passwd"; + example_pwd.pw_gecos = (char *)"pw_gecos"; + example_pwd.pw_shell = (char *)"pw_shell"; + example_pwd.pw_dir = (char *)"pw_dir"; example_pwd.pw_uid = (uid_t)1001; example_pwd.pw_gid = (gid_t)101; diff --git a/plugins/python/sudo_python_module.c b/plugins/python/sudo_python_module.c index 90cef98fa..ee94101c9 100644 --- a/plugins/python/sudo_python_module.c +++ b/plugins/python/sudo_python_module.c @@ -79,8 +79,8 @@ _parse_log_function_args(PyObject *py_args, PyObject *py_kwargs, char **args_joi if (py_empty == NULL) goto cleanup; - static char *keywords[] = { "sep", "end", NULL }; - if (py_kwargs != NULL && !PyArg_ParseTupleAndKeywords(py_empty, py_kwargs, "|zz:sudo.log", keywords, &sep, end)) + static const char *keywords[] = { "sep", "end", NULL }; + if (py_kwargs != NULL && !PyArg_ParseTupleAndKeywords(py_empty, py_kwargs, "|zz:sudo.log", (char **)keywords, &sep, end)) goto cleanup; if (sep == NULL) @@ -330,8 +330,8 @@ python_sudo_conversation(PyObject *Py_UNUSED(self), PyObject *py_args, PyObject if (py_empty == NULL) goto cleanup; - static char *keywords[] = { "on_suspend", "on_resume", NULL }; - if (py_kwargs != NULL && !PyArg_ParseTupleAndKeywords(py_empty, py_kwargs, "|OO:sudo.conv", keywords, + static const char *keywords[] = { "on_suspend", "on_resume", NULL }; + if (py_kwargs != NULL && !PyArg_ParseTupleAndKeywords(py_empty, py_kwargs, "|OO:sudo.conv", (char **)keywords, &callback_closure.py_on_suspend, &callback_closure.py_on_resume)) goto cleanup; diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index 356efd713..c34785a3b 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -68,7 +68,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) if (pw->pw_class && *pw->pw_class) state.lc = login_getclass(pw->pw_class); else - state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS); + state.lc = login_getclass(pw->pw_uid ? (char *)LOGIN_DEFCLASS : (char *)LOGIN_DEFROOTCLASS); if (state.lc == NULL) { log_warning(0, N_("unable to get login class for user %s"), pw->pw_name); @@ -82,7 +82,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) } /* XXX - maybe check the auth style earlier? */ - login_style = login_getstyle(state.lc, login_style, "auth-sudo"); + login_style = login_getstyle(state.lc, login_style, (char *)"auth-sudo"); if (login_style == NULL) { log_warningx(0, N_("invalid authentication type")); auth_close(state.as); @@ -170,7 +170,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con if (!pass) debug_return_int(AUTH_INTR); - if ((s = auth_getvalue(as, "errormsg")) != NULL) + if ((s = auth_getvalue(as, (char *)"errormsg")) != NULL) log_warningx(0, "%s", s); debug_return_int(AUTH_FAILURE); } @@ -181,7 +181,7 @@ bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt) struct bsdauth_state *state = auth->data; debug_decl(bsdauth_approval, SUDOERS_DEBUG_AUTH); - if (auth_approval(state->as, state->lc, pw->pw_name, "auth-sudo") == 0) { + if (auth_approval(state->as, state->lc, pw->pw_name, (char *)"auth-sudo") == 0) { if (auth_getstate(state->as) & AUTH_EXPIRED) log_warningx(0, "%s", N_("your account has expired")); else diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index eef26bb8a..4f6e89c85 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -90,7 +90,7 @@ static int converse(int, PAM_CONST struct pam_message **, struct pam_response **, void *); static struct sudo_conv_callback *conv_callback; static struct pam_conv pam_conv = { converse, &conv_callback }; -static char *def_prompt = PASSPROMPT; +static const char *def_prompt = PASSPROMPT; static bool getpass_error; static bool noninteractive; static pam_handle_t *pamh; diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h index d8780c496..de41e6fdc 100644 --- a/plugins/sudoers/auth/sudo_auth.h +++ b/plugins/sudoers/auth/sudo_auth.h @@ -29,7 +29,7 @@ typedef struct sudo_auth { int flags; /* various flags, see below */ int status; /* status from verify routine */ - char *name; /* name of the method as a string */ + const char *name; /* name of the method as a string */ void *data; /* method-specific data pointer */ int (*init)(struct passwd *pw, struct sudo_auth *auth); int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth); diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 847c5c750..c07159d48 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -787,7 +787,7 @@ userlist_matches_filter(struct sudoers_parse_tree *parse_tree, * can do its thing. */ memset(&pw, 0, sizeof(pw)); - pw.pw_name = "_nobody"; + pw.pw_name = (char *)"_nobody"; pw.pw_uid = (uid_t)-1; pw.pw_gid = (gid_t)-1; diff --git a/plugins/sudoers/cvtsudoers_csv.c b/plugins/sudoers/cvtsudoers_csv.c index 63512c5dc..8d8e39715 100644 --- a/plugins/sudoers/cvtsudoers_csv.c +++ b/plugins/sudoers/cvtsudoers_csv.c @@ -167,7 +167,7 @@ format_cmnd(struct sudo_command *c, bool negated) int len; debug_decl(format_cmnd, SUDOERS_DEBUG_UTIL); - cmnd = c->cmnd ? c->cmnd : "ALL"; + cmnd = c->cmnd ? c->cmnd : (char *)"ALL"; bufsiz = negated + strlen(cmnd) + 1; if (c->args != NULL) bufsiz += 1 + strlen(c->args); diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c index a89ef82b3..be5d55443 100644 --- a/plugins/sudoers/cvtsudoers_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -77,7 +77,7 @@ print_command_json(struct json_container *jsonc, const char *name, bool negated) } } value.type = JSON_STRING; - value.u.string = cmnd ? cmnd : "ALL"; + value.u.string = cmnd ? cmnd : (char *)"ALL"; if (!negated && TAILQ_EMPTY(&c->digests)) { /* Print as { "command": "command and args" } */ diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index 91acfcd86..b3ddf2cb2 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -219,7 +219,7 @@ format_cmnd(struct sudo_command *c, bool negated) int len; debug_decl(format_cmnd, SUDOERS_DEBUG_UTIL); - cmnd = c->cmnd ? c->cmnd : "ALL"; + cmnd = c->cmnd ? c->cmnd : (char *)"ALL"; bufsiz = negated + strlen(cmnd) + 1; if (c->args != NULL) bufsiz += 1 + strlen(c->args); diff --git a/plugins/sudoers/cvtsudoers_pwutil.c b/plugins/sudoers/cvtsudoers_pwutil.c index a7b163e91..6b30d03ac 100644 --- a/plugins/sudoers/cvtsudoers_pwutil.c +++ b/plugins/sudoers/cvtsudoers_pwutil.c @@ -126,11 +126,11 @@ cvtsudoers_make_pwitem(uid_t uid, const char *name) /* Fake up a passwd struct. */ memset(&pw, 0, sizeof(pw)); pw.pw_name = name ? s->str : uidstr; - pw.pw_passwd = "*"; + pw.pw_passwd = (char *)"*"; pw.pw_uid = uid; pw.pw_gid = (gid_t)-1; - pw.pw_shell = _PATH_BSHELL; - pw.pw_dir = "/"; + pw.pw_shell = (char *)_PATH_BSHELL; + pw.pw_dir = (char *)"/"; /* Allocate in one big chunk for easy freeing. */ total = sizeof(*pwitem); diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index ec6b64fe9..9b8c6a76b 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -89,7 +89,7 @@ dump_defaults(void) struct sudo_defs_types *cur; struct list_member *item; struct def_values *def; - char *desc; + const char *desc; debug_decl(dump_defaults, SUDOERS_DEBUG_DEFAULTS); for (cur = sudo_defs_table; cur->name; cur++) { diff --git a/plugins/sudoers/defaults.h b/plugins/sudoers/defaults.h index 7e9d44fb6..cfbb66269 100644 --- a/plugins/sudoers/defaults.h +++ b/plugins/sudoers/defaults.h @@ -43,7 +43,7 @@ enum list_ops { /* Mapping of tuple string value to enum def_tuple. */ struct def_values { - char *sval; /* string value */ + const char *sval; /* string value */ enum def_tuple nval;/* numeric value */ }; @@ -62,9 +62,9 @@ union sudo_defs_val { * Structure describing compile-time and run-time options. */ struct sudo_defs_types { - char *name; + const char *name; int type; - char *desc; + const char *desc; struct def_values *values; bool (*callback)(const char *file, int line, int column, const union sudo_defs_val *, int op); union sudo_defs_val sd_un; diff --git a/plugins/sudoers/editor.c b/plugins/sudoers/editor.c index db55fc719..7a6164f69 100644 --- a/plugins/sudoers/editor.c +++ b/plugins/sudoers/editor.c @@ -126,7 +126,7 @@ copy_arg(const char *src, size_t len) * as well as the argument vector. */ static char * -resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, +resolve_editor(const char *ed, size_t edlen, int nfiles, char * const *files, int *argc_out, char ***argv_out, char * const *allowlist) { char **nargv = NULL, *editor = NULL, *editor_path = NULL; @@ -177,7 +177,7 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, goto oom; } if (nfiles != 0) { - nargv[nargc++] = "--"; + nargv[nargc++] = (char *)"--"; while (nfiles--) nargv[nargc++] = *files++; } @@ -211,10 +211,11 @@ oom: * as well as the argument vector. */ char * -find_editor(int nfiles, char **files, int *argc_out, char ***argv_out, +find_editor(int nfiles, char * const *files, int *argc_out, char ***argv_out, char * const *allowlist, const char **env_editor) { - char *ev[3], *editor_path = NULL; + char *editor_path = NULL; + const char *ev[3]; unsigned int i; debug_decl(find_editor, SUDOERS_DEBUG_UTIL); diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index 82dc61832..99b674300 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -818,13 +818,13 @@ env_update_didvar(const char *ep, unsigned int *didvar) } #define CHECK_PUTENV(a, b, c) do { \ - if (sudo_putenv((a), (b), (c)) == -1) { \ + if (sudo_putenv((char *)(a), (b), (c)) == -1) { \ goto bad; \ } \ } while (0) #define CHECK_SETENV2(a, b, c, d) do { \ - if (sudo_setenv2((a), (b), (c), (d)) == -1) { \ + if (sudo_setenv2((char *)(a), (b), (c), (d)) == -1) { \ goto bad; \ } \ } while (0) diff --git a/plugins/sudoers/exptilde.c b/plugins/sudoers/exptilde.c index 00ab0ac5c..b6e8a602b 100644 --- a/plugins/sudoers/exptilde.c +++ b/plugins/sudoers/exptilde.c @@ -74,7 +74,7 @@ expand_tilde(char **path, const char *user) *slash = '\0'; opath = slash + 1; } else { - opath = ""; + opath = (char *)""; } } pw = sudo_getpwnam(user); diff --git a/plugins/sudoers/getdate.c b/plugins/sudoers/getdate.c index 5ff0a5d16..1a7c11dbb 100644 --- a/plugins/sudoers/getdate.c +++ b/plugins/sudoers/getdate.c @@ -58,7 +58,7 @@ ** An entry in the lexical lookup table. */ typedef struct _TABLE { - char *name; + const char *name; int type; time_t value; } TABLE; diff --git a/plugins/sudoers/getdate.y b/plugins/sudoers/getdate.y index 12efbda1f..8511d709b 100644 --- a/plugins/sudoers/getdate.y +++ b/plugins/sudoers/getdate.y @@ -41,7 +41,7 @@ ** An entry in the lexical lookup table. */ typedef struct _TABLE { - char *name; + const char *name; int type; time_t value; } TABLE; diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index e78a36c36..c7f7693e5 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -341,9 +341,10 @@ union YYSTYPE struct command_options options; struct cmndtag tag; char *string; + const char *cstring; int tok; -#line 341 "gram.c" +#line 342 "gram.c" }; typedef union YYSTYPE YYSTYPE; @@ -874,22 +875,22 @@ static const yytype_int8 yytranslate[] = /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_int16 yyrline[] = { - 0, 200, 200, 203, 206, 207, 210, 213, 216, 225, - 234, 240, 243, 246, 249, 252, 256, 260, 264, 268, - 274, 277, 283, 286, 292, 293, 300, 309, 318, 328, - 338, 350, 351, 356, 362, 379, 383, 389, 398, 406, - 415, 424, 435, 436, 498, 568, 577, 586, 595, 606, - 607, 614, 617, 631, 635, 641, 657, 673, 678, 682, - 687, 692, 697, 702, 706, 711, 714, 719, 735, 746, - 758, 769, 787, 788, 789, 790, 791, 792, 793, 794, - 795, 796, 797, 800, 806, 809, 814, 819, 828, 837, - 849, 856, 863, 870, 877, 886, 889, 892, 895, 898, - 901, 904, 907, 910, 913, 916, 919, 922, 925, 928, - 931, 934, 939, 953, 962, 985, 986, 989, 989, 1001, - 1004, 1005, 1012, 1013, 1016, 1016, 1028, 1031, 1032, 1039, - 1040, 1043, 1043, 1055, 1058, 1059, 1062, 1062, 1074, 1077, - 1078, 1085, 1089, 1095, 1104, 1112, 1121, 1130, 1141, 1142, - 1149, 1153, 1159, 1168, 1176 + 0, 201, 201, 204, 207, 208, 211, 214, 217, 226, + 235, 241, 244, 247, 250, 253, 257, 261, 265, 269, + 275, 278, 284, 287, 293, 294, 301, 310, 319, 329, + 339, 351, 352, 357, 363, 380, 384, 390, 399, 407, + 416, 425, 436, 437, 499, 569, 578, 587, 596, 607, + 608, 615, 618, 632, 636, 642, 658, 674, 679, 683, + 688, 693, 698, 703, 707, 712, 715, 720, 736, 747, + 759, 770, 788, 789, 790, 791, 792, 793, 794, 795, + 796, 797, 798, 801, 807, 810, 815, 820, 829, 838, + 850, 857, 864, 871, 878, 887, 890, 893, 896, 899, + 902, 905, 908, 911, 914, 917, 920, 923, 926, 929, + 932, 935, 940, 954, 963, 986, 987, 990, 990, 1002, + 1005, 1006, 1013, 1014, 1017, 1017, 1029, 1032, 1033, 1040, + 1041, 1044, 1044, 1056, 1059, 1060, 1063, 1063, 1075, 1078, + 1079, 1086, 1090, 1096, 1105, 1113, 1122, 1131, 1142, 1143, + 1150, 1154, 1160, 1169, 1177 }; #endif @@ -1647,31 +1648,31 @@ yyreduce: switch (yyn) { case 2: /* file: %empty */ -#line 200 "gram.y" +#line 201 "gram.y" { ; /* empty file */ } -#line 1649 "gram.c" +#line 1650 "gram.c" break; case 6: /* entry: '\n' */ -#line 210 "gram.y" +#line 211 "gram.y" { ; /* blank line */ } -#line 1657 "gram.c" +#line 1658 "gram.c" break; case 7: /* entry: error '\n' */ -#line 213 "gram.y" +#line 214 "gram.y" { yyerrok; } -#line 1665 "gram.c" +#line 1666 "gram.c" break; case 8: /* entry: include */ -#line 216 "gram.y" +#line 217 "gram.y" { if (!push_include((yyvsp[0].string), false)) { parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -1681,11 +1682,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); } -#line 1679 "gram.c" +#line 1680 "gram.c" break; case 9: /* entry: includedir */ -#line 225 "gram.y" +#line 226 "gram.y" { if (!push_include((yyvsp[0].string), true)) { parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -1695,143 +1696,143 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); free((yyvsp[0].string)); } -#line 1693 "gram.c" +#line 1694 "gram.c" break; case 10: /* entry: userlist privileges '\n' */ -#line 234 "gram.y" +#line 235 "gram.y" { if (!add_userspec((yyvsp[-2].member), (yyvsp[-1].privilege))) { sudoerserror(N_("unable to allocate memory")); YYERROR; } } -#line 1704 "gram.c" +#line 1705 "gram.c" break; case 11: /* entry: USERALIAS useraliases '\n' */ -#line 240 "gram.y" +#line 241 "gram.y" { ; } -#line 1712 "gram.c" +#line 1713 "gram.c" break; case 12: /* entry: HOSTALIAS hostaliases '\n' */ -#line 243 "gram.y" +#line 244 "gram.y" { ; } -#line 1720 "gram.c" +#line 1721 "gram.c" break; case 13: /* entry: CMNDALIAS cmndaliases '\n' */ -#line 246 "gram.y" +#line 247 "gram.y" { ; } -#line 1728 "gram.c" +#line 1729 "gram.c" break; case 14: /* entry: RUNASALIAS runasaliases '\n' */ -#line 249 "gram.y" +#line 250 "gram.y" { ; } -#line 1736 "gram.c" +#line 1737 "gram.c" break; case 15: /* entry: DEFAULTS defaults_list '\n' */ -#line 252 "gram.y" +#line 253 "gram.y" { if (!add_defaults(DEFAULTS, NULL, (yyvsp[-1].defaults))) YYERROR; } -#line 1745 "gram.c" +#line 1746 "gram.c" break; case 16: /* entry: DEFAULTS_USER userlist defaults_list '\n' */ -#line 256 "gram.y" +#line 257 "gram.y" { if (!add_defaults(DEFAULTS_USER, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1754 "gram.c" +#line 1755 "gram.c" break; case 17: /* entry: DEFAULTS_RUNAS userlist defaults_list '\n' */ -#line 260 "gram.y" +#line 261 "gram.y" { if (!add_defaults(DEFAULTS_RUNAS, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1763 "gram.c" +#line 1764 "gram.c" break; case 18: /* entry: DEFAULTS_HOST hostlist defaults_list '\n' */ -#line 264 "gram.y" +#line 265 "gram.y" { if (!add_defaults(DEFAULTS_HOST, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1772 "gram.c" +#line 1773 "gram.c" break; case 19: /* entry: DEFAULTS_CMND cmndlist defaults_list '\n' */ -#line 268 "gram.y" +#line 269 "gram.y" { if (!add_defaults(DEFAULTS_CMND, (yyvsp[-2].member), (yyvsp[-1].defaults))) YYERROR; } -#line 1781 "gram.c" +#line 1782 "gram.c" break; case 20: /* include: INCLUDE WORD '\n' */ -#line 274 "gram.y" +#line 275 "gram.y" { (yyval.string) = (yyvsp[-1].string); } -#line 1789 "gram.c" +#line 1790 "gram.c" break; case 21: /* include: INCLUDE WORD error '\n' */ -#line 277 "gram.y" +#line 278 "gram.y" { yyerrok; (yyval.string) = (yyvsp[-2].string); } -#line 1798 "gram.c" +#line 1799 "gram.c" break; case 22: /* includedir: INCLUDEDIR WORD '\n' */ -#line 283 "gram.y" +#line 284 "gram.y" { (yyval.string) = (yyvsp[-1].string); } -#line 1806 "gram.c" +#line 1807 "gram.c" break; case 23: /* includedir: INCLUDEDIR WORD error '\n' */ -#line 286 "gram.y" +#line 287 "gram.y" { yyerrok; (yyval.string) = (yyvsp[-2].string); } -#line 1815 "gram.c" +#line 1816 "gram.c" break; case 25: /* defaults_list: defaults_list ',' defaults_entry */ -#line 293 "gram.y" +#line 294 "gram.y" { parser_leak_remove(LEAK_DEFAULTS, (yyvsp[0].defaults)); HLTQ_CONCAT((yyvsp[-2].defaults), (yyvsp[0].defaults), entries); (yyval.defaults) = (yyvsp[-2].defaults); } -#line 1825 "gram.c" +#line 1826 "gram.c" break; case 26: /* defaults_entry: DEFVAR */ -#line 300 "gram.y" +#line 301 "gram.y" { (yyval.defaults) = new_default((yyvsp[0].string), NULL, true); if ((yyval.defaults) == NULL) { @@ -1841,11 +1842,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1839 "gram.c" +#line 1840 "gram.c" break; case 27: /* defaults_entry: '!' DEFVAR */ -#line 309 "gram.y" +#line 310 "gram.y" { (yyval.defaults) = new_default((yyvsp[0].string), NULL, false); if ((yyval.defaults) == NULL) { @@ -1855,11 +1856,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1853 "gram.c" +#line 1854 "gram.c" break; case 28: /* defaults_entry: DEFVAR '=' WORD */ -#line 318 "gram.y" +#line 319 "gram.y" { (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), true); if ((yyval.defaults) == NULL) { @@ -1870,11 +1871,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1868 "gram.c" +#line 1869 "gram.c" break; case 29: /* defaults_entry: DEFVAR '+' WORD */ -#line 328 "gram.y" +#line 329 "gram.y" { (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), '+'); if ((yyval.defaults) == NULL) { @@ -1885,11 +1886,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1883 "gram.c" +#line 1884 "gram.c" break; case 30: /* defaults_entry: DEFVAR '-' WORD */ -#line 338 "gram.y" +#line 339 "gram.y" { (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), '-'); if ((yyval.defaults) == NULL) { @@ -1900,30 +1901,30 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); } -#line 1898 "gram.c" +#line 1899 "gram.c" break; case 32: /* privileges: privileges ':' privilege */ -#line 351 "gram.y" +#line 352 "gram.y" { parser_leak_remove(LEAK_PRIVILEGE, (yyvsp[0].privilege)); HLTQ_CONCAT((yyvsp[-2].privilege), (yyvsp[0].privilege), entries); (yyval.privilege) = (yyvsp[-2].privilege); } -#line 1908 "gram.c" +#line 1909 "gram.c" break; case 33: /* privileges: privileges ':' error */ -#line 356 "gram.y" +#line 357 "gram.y" { yyerrok; (yyval.privilege) = (yyvsp[-2].privilege); } -#line 1917 "gram.c" +#line 1918 "gram.c" break; case 34: /* privilege: hostlist '=' cmndspeclist */ -#line 362 "gram.y" +#line 363 "gram.y" { struct privilege *p = calloc(1, sizeof(*p)); if (p == NULL) { @@ -1939,29 +1940,29 @@ yyreduce: HLTQ_INIT(p, entries); (yyval.privilege) = p; } -#line 1937 "gram.c" +#line 1938 "gram.c" break; case 35: /* ophost: host */ -#line 379 "gram.y" +#line 380 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 1946 "gram.c" +#line 1947 "gram.c" break; case 36: /* ophost: '!' host */ -#line 383 "gram.y" +#line 384 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 1955 "gram.c" +#line 1956 "gram.c" break; case 37: /* host: ALIAS */ -#line 389 "gram.y" +#line 390 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -1971,11 +1972,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1969 "gram.c" +#line 1970 "gram.c" break; case 38: /* host: ALL */ -#line 398 "gram.y" +#line 399 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { @@ -1984,11 +1985,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1982 "gram.c" +#line 1983 "gram.c" break; case 39: /* host: NETGROUP */ -#line 406 "gram.y" +#line 407 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NETGROUP); if ((yyval.member) == NULL) { @@ -1998,11 +1999,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 1996 "gram.c" +#line 1997 "gram.c" break; case 40: /* host: NTWKADDR */ -#line 415 "gram.y" +#line 416 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NTWKADDR); if ((yyval.member) == NULL) { @@ -2012,11 +2013,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2010 "gram.c" +#line 2011 "gram.c" break; case 41: /* host: WORD */ -#line 424 "gram.y" +#line 425 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { @@ -2026,11 +2027,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2024 "gram.c" +#line 2025 "gram.c" break; case 43: /* cmndspeclist: cmndspeclist ',' cmndspec */ -#line 436 "gram.y" +#line 437 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST((yyvsp[-2].cmndspec), cmndspec, entries); @@ -2091,11 +2092,11 @@ yyreduce: } (yyval.cmndspec) = (yyvsp[-2].cmndspec); } -#line 2089 "gram.c" +#line 2090 "gram.c" break; case 44: /* cmndspec: runasspec options cmndtag digcmnd */ -#line 498 "gram.y" +#line 499 "gram.y" { struct cmndspec *cs = calloc(1, sizeof(*cs)); if (cs == NULL) { @@ -2164,11 +2165,11 @@ yyreduce: cs->tags.setenv = IMPLIED; (yyval.cmndspec) = cs; } -#line 2162 "gram.c" +#line 2163 "gram.c" break; case 45: /* digestspec: SHA224_TOK ':' DIGEST */ -#line 568 "gram.y" +#line 569 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA224, (yyvsp[0].string)); if ((yyval.digest) == NULL) { @@ -2178,11 +2179,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2176 "gram.c" +#line 2177 "gram.c" break; case 46: /* digestspec: SHA256_TOK ':' DIGEST */ -#line 577 "gram.y" +#line 578 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA256, (yyvsp[0].string)); if ((yyval.digest) == NULL) { @@ -2192,11 +2193,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2190 "gram.c" +#line 2191 "gram.c" break; case 47: /* digestspec: SHA384_TOK ':' DIGEST */ -#line 586 "gram.y" +#line 587 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA384, (yyvsp[0].string)); if ((yyval.digest) == NULL) { @@ -2206,11 +2207,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2204 "gram.c" +#line 2205 "gram.c" break; case 48: /* digestspec: SHA512_TOK ':' DIGEST */ -#line 595 "gram.y" +#line 596 "gram.y" { (yyval.digest) = new_digest(SUDO_DIGEST_SHA512, (yyvsp[0].string)); if ((yyval.digest) == NULL) { @@ -2220,29 +2221,29 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_DIGEST, (yyval.digest)); } -#line 2218 "gram.c" +#line 2219 "gram.c" break; case 50: /* digestlist: digestlist ',' digestspec */ -#line 607 "gram.y" +#line 608 "gram.y" { parser_leak_remove(LEAK_DIGEST, (yyvsp[0].digest)); HLTQ_CONCAT((yyvsp[-2].digest), (yyvsp[0].digest), entries); (yyval.digest) = (yyvsp[-2].digest); } -#line 2228 "gram.c" +#line 2229 "gram.c" break; case 51: /* digcmnd: opcmnd */ -#line 614 "gram.y" +#line 615 "gram.y" { (yyval.member) = (yyvsp[0].member); } -#line 2236 "gram.c" +#line 2237 "gram.c" break; case 52: /* digcmnd: digestlist opcmnd */ -#line 617 "gram.y" +#line 618 "gram.y" { struct sudo_command *c = (struct sudo_command *) (yyvsp[0].member)->name; @@ -2255,29 +2256,29 @@ yyreduce: HLTQ_TO_TAILQ(&c->digests, (yyvsp[-1].digest), entries); (yyval.member) = (yyvsp[0].member); } -#line 2253 "gram.c" +#line 2254 "gram.c" break; case 53: /* opcmnd: cmnd */ -#line 631 "gram.y" +#line 632 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 2262 "gram.c" +#line 2263 "gram.c" break; case 54: /* opcmnd: '!' cmnd */ -#line 635 "gram.y" +#line 636 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 2271 "gram.c" +#line 2272 "gram.c" break; case 55: /* chdirspec: CWD '=' WORD */ -#line 641 "gram.y" +#line 642 "gram.y" { if ((yyvsp[0].string)[0] != '/' && (yyvsp[0].string)[0] != '~') { if (strcmp((yyvsp[0].string), "*") != 0) { @@ -2292,11 +2293,11 @@ yyreduce: } (yyval.string) = (yyvsp[0].string); } -#line 2290 "gram.c" +#line 2291 "gram.c" break; case 56: /* chrootspec: CHROOT '=' WORD */ -#line 657 "gram.y" +#line 658 "gram.y" { if ((yyvsp[0].string)[0] != '/' && (yyvsp[0].string)[0] != '~') { if (strcmp((yyvsp[0].string), "*") != 0) { @@ -2311,91 +2312,91 @@ yyreduce: } (yyval.string) = (yyvsp[0].string); } -#line 2309 "gram.c" +#line 2310 "gram.c" break; case 57: /* timeoutspec: CMND_TIMEOUT '=' WORD */ -#line 673 "gram.y" +#line 674 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2317 "gram.c" +#line 2318 "gram.c" break; case 58: /* notbeforespec: NOTBEFORE '=' WORD */ -#line 678 "gram.y" +#line 679 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2325 "gram.c" +#line 2326 "gram.c" break; case 59: /* notafterspec: NOTAFTER '=' WORD */ -#line 682 "gram.y" +#line 683 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2333 "gram.c" +#line 2334 "gram.c" break; case 60: /* rolespec: ROLE '=' WORD */ -#line 687 "gram.y" +#line 688 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2341 "gram.c" +#line 2342 "gram.c" break; case 61: /* typespec: TYPE '=' WORD */ -#line 692 "gram.y" +#line 693 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2349 "gram.c" +#line 2350 "gram.c" break; case 62: /* apparmor_profilespec: APPARMOR_PROFILE '=' WORD */ -#line 697 "gram.y" +#line 698 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2357 "gram.c" +#line 2358 "gram.c" break; case 63: /* privsspec: PRIVS '=' WORD */ -#line 702 "gram.y" +#line 703 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2365 "gram.c" +#line 2366 "gram.c" break; case 64: /* limitprivsspec: LIMITPRIVS '=' WORD */ -#line 706 "gram.y" +#line 707 "gram.y" { (yyval.string) = (yyvsp[0].string); } -#line 2373 "gram.c" +#line 2374 "gram.c" break; case 65: /* runasspec: %empty */ -#line 711 "gram.y" +#line 712 "gram.y" { (yyval.runas) = NULL; } -#line 2381 "gram.c" +#line 2382 "gram.c" break; case 66: /* runasspec: '(' runaslist ')' */ -#line 714 "gram.y" +#line 715 "gram.y" { (yyval.runas) = (yyvsp[-1].runas); } -#line 2389 "gram.c" +#line 2390 "gram.c" break; case 67: /* runaslist: %empty */ -#line 719 "gram.y" +#line 720 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) != NULL) { @@ -2412,11 +2413,11 @@ yyreduce: } parser_leak_add(LEAK_RUNAS, (yyval.runas)); } -#line 2410 "gram.c" +#line 2411 "gram.c" break; case 68: /* runaslist: userlist */ -#line 735 "gram.y" +#line 736 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) == NULL) { @@ -2428,11 +2429,11 @@ yyreduce: (yyval.runas)->runasusers = (yyvsp[0].member); /* $$->runasgroups = NULL; */ } -#line 2426 "gram.c" +#line 2427 "gram.c" break; case 69: /* runaslist: userlist ':' grouplist */ -#line 746 "gram.y" +#line 747 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) == NULL) { @@ -2445,11 +2446,11 @@ yyreduce: (yyval.runas)->runasusers = (yyvsp[-2].member); (yyval.runas)->runasgroups = (yyvsp[0].member); } -#line 2443 "gram.c" +#line 2444 "gram.c" break; case 70: /* runaslist: ':' grouplist */ -#line 758 "gram.y" +#line 759 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) == NULL) { @@ -2461,11 +2462,11 @@ yyreduce: /* $$->runasusers = NULL; */ (yyval.runas)->runasgroups = (yyvsp[0].member); } -#line 2459 "gram.c" +#line 2460 "gram.c" break; case 71: /* runaslist: ':' */ -#line 769 "gram.y" +#line 770 "gram.y" { (yyval.runas) = calloc(1, sizeof(struct runascontainer)); if ((yyval.runas) != NULL) { @@ -2482,114 +2483,114 @@ yyreduce: } parser_leak_add(LEAK_RUNAS, (yyval.runas)); } -#line 2480 "gram.c" +#line 2481 "gram.c" break; case 72: /* reserved_word: ALL */ -#line 787 "gram.y" - { (yyval.string) = "ALL"; } -#line 2486 "gram.c" +#line 788 "gram.y" + { (yyval.cstring) = "ALL"; } +#line 2487 "gram.c" break; case 73: /* reserved_word: CHROOT */ -#line 788 "gram.y" - { (yyval.string) = "CHROOT"; } -#line 2492 "gram.c" +#line 789 "gram.y" + { (yyval.cstring) = "CHROOT"; } +#line 2493 "gram.c" break; case 74: /* reserved_word: CWD */ -#line 789 "gram.y" - { (yyval.string) = "CWD"; } -#line 2498 "gram.c" +#line 790 "gram.y" + { (yyval.cstring) = "CWD"; } +#line 2499 "gram.c" break; case 75: /* reserved_word: CMND_TIMEOUT */ -#line 790 "gram.y" - { (yyval.string) = "CMND_TIMEOUT"; } -#line 2504 "gram.c" +#line 791 "gram.y" + { (yyval.cstring) = "CMND_TIMEOUT"; } +#line 2505 "gram.c" break; case 76: /* reserved_word: NOTBEFORE */ -#line 791 "gram.y" - { (yyval.string) = "NOTBEFORE"; } -#line 2510 "gram.c" +#line 792 "gram.y" + { (yyval.cstring) = "NOTBEFORE"; } +#line 2511 "gram.c" break; case 77: /* reserved_word: NOTAFTER */ -#line 792 "gram.y" - { (yyval.string) = "NOTAFTER"; } -#line 2516 "gram.c" +#line 793 "gram.y" + { (yyval.cstring) = "NOTAFTER"; } +#line 2517 "gram.c" break; case 78: /* reserved_word: ROLE */ -#line 793 "gram.y" - { (yyval.string) = "ROLE"; } -#line 2522 "gram.c" +#line 794 "gram.y" + { (yyval.cstring) = "ROLE"; } +#line 2523 "gram.c" break; case 79: /* reserved_word: TYPE */ -#line 794 "gram.y" - { (yyval.string) = "TYPE"; } -#line 2528 "gram.c" +#line 795 "gram.y" + { (yyval.cstring) = "TYPE"; } +#line 2529 "gram.c" break; case 80: /* reserved_word: PRIVS */ -#line 795 "gram.y" - { (yyval.string) = "PRIVS"; } -#line 2534 "gram.c" +#line 796 "gram.y" + { (yyval.cstring) = "PRIVS"; } +#line 2535 "gram.c" break; case 81: /* reserved_word: LIMITPRIVS */ -#line 796 "gram.y" - { (yyval.string) = "LIMITPRIVS"; } -#line 2540 "gram.c" +#line 797 "gram.y" + { (yyval.cstring) = "LIMITPRIVS"; } +#line 2541 "gram.c" break; case 82: /* reserved_word: APPARMOR_PROFILE */ -#line 797 "gram.y" - { (yyval.string) = "APPARMOR_PROFILE"; } -#line 2546 "gram.c" +#line 798 "gram.y" + { (yyval.cstring) = "APPARMOR_PROFILE"; } +#line 2547 "gram.c" break; case 83: /* reserved_alias: reserved_word */ -#line 800 "gram.y" +#line 801 "gram.y" { - sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].string)); + sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].cstring)); YYERROR; } -#line 2555 "gram.c" +#line 2556 "gram.c" break; case 84: /* options: %empty */ -#line 806 "gram.y" +#line 807 "gram.y" { init_options(&(yyval.options)); } -#line 2563 "gram.c" +#line 2564 "gram.c" break; case 85: /* options: options chdirspec */ -#line 809 "gram.y" +#line 810 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).runcwd); free((yyval.options).runcwd); (yyval.options).runcwd = (yyvsp[0].string); } -#line 2573 "gram.c" +#line 2574 "gram.c" break; case 86: /* options: options chrootspec */ -#line 814 "gram.y" +#line 815 "gram.y" { parser_leak_remove(LEAK_PTR, (yyval.options).runchroot); free((yyval.options).runchroot); (yyval.options).runchroot = (yyvsp[0].string); } -#line 2583 "gram.c" +#line 2584 "gram.c" break; case 87: /* options: options notbeforespec */ -#line 819 "gram.y" +#line 820 "gram.y" { (yyval.options).notbefore = parse_gentime((yyvsp[0].string)); parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -2599,11 +2600,11 @@ yyreduce: YYERROR; } } -#line 2597 "gram.c" +#line 2598 "gram.c" break; case 88: /* options: options notafterspec */ -#line 828 "gram.y" +#line 829 "gram.y" { (yyval.options).notafter = parse_gentime((yyvsp[0].string)); parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -2613,11 +2614,11 @@ yyreduce: YYERROR; } } -#line 2611 "gram.c" +#line 2612 "gram.c" break; case 89: /* options: options timeoutspec */ -#line 837 "gram.y" +#line 838 "gram.y" { (yyval.options).timeout = parse_timeout((yyvsp[0].string)); parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); @@ -2630,11 +2631,11 @@ yyreduce: YYERROR; } } -#line 2628 "gram.c" +#line 2629 "gram.c" break; case 90: /* options: options rolespec */ -#line 849 "gram.y" +#line 850 "gram.y" { #ifdef HAVE_SELINUX parser_leak_remove(LEAK_PTR, (yyval.options).role); @@ -2642,11 +2643,11 @@ yyreduce: (yyval.options).role = (yyvsp[0].string); #endif } -#line 2640 "gram.c" +#line 2641 "gram.c" break; case 91: /* options: options typespec */ -#line 856 "gram.y" +#line 857 "gram.y" { #ifdef HAVE_SELINUX parser_leak_remove(LEAK_PTR, (yyval.options).type); @@ -2654,11 +2655,11 @@ yyreduce: (yyval.options).type = (yyvsp[0].string); #endif } -#line 2652 "gram.c" +#line 2653 "gram.c" break; case 92: /* options: options apparmor_profilespec */ -#line 863 "gram.y" +#line 864 "gram.y" { #ifdef HAVE_APPARMOR parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile); @@ -2666,11 +2667,11 @@ yyreduce: (yyval.options).apparmor_profile = (yyvsp[0].string); #endif } -#line 2664 "gram.c" +#line 2665 "gram.c" break; case 93: /* options: options privsspec */ -#line 870 "gram.y" +#line 871 "gram.y" { #ifdef HAVE_PRIV_SET parser_leak_remove(LEAK_PTR, (yyval.options).privs); @@ -2678,11 +2679,11 @@ yyreduce: (yyval.options).privs = (yyvsp[0].string); #endif } -#line 2676 "gram.c" +#line 2677 "gram.c" break; case 94: /* options: options limitprivsspec */ -#line 877 "gram.y" +#line 878 "gram.y" { #ifdef HAVE_PRIV_SET parser_leak_remove(LEAK_PTR, (yyval.options).limitprivs); @@ -2690,147 +2691,147 @@ yyreduce: (yyval.options).limitprivs = (yyvsp[0].string); #endif } -#line 2688 "gram.c" +#line 2689 "gram.c" break; case 95: /* cmndtag: %empty */ -#line 886 "gram.y" +#line 887 "gram.y" { TAGS_INIT(&(yyval.tag)); } -#line 2696 "gram.c" +#line 2697 "gram.c" break; case 96: /* cmndtag: cmndtag NOPASSWD */ -#line 889 "gram.y" +#line 890 "gram.y" { (yyval.tag).nopasswd = true; } -#line 2704 "gram.c" +#line 2705 "gram.c" break; case 97: /* cmndtag: cmndtag PASSWD */ -#line 892 "gram.y" +#line 893 "gram.y" { (yyval.tag).nopasswd = false; } -#line 2712 "gram.c" +#line 2713 "gram.c" break; case 98: /* cmndtag: cmndtag NOEXEC */ -#line 895 "gram.y" +#line 896 "gram.y" { (yyval.tag).noexec = true; } -#line 2720 "gram.c" +#line 2721 "gram.c" break; case 99: /* cmndtag: cmndtag EXEC */ -#line 898 "gram.y" +#line 899 "gram.y" { (yyval.tag).noexec = false; } -#line 2728 "gram.c" +#line 2729 "gram.c" break; case 100: /* cmndtag: cmndtag INTERCEPT */ -#line 901 "gram.y" +#line 902 "gram.y" { (yyval.tag).intercept = true; } -#line 2736 "gram.c" +#line 2737 "gram.c" break; case 101: /* cmndtag: cmndtag NOINTERCEPT */ -#line 904 "gram.y" +#line 905 "gram.y" { (yyval.tag).intercept = false; } -#line 2744 "gram.c" +#line 2745 "gram.c" break; case 102: /* cmndtag: cmndtag SETENV */ -#line 907 "gram.y" +#line 908 "gram.y" { (yyval.tag).setenv = true; } -#line 2752 "gram.c" +#line 2753 "gram.c" break; case 103: /* cmndtag: cmndtag NOSETENV */ -#line 910 "gram.y" +#line 911 "gram.y" { (yyval.tag).setenv = false; } -#line 2760 "gram.c" +#line 2761 "gram.c" break; case 104: /* cmndtag: cmndtag LOG_INPUT */ -#line 913 "gram.y" +#line 914 "gram.y" { (yyval.tag).log_input = true; } -#line 2768 "gram.c" +#line 2769 "gram.c" break; case 105: /* cmndtag: cmndtag NOLOG_INPUT */ -#line 916 "gram.y" +#line 917 "gram.y" { (yyval.tag).log_input = false; } -#line 2776 "gram.c" +#line 2777 "gram.c" break; case 106: /* cmndtag: cmndtag LOG_OUTPUT */ -#line 919 "gram.y" +#line 920 "gram.y" { (yyval.tag).log_output = true; } -#line 2784 "gram.c" +#line 2785 "gram.c" break; case 107: /* cmndtag: cmndtag NOLOG_OUTPUT */ -#line 922 "gram.y" +#line 923 "gram.y" { (yyval.tag).log_output = false; } -#line 2792 "gram.c" +#line 2793 "gram.c" break; case 108: /* cmndtag: cmndtag FOLLOWLNK */ -#line 925 "gram.y" +#line 926 "gram.y" { (yyval.tag).follow = true; } -#line 2800 "gram.c" +#line 2801 "gram.c" break; case 109: /* cmndtag: cmndtag NOFOLLOWLNK */ -#line 928 "gram.y" +#line 929 "gram.y" { (yyval.tag).follow = false; } -#line 2808 "gram.c" +#line 2809 "gram.c" break; case 110: /* cmndtag: cmndtag MAIL */ -#line 931 "gram.y" +#line 932 "gram.y" { (yyval.tag).send_mail = true; } -#line 2816 "gram.c" +#line 2817 "gram.c" break; case 111: /* cmndtag: cmndtag NOMAIL */ -#line 934 "gram.y" +#line 935 "gram.y" { (yyval.tag).send_mail = false; } -#line 2824 "gram.c" +#line 2825 "gram.c" break; case 112: /* cmnd: ALL */ -#line 939 "gram.y" +#line 940 "gram.y" { struct sudo_command *c; @@ -2845,11 +2846,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2843 "gram.c" +#line 2844 "gram.c" break; case 113: /* cmnd: ALIAS */ -#line 953 "gram.y" +#line 954 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -2859,11 +2860,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2857 "gram.c" +#line 2858 "gram.c" break; case 114: /* cmnd: COMMAND */ -#line 962 "gram.y" +#line 963 "gram.y" { struct sudo_command *c; @@ -2885,20 +2886,20 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].command).args); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 2883 "gram.c" +#line 2884 "gram.c" break; case 117: /* $@1: %empty */ -#line 989 "gram.y" +#line 990 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2892 "gram.c" +#line 2893 "gram.c" break; case 118: /* hostalias: ALIAS $@1 '=' hostlist */ -#line 992 "gram.y" +#line 993 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), HOSTALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2908,30 +2909,30 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2906 "gram.c" +#line 2907 "gram.c" break; case 121: /* hostlist: hostlist ',' ophost */ -#line 1005 "gram.y" +#line 1006 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2916 "gram.c" +#line 2917 "gram.c" break; case 124: /* $@2: %empty */ -#line 1016 "gram.y" +#line 1017 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2925 "gram.c" +#line 2926 "gram.c" break; case 125: /* cmndalias: ALIAS $@2 '=' cmndlist */ -#line 1019 "gram.y" +#line 1020 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), CMNDALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2941,30 +2942,30 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2939 "gram.c" +#line 2940 "gram.c" break; case 128: /* cmndlist: cmndlist ',' digcmnd */ -#line 1032 "gram.y" +#line 1033 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 2949 "gram.c" +#line 2950 "gram.c" break; case 131: /* $@3: %empty */ -#line 1043 "gram.y" +#line 1044 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2958 "gram.c" +#line 2959 "gram.c" break; case 132: /* runasalias: ALIAS $@3 '=' userlist */ -#line 1046 "gram.y" +#line 1047 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), RUNASALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2974,20 +2975,20 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2972 "gram.c" +#line 2973 "gram.c" break; case 136: /* $@4: %empty */ -#line 1062 "gram.y" +#line 1063 "gram.y" { alias_line = this_lineno; alias_column = sudolinebuf.toke_start + 1; } -#line 2981 "gram.c" +#line 2982 "gram.c" break; case 137: /* useralias: ALIAS $@4 '=' userlist */ -#line 1065 "gram.y" +#line 1066 "gram.y" { if (!alias_add(&parsed_policy, (yyvsp[-3].string), USERALIAS, sudoers, alias_line, alias_column, (yyvsp[0].member))) { @@ -2997,39 +2998,39 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); } -#line 2995 "gram.c" +#line 2996 "gram.c" break; case 140: /* userlist: userlist ',' opuser */ -#line 1078 "gram.y" +#line 1079 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 3005 "gram.c" +#line 3006 "gram.c" break; case 141: /* opuser: user */ -#line 1085 "gram.y" +#line 1086 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 3014 "gram.c" +#line 3015 "gram.c" break; case 142: /* opuser: '!' user */ -#line 1089 "gram.y" +#line 1090 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 3023 "gram.c" +#line 3024 "gram.c" break; case 143: /* user: ALIAS */ -#line 1095 "gram.y" +#line 1096 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -3039,11 +3040,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3037 "gram.c" +#line 3038 "gram.c" break; case 144: /* user: ALL */ -#line 1104 "gram.y" +#line 1105 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { @@ -3052,11 +3053,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3050 "gram.c" +#line 3051 "gram.c" break; case 145: /* user: NETGROUP */ -#line 1112 "gram.y" +#line 1113 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), NETGROUP); if ((yyval.member) == NULL) { @@ -3066,11 +3067,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3064 "gram.c" +#line 3065 "gram.c" break; case 146: /* user: USERGROUP */ -#line 1121 "gram.y" +#line 1122 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), USERGROUP); if ((yyval.member) == NULL) { @@ -3080,11 +3081,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3078 "gram.c" +#line 3079 "gram.c" break; case 147: /* user: WORD */ -#line 1130 "gram.y" +#line 1131 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { @@ -3094,39 +3095,39 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3092 "gram.c" +#line 3093 "gram.c" break; case 149: /* grouplist: grouplist ',' opgroup */ -#line 1142 "gram.y" +#line 1143 "gram.y" { parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); (yyval.member) = (yyvsp[-2].member); } -#line 3102 "gram.c" +#line 3103 "gram.c" break; case 150: /* opgroup: group */ -#line 1149 "gram.y" +#line 1150 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = false; } -#line 3111 "gram.c" +#line 3112 "gram.c" break; case 151: /* opgroup: '!' group */ -#line 1153 "gram.y" +#line 1154 "gram.y" { (yyval.member) = (yyvsp[0].member); (yyval.member)->negated = true; } -#line 3120 "gram.c" +#line 3121 "gram.c" break; case 152: /* group: ALIAS */ -#line 1159 "gram.y" +#line 1160 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), ALIAS); if ((yyval.member) == NULL) { @@ -3136,11 +3137,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3134 "gram.c" +#line 3135 "gram.c" break; case 153: /* group: ALL */ -#line 1168 "gram.y" +#line 1169 "gram.y" { (yyval.member) = new_member(NULL, ALL); if ((yyval.member) == NULL) { @@ -3149,11 +3150,11 @@ yyreduce: } parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3147 "gram.c" +#line 3148 "gram.c" break; case 154: /* group: WORD */ -#line 1176 "gram.y" +#line 1177 "gram.y" { (yyval.member) = new_member((yyvsp[0].string), WORD); if ((yyval.member) == NULL) { @@ -3163,11 +3164,11 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); parser_leak_add(LEAK_MEMBER, (yyval.member)); } -#line 3161 "gram.c" +#line 3162 "gram.c" break; -#line 3165 "gram.c" +#line 3166 "gram.c" default: break; } @@ -3360,7 +3361,7 @@ yyreturnlab: return yyresult; } -#line 1186 "gram.y" +#line 1187 "gram.y" /* Like yyerror() but takes a printf-style format string. */ void @@ -3379,7 +3380,8 @@ sudoerserrorf(const char *fmt, ...) LEXTRACE("<*> "); #ifndef TRACELEXER if (trace_print == NULL || trace_print == sudoers_trace_print) { - char *s, *tofree = NULL; + char *tofree = NULL; + const char *s; int oldlocale; /* Warnings are displayed in the user's locale. */ @@ -3390,10 +3392,12 @@ sudoerserrorf(const char *fmt, ...) /* Optimize common case, a single string. */ s = _(va_arg(ap, char *)); } else { - if (vasprintf(&s, _(fmt), ap) != -1) - tofree = s; - else + if (vasprintf(&tofree, _(fmt), ap) != -1) { + s = tofree; + } else { s = _("syntax error"); + tofree = NULL; + } } sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%d: %s\n"), sudoers, this_lineno, (int)sudolinebuf.toke_start + 1, s); diff --git a/plugins/sudoers/gram.h b/plugins/sudoers/gram.h index 5ed1beaa0..0319ce164 100644 --- a/plugins/sudoers/gram.h +++ b/plugins/sudoers/gram.h @@ -185,9 +185,10 @@ union YYSTYPE struct command_options options; struct cmndtag tag; char *string; + const char *cstring; int tok; -#line 191 "y.tab.h" +#line 192 "y.tab.h" }; typedef union YYSTYPE YYSTYPE; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 602c64b95..0e5cf780d 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -95,6 +95,7 @@ static void alias_error(const char *name, int errnum); struct command_options options; struct cmndtag tag; char *string; + const char *cstring; int tok; } @@ -193,7 +194,7 @@ static void alias_error(const char *name, int errnum); %type includedir %type digestspec %type digestlist -%type reserved_word +%type reserved_word %% @@ -794,7 +795,7 @@ reserved_word : ALL { $$ = "ALL"; } | TYPE { $$ = "TYPE"; } | PRIVS { $$ = "PRIVS"; } | LIMITPRIVS { $$ = "LIMITPRIVS"; } - | APPARMOR_PROFILE { $$ = "APPARMOR_PROFILE"; } + | APPARMOR_PROFILE { $$ = "APPARMOR_PROFILE"; } ; reserved_alias : reserved_word { @@ -1201,7 +1202,8 @@ sudoerserrorf(const char *fmt, ...) LEXTRACE("<*> "); #ifndef TRACELEXER if (trace_print == NULL || trace_print == sudoers_trace_print) { - char *s, *tofree = NULL; + char *tofree = NULL; + const char *s; int oldlocale; /* Warnings are displayed in the user's locale. */ @@ -1212,10 +1214,12 @@ sudoerserrorf(const char *fmt, ...) /* Optimize common case, a single string. */ s = _(va_arg(ap, char *)); } else { - if (vasprintf(&s, _(fmt), ap) != -1) - tofree = s; - else + if (vasprintf(&tofree, _(fmt), ap) != -1) { + s = tofree; + } else { s = _("syntax error"); + tofree = NULL; + } } sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%d: %s\n"), sudoers, this_lineno, (int)sudolinebuf.toke_start + 1, s); diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index e11cfb1f1..97f3a4fc2 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -46,7 +46,7 @@ const char *path_plugin_dir = _PATH_SUDO_PLUGIN_DIR; * the value from the plugin's init function. */ int -group_plugin_load(char *plugin_info) +group_plugin_load(const char *plugin_info) { struct stat sb; char *args, path[PATH_MAX]; diff --git a/plugins/sudoers/insults.h b/plugins/sudoers/insults.h index d7d8074de..752d7e6e4 100644 --- a/plugins/sudoers/insults.h +++ b/plugins/sudoers/insults.h @@ -28,7 +28,7 @@ * Use one or more set of insults as determined by configure */ -char *insults[] = { +const char *insults[] = { # ifdef HAL_INSULTS # include "ins_2001.h" diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 3a403bf34..fc1bc7d11 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -259,7 +259,7 @@ static void * set_passprompt_regex(const char *cstr) { void *handle; - char *cp, *last, *str; + char *cp, *str, *last = NULL; debug_decl(set_passprompt_regex, SUDOERS_DEBUG_UTIL); handle = iolog_pwfilt_alloc(); diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 4f0192265..6f81883d6 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -297,7 +297,7 @@ done: * on error. */ static struct berval ** -sudo_ldap_get_values_len(LDAP *ld, LDAPMessage *entry, char *attr, int *rc) +sudo_ldap_get_values_len(LDAP *ld, LDAPMessage *entry, const char *attr, int *rc) { struct berval **bval; @@ -1613,7 +1613,7 @@ sudo_ldap_bind_s(LDAP *ld) { struct berval bv; - bv.bv_val = ldap_conf.bindpw ? ldap_conf.bindpw : ""; + bv.bv_val = ldap_conf.bindpw ? ldap_conf.bindpw : (char *)""; bv.bv_len = strlen(bv.bv_val); ret = ldap_sasl_bind_s(ld, ldap_conf.binddn, LDAP_SASL_SIMPLE, &bv, diff --git a/plugins/sudoers/ldap_conf.c b/plugins/sudoers/ldap_conf.c index 38d54a3a3..7e4a2e3ad 100644 --- a/plugins/sudoers/ldap_conf.c +++ b/plugins/sudoers/ldap_conf.c @@ -242,7 +242,8 @@ sudo_ldap_parse_uri(const struct ldap_config_str_list *uri_list) hostbuf[0] = '\0'; STAILQ_FOREACH(entry, uri_list, entries) { - char *cp, *host, *last, *port, *uri; + char *cp, *last, *uri; + const char *host, *port; buf = strdup(entry->val); if (buf == NULL) { diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c index 959132f8f..fc494f35c 100644 --- a/plugins/sudoers/log_client.c +++ b/plugins/sudoers/log_client.c @@ -766,7 +766,7 @@ fmt_client_hello(struct client_closure *closure) sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__); /* Client name + version */ - hello_msg.client_id = "sudoers " PACKAGE_VERSION; + hello_msg.client_id = (char *)"sudoers " PACKAGE_VERSION; /* Schedule ClientMessage */ client_msg.u.hello_msg = &hello_msg; @@ -840,6 +840,27 @@ fmt_info_messages(struct client_closure *closure, struct eventlog *evlog, info_message__init(info_msgs[n]); } +#define fill_str(_n, _v) do { \ + info_msgs[n]->key = (char *)(_n); \ + info_msgs[n]->u.strval = (_v); \ + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; \ + n++; \ +} while (0) + +#define fill_strlist(_n, _v) do { \ + info_msgs[n]->key = (char *)(_n); \ + info_msgs[n]->u.strlistval = (_v); \ + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; \ + n++; \ +} while (0) + +#define fill_num(_n, _v) do { \ + info_msgs[n]->key = (char *)(_n); \ + info_msgs[n]->u.numval = (_v); \ + info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; \ + n++; \ +} while (0) + /* Fill in info_msgs */ n = 0; @@ -847,106 +868,43 @@ fmt_info_messages(struct client_closure *closure, struct eventlog *evlog, /* TODO: clientpid */ /* TODO: clientppid */ /* TODO: clientsid */ - - info_msgs[n]->key = "columns"; - info_msgs[n]->u.numval = evlog->columns; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; - - info_msgs[n]->key = "command"; - info_msgs[n]->u.strval = evlog->command; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - info_msgs[n]->key = "lines"; - info_msgs[n]->u.numval = evlog->lines; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; - + fill_num("columns", evlog->columns); + fill_str("command", evlog->command); + fill_num("lines", evlog->lines); if (runargv != NULL) { - info_msgs[n]->key = "runargv"; - info_msgs[n]->u.strlistval = runargv; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; - n++; + fill_strlist("runargv", runargv); + runargv = NULL; + } + if (evlog->runchroot != NULL) { + fill_str("runchroot", evlog->runchroot); + } + if (evlog->runcwd != NULL) { + fill_str("runcwd", evlog->runcwd); } - if (runenv != NULL) { - info_msgs[n]->key = "runenv"; - info_msgs[n]->u.strlistval = runenv; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL; - n++; + fill_strlist("runenv", runenv); + runenv = NULL; } - if (evlog->rungroup != NULL) { - info_msgs[n]->key = "rungid"; - info_msgs[n]->u.numval = evlog->rungid; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; - - info_msgs[n]->key = "rungroup"; - info_msgs[n]->u.strval = evlog->rungroup; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; + fill_num("rungid", evlog->rungid); + fill_str("rungroup", evlog->rungroup); } - /* TODO - rungids */ /* TODO - rungroups */ - - info_msgs[n]->key = "runuid"; - info_msgs[n]->u.numval = evlog->runuid; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL; - n++; - - info_msgs[n]->key = "runuser"; - info_msgs[n]->u.strval = evlog->runuser; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - + fill_num("runuid", evlog->runuid); + fill_str("runuser", evlog->runuser); if (evlog->cwd != NULL) { - info_msgs[n]->key = "submitcwd"; - info_msgs[n]->u.strval = evlog->cwd; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; + fill_str("submitcwd", evlog->cwd); } - - if (evlog->runcwd != NULL) { - info_msgs[n]->key = "runcwd"; - info_msgs[n]->u.strval = evlog->runcwd; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - } - - if (evlog->runchroot != NULL) { - info_msgs[n]->key = "runchroot"; - info_msgs[n]->u.strval = evlog->runchroot; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - } - /* TODO - submitenv */ /* TODO - submitgid */ /* TODO - submitgids */ /* TODO - submitgroup */ /* TODO - submitgroups */ - - info_msgs[n]->key = "submithost"; - info_msgs[n]->u.strval = evlog->submithost; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - + fill_str("submithost", evlog->submithost); /* TODO - submituid */ - - info_msgs[n]->key = "submituser"; - info_msgs[n]->u.strval = evlog->submituser; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - - if (evlog->ttyname != NULL) { - info_msgs[n]->key = "ttyname"; - info_msgs[n]->u.strval = evlog->ttyname; - info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; - n++; - } + fill_str("submituser", evlog->submituser); + fill_str("ttyname", evlog->ttyname); /* Free unused structs. */ while (info_msgs_size > n) diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 286c6aee8..3f9aa7f32 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -986,11 +986,11 @@ sudoers_to_eventlog(struct eventlog *evlog, char * const argv[], static FILE * sudoers_log_open(int type, const char *log_file) { + const char *omode; bool uid_changed; FILE *fp = NULL; mode_t oldmask; int fd, flags; - char *omode; debug_decl(sudoers_log_open, SUDOERS_DEBUG_LOGGING); switch (type) { diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index a56f86c81..5cb31cedb 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -719,7 +719,7 @@ display_defaults(struct sudoers_parse_tree *parse_tree, struct passwd *pw, struct sudo_lbuf *lbuf) { struct defaults *d; - char *prefix; + const char *prefix; int nfound = 0; debug_decl(display_defaults, SUDOERS_DEBUG_PARSER); @@ -762,7 +762,7 @@ display_bound_defaults_by_type(struct sudoers_parse_tree *parse_tree, struct defaults *d; struct defaults_binding *binding = NULL; struct member *m; - char *dsep; + const char *dsep; int atype, nfound = 0; debug_decl(display_bound_defaults_by_type, SUDOERS_DEBUG_PARSER); diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 763894454..2fcb8dd12 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -1171,7 +1171,7 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], static int sudoers_policy_validate(const char **errstr) { - char *argv[] = { "validate", NULL }; + char *argv[] = { (char *)"validate", NULL }; const int argc = 1; int ret; debug_decl(sudoers_policy_validate, SUDOERS_DEBUG_PLUGIN); @@ -1213,7 +1213,7 @@ static int sudoers_policy_list(int argc, char * const argv[], int verbose, const char *list_user, const char **errstr) { - char *list_argv[] = { "list", NULL }; + char *list_argv[] = { (char *)"list", NULL }; int ret; debug_decl(sudoers_policy_list, SUDOERS_DEBUG_PLUGIN); diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index ca5e146b4..88c7a4192 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -686,7 +686,7 @@ sudo_mkgrent(const char *group, gid_t gid, ...) } gr = &gritem->gr; gr->gr_gid = gid; - gr->gr_passwd = "*"; + gr->gr_passwd = (char *)"*"; cp = (char *)(gritem + 1); gr->gr_mem = (char **)cp; cp += sizeof(char *) * nmem; diff --git a/plugins/sudoers/regress/editor/check_editor.c b/plugins/sudoers/regress/editor/check_editor.c index 97585d66e..084d1628a 100644 --- a/plugins/sudoers/regress/editor/check_editor.c +++ b/plugins/sudoers/regress/editor/check_editor.c @@ -29,12 +29,12 @@ /* Note hard-coded array lengths. */ struct test_data { - char *editor_var; + const char *editor_var; int nfiles; - char *files[4]; - char *editor_path; + const char *files[4]; + const char *editor_path; int edit_argc; - char *edit_argv[10]; + const char *edit_argv[10]; } test_data[] = { { /* Bug #942 */ @@ -99,13 +99,13 @@ main(int argc, char *argv[]) int i, edit_argc = 0; /* clear existing editor environment vars */ - putenv("VISUAL="); - putenv("EDITOR="); - putenv("SUDO_EDITOR="); + putenv((char *)"VISUAL="); + putenv((char *)"EDITOR="); + putenv((char *)"SUDO_EDITOR="); - putenv(data->editor_var); - editor_path = find_editor(data->nfiles, data->files, &edit_argc, - &edit_argv, NULL, &env_editor); + putenv((char *)data->editor_var); + editor_path = find_editor(data->nfiles, (char **)data->files, + &edit_argc, &edit_argv, NULL, &env_editor); ntests++; if (strcmp(editor_path, data->editor_path) != 0) { sudo_warnx("test %d: editor_path: expected \"%s\", got \"%s\"", diff --git a/plugins/sudoers/regress/exptilde/check_exptilde.c b/plugins/sudoers/regress/exptilde/check_exptilde.c index 093fb640c..93f9b4b65 100644 --- a/plugins/sudoers/regress/exptilde/check_exptilde.c +++ b/plugins/sudoers/regress/exptilde/check_exptilde.c @@ -34,9 +34,9 @@ struct sudo_user sudo_user; struct test_data { - char *input; - char *output; - char *user; + const char *input; + const char *output; + const char *user; bool result; } test_data[] = { { "foo/bar", NULL, NULL, false }, diff --git a/plugins/sudoers/regress/fuzz/fuzz_policy.c b/plugins/sudoers/regress/fuzz/fuzz_policy.c index 85d05cc24..e908f3bf8 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_policy.c +++ b/plugins/sudoers/regress/fuzz/fuzz_policy.c @@ -384,8 +384,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) line = NULL; /* Exercise code paths that use KRB5CCNAME and SUDO_PROMPT. */ - putenv("KRB5CCNAME=/tmp/krb5cc_123456"); - putenv("SUDO_PROMPT=[sudo] password for %p: "); + putenv((char *)"KRB5CCNAME=/tmp/krb5cc_123456"); + putenv((char *)"SUDO_PROMPT=[sudo] password for %p: "); sudoers_policy.register_hooks(SUDO_API_VERSION, fuzz_hook_stub); diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c index 90de61e86..b69f6a04b 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -162,9 +162,9 @@ open_data(const uint8_t *data, size_t size) } static struct user_data { - char *user; - char *runuser; - char *rungroup; + const char *user; + const char *runuser; + const char *rungroup; } user_data[] = { { "root", NULL, NULL }, { "millert", "operator", NULL }, @@ -183,7 +183,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) struct interface_list *interfaces; struct passwd *pw; struct group *gr; - char *gids[10]; + const char *gids[10]; FILE *fp; /* Don't waste time fuzzing tiny inputs. */ @@ -237,7 +237,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) gids[1] = "20"; gids[2] = "5"; gids[3] = NULL; - if (sudo_set_gidlist(pw, gids, ENTRY_TYPE_FRONTEND) == -1) + if (sudo_set_gidlist(pw, (char **)gids, ENTRY_TYPE_FRONTEND) == -1) goto done; sudo_pw_delref(pw); @@ -246,7 +246,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) goto done; gids[0] = "5"; gids[1] = NULL; - if (sudo_set_gidlist(pw, gids, ENTRY_TYPE_FRONTEND) == -1) + if (sudo_set_gidlist(pw, (char **)gids, ENTRY_TYPE_FRONTEND) == -1) goto done; sudo_pw_delref(pw); @@ -258,17 +258,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) gids[2] = "5"; gids[3] = "100"; gids[4] = NULL; - if (sudo_set_gidlist(pw, gids, ENTRY_TYPE_FRONTEND) == -1) + if (sudo_set_gidlist(pw, (char **)gids, ENTRY_TYPE_FRONTEND) == -1) goto done; sudo_pw_delref(pw); /* The minimum needed to perform matching (user_cmnd must be dynamic). */ - user_host = user_shost = user_runhost = user_srunhost = "localhost"; + user_host = user_shost = user_runhost = user_srunhost = (char *)"localhost"; user_cmnd = strdup("/usr/bin/id"); if (user_cmnd == NULL) goto done; - user_args = "-u"; - user_base = "id"; + user_args = (char *)"-u"; + user_base = (char *)"id"; /* Add a fake network interfaces. */ interfaces = get_interfaces(); @@ -301,7 +301,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) int cmnd_status; /* Invoking user. */ - user_name = ud->user; + user_name = (char *)ud->user; if (sudo_user.pw != NULL) sudo_pw_delref(sudo_user.pw); sudo_user.pw = sudo_getpwnam(user_name); @@ -314,7 +314,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (runas_pw != NULL) sudo_pw_delref(runas_pw); if (ud->runuser != NULL) { - sudo_user.runas_user = ud->runuser; + sudo_user.runas_user = (char *)ud->runuser; SET(sudo_user.flags, RUNAS_USER_SPECIFIED); runas_pw = sudo_getpwnam(sudo_user.runas_user); } else { @@ -331,7 +331,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (runas_gr != NULL) sudo_gr_delref(runas_gr); if (ud->rungroup != NULL) { - sudo_user.runas_group = ud->rungroup; + sudo_user.runas_group = (char *)ud->rungroup; SET(sudo_user.flags, RUNAS_GROUP_SPECIFIED); runas_gr = sudo_getgrnam(sudo_user.runas_group); if (runas_gr == NULL) { diff --git a/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c b/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c index a03ff50a1..e4cc14166 100644 --- a/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c +++ b/plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c @@ -214,11 +214,11 @@ test_endpoints(int *ntests, int *nerrors, const char *iolog_dir, char *envp[]) char buf[1024], iolog_path[PATH_MAX]; char runas_gid[64], runas_uid[64]; FILE *fp; - char *cmnd_argv[] = { + const char *cmnd_argv[] = { "/usr/bin/id", NULL }; - char *user_info[] = { + const char *user_info[] = { "cols=80", "lines=24", "cwd=/", @@ -227,7 +227,7 @@ test_endpoints(int *ntests, int *nerrors, const char *iolog_dir, char *envp[]) "user=nobody", NULL }; - char *command_info[] = { + const char *command_info[] = { "command=/usr/bin/id", iolog_path, "iolog_stdin=true", @@ -257,7 +257,8 @@ test_endpoints(int *ntests, int *nerrors, const char *iolog_dir, char *envp[]) /* Test open endpoint. */ rc = sudoers_io.open(SUDO_API_VERSION, NULL, sudo_printf_int, settings, - user_info, command_info, cmnd_argc, cmnd_argv, envp, NULL, &errstr); + (char **)user_info, (char **)command_info, cmnd_argc, + (char **)cmnd_argv, envp, NULL, &errstr); (*ntests)++; if (rc != 1) { sudo_warnx("I/O log open endpoint failed"); diff --git a/plugins/sudoers/regress/parser/check_gentime.c b/plugins/sudoers/regress/parser/check_gentime.c index 2aed93dcb..a203bc67c 100644 --- a/plugins/sudoers/regress/parser/check_gentime.c +++ b/plugins/sudoers/regress/parser/check_gentime.c @@ -33,7 +33,7 @@ sudo_dso_public int main(int argc, char *argv[]); const struct gentime_test { - char *gentime; + const char *gentime; time_t unixtime; } tests[] = { { "199412161032ZZ", -1 }, @@ -65,7 +65,7 @@ main(int argc, char *argv[]) initprogname(argc > 0 ? argv[0] : "check_gentime"); /* Do local time tests in Eastern Standard Time. */ - putenv("TZ=EST5EST5"); + putenv((char *)"TZ=EST5EST5"); tzset(); for (i = 0; i < ntests; i++) { diff --git a/plugins/sudoers/regress/serialize_list/check_serialize_list.c b/plugins/sudoers/regress/serialize_list/check_serialize_list.c index 7abf4761e..c27e0a190 100644 --- a/plugins/sudoers/regress/serialize_list/check_serialize_list.c +++ b/plugins/sudoers/regress/serialize_list/check_serialize_list.c @@ -38,9 +38,9 @@ test_serialize_list(int *ntests_out, int *errors_out) struct list_member lm1, lm2, lm3; char *result; - lm1.value = "a value with spaces"; - lm2.value = "this,and,that"; - lm3.value = ","; + lm1.value = (char *)"a value with spaces"; + lm2.value = (char *)"this,and,that"; + lm3.value = (char *)","; SLIST_INSERT_HEAD(&members, &lm3, entries); SLIST_INSERT_HEAD(&members, &lm2, entries); SLIST_INSERT_HEAD(&members, &lm1, entries); diff --git a/plugins/sudoers/regress/unescape/check_unesc.c b/plugins/sudoers/regress/unescape/check_unesc.c index 6b97f5588..ebbe30734 100644 --- a/plugins/sudoers/regress/unescape/check_unesc.c +++ b/plugins/sudoers/regress/unescape/check_unesc.c @@ -27,8 +27,8 @@ #include "sudoers.h" struct test_data { - char *input; - char *result; + const char *input; + const char *result; size_t result_len; size_t bufsize; }; @@ -139,7 +139,7 @@ test_strvec_join(char sep, int *ntests_out, int *errors_out) /* Simulate: sudoedit -s '\' `perl -e 'print "A" x 65536'` */ memset(buf, 'A', sizeof(buf)); buf[sizeof(buf) - 1] = '\0'; - argv[0] = "\\"; + argv[0] = (char *)"\\"; argv[1] = buf; argv[2] = NULL; diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 71e8ba256..66e429299 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -749,7 +749,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], strcmp(NewArgv[1], "-c") == 0) { /* We allocated extra space for the --login above. */ memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc); - NewArgv[1] = "--login"; + NewArgv[1] = (char *)"--login"; NewArgc++; } @@ -1188,8 +1188,8 @@ set_loginclass(struct passwd *pw) } else { login_class = pw->pw_class; if (!login_class || !*login_class) - login_class = - (pw->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS; + login_class = (char *) + ((pw->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS); } /* Make sure specified login class is valid. */ diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index a6718ccac..80226b43e 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -417,7 +417,7 @@ bool matches_env_pattern(const char *pattern, const char *var, bool *full_match) FILE *open_sudoers(const char *, bool, bool *); int set_cmnd_path(const char *runchroot); int sudoers_init(void *info, sudoers_logger_t logger, char * const envp[]); -int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], bool verbose, void *closure); +int sudoers_policy_main(int argc, char *const argv[], int pwflag, char *env_add[], bool verbose, void *closure); void sudoers_cleanup(void); void sudo_user_free(void); extern struct sudo_user sudo_user; @@ -442,7 +442,7 @@ extern const char *path_ldap_conf; extern const char *path_ldap_secret; /* group_plugin.c */ -int group_plugin_load(char *plugin_info); +int group_plugin_load(const char *plugin_info); void group_plugin_unload(void); int group_plugin_query(const char *user, const char *group, const struct passwd *pwd); @@ -450,8 +450,8 @@ bool cb_group_plugin(const char *file, int line, int column, const union sudo_de extern const char *path_plugin_dir; /* editor.c */ -char *find_editor(int nfiles, char **files, int *argc_out, char ***argv_out, - char * const *allowlist, const char **env_editor); +char *find_editor(int nfiles, char * const *files, int *argc_out, + char ***argv_out, char * const *allowlist, const char **env_editor); /* exptilde.c */ bool expand_tilde(char **path, const char *user); diff --git a/plugins/sudoers/sudoers_hooks.c b/plugins/sudoers/sudoers_hooks.c index d0610e0e1..738f93b38 100644 --- a/plugins/sudoers/sudoers_hooks.c +++ b/plugins/sudoers/sudoers_hooks.c @@ -101,7 +101,7 @@ sudoers_hook_getenv(const char *name, char **value, void *closure) goto done; } if (strcmp(name, "LC_ALL") == 0 || strcmp(name, "LC_MESSAGES") == 0) { - *value = def_sudoers_locale; + *value = (char *)def_sudoers_locale; goto done; } } diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index 5b8ebe501..d8e28774d 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -1129,7 +1129,7 @@ write_output(int fd, int what, void *v) if ((nl == iov[0].iov_base && iobuf->lastc != '\r') || (nl != iov[0].iov_base && nl[-1] != '\r')) { iov[0].iov_len = len; - iov[1].iov_base = "\r\n"; + iov[1].iov_base = (char *)"\r\n"; iov[1].iov_len = 2; iovcnt = 2; nbytes = iov[0].iov_len + iov[1].iov_len; diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index d83bdb0c7..809b6b59c 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -202,8 +202,8 @@ main(int argc, char *argv[]) if (argc < 2) { if (!dflag) usage(); - user_name = argc ? *argv++ : "root"; - user_cmnd = user_base = "true"; + user_name = argc ? *argv++ : (char *)"root"; + user_cmnd = user_base = (char *)"true"; argc = 0; } else { user_name = *argv++; diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 679d39da8..5d1cc48e8 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -93,7 +93,7 @@ static bool install_sudoers(struct sudoersfile *, bool, bool); static bool visudo_track_error(const char *file, int line, int column, const char *fmt, va_list args); static int print_unused(struct sudoers_parse_tree *, struct alias *, void *); static bool reparse_sudoers(char *, int, char **, bool, bool); -static int run_command(char *, char **); +static int run_command(const char *, char *const *); static void parse_sudoers_options(void); static void setup_signals(void); static void help(void) __attribute__((__noreturn__)); @@ -255,7 +255,7 @@ main(int argc, char *argv[]) } /* Mock up a fake sudo_user struct. */ - user_cmnd = user_base = ""; + user_cmnd = user_base = (char *)""; if (geteuid() == 0) { const char *user = getenv("SUDO_USER"); if (user != NULL && *user != '\0') @@ -361,7 +361,7 @@ get_editor(int *editor_argc, char ***editor_argv) { char *editor_path = NULL, **allowlist = NULL; const char *env_editor; - static char *files[] = { "+1", "sudoers" }; + static const char *files[] = { "+1", "sudoers" }; unsigned int allowlist_len = 0; debug_decl(get_editor, SUDOERS_DEBUG_UTIL); @@ -389,8 +389,8 @@ get_editor(int *editor_argc, char ***editor_argv) allowlist[allowlist_len] = NULL; } - editor_path = find_editor(2, files, editor_argc, editor_argv, allowlist, - &env_editor); + editor_path = find_editor(2, (char **)files, editor_argc, editor_argv, + allowlist, &env_editor); if (editor_path == NULL) { if (def_env_editor && env_editor != NULL) { /* We are honoring $EDITOR so this is a fatal error. */ @@ -413,7 +413,7 @@ get_editor(int *editor_argc, char ***editor_argv) * If an entry starts with '*' the tail end of the string is matched. * No other wild cards are supported. */ -static char *lineno_editors[] = { +static const char *lineno_editors[] = { "ex", "nex", "vi", @@ -440,7 +440,7 @@ static bool editor_supports_plus(const char *editor) { const char *cp, *editor_base; - char **av; + const char **av; debug_decl(editor_supports_plus, SUDOERS_DEBUG_UTIL); editor_base = sudo_basename(editor); @@ -532,7 +532,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, int editor_argc, (void)snprintf(linestr, sizeof(linestr), "+%d", lineno); editor_argv[ac++] = linestr; // -V507 } - editor_argv[ac++] = "--"; + editor_argv[ac++] = (char *)"--"; editor_argv[ac++] = sp->tpath; editor_argv[ac++] = NULL; @@ -885,7 +885,7 @@ setup_signals(void) } static int -run_command(char *path, char **argv) +run_command(const char *path, char *const *argv) { int status; pid_t pid, rv; @@ -1204,11 +1204,11 @@ quit(int signo) #define emsg " exiting due to signal: " iov[0].iov_base = (char *)getprogname(); iov[0].iov_len = strlen(iov[0].iov_base); - iov[1].iov_base = emsg; + iov[1].iov_base = (char *)emsg; iov[1].iov_len = sizeof(emsg) - 1; iov[2].iov_base = strsignal(signo); iov[2].iov_len = strlen(iov[2].iov_base); - iov[3].iov_base = "\n"; + iov[3].iov_base = (char *)"\n"; iov[3].iov_len = 1; ignore_result(writev(STDERR_FILENO, iov, 4)); _exit(signo); diff --git a/src/edit_open.c b/src/edit_open.c index cd0418406..091eed838 100644 --- a/src/edit_open.c +++ b/src/edit_open.c @@ -493,6 +493,7 @@ sudo_edit_parent_valid(char *path, int sflags, struct sudo_cred *user_cred, struct stat sb; bool ret = false; char *slash; + char pathbuf[2]; int dfd; debug_decl(sudo_edit_parent_valid, SUDO_DEBUG_EDIT); @@ -500,9 +501,13 @@ sudo_edit_parent_valid(char *path, int sflags, struct sudo_cred *user_cred, slash = strrchr(path, '/'); if (slash == NULL) { /* cwd */ - path = "."; + pathbuf[0] = '.'; + pathbuf[1] = '\0'; + path = pathbuf; } else if (slash == path) { - path = "/"; + pathbuf[0] = '/'; + pathbuf[1] = '\0'; + path = pathbuf; slash = NULL; } else { *slash = '\0'; diff --git a/src/exec_common.c b/src/exec_common.c index c5fc8cb77..c5d704fe8 100644 --- a/src/exec_common.c +++ b/src/exec_common.c @@ -119,16 +119,16 @@ sudo_execve(int fd, const char *path, char *const argv[], char *envp[], execve(path, argv, envp); if (fd == -1 && errno == ENOEXEC) { int argc; - char **nargv; + const char **nargv; for (argc = 0; argv[argc] != NULL; argc++) continue; nargv = reallocarray(NULL, argc + 2, sizeof(char *)); if (nargv != NULL) { nargv[0] = "sh"; - nargv[1] = (char *)path; + nargv[1] = path; memcpy(nargv + 2, argv + 1, argc * sizeof(char *)); - execve(_PATH_SUDO_BSHELL, nargv, envp); + execve(_PATH_SUDO_BSHELL, (char **)nargv, envp); free(nargv); } } diff --git a/src/parse_args.c b/src/parse_args.c index 7a8da9209..ae8af5dd2 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -638,7 +638,7 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv, av[0] = (char *)user_details.shell; /* plugin may override shell */ if (cmnd != NULL) { - av[1] = "-c"; + av[1] = (char *)"-c"; av[2] = cmnd; } av[ac] = NULL; @@ -662,7 +662,7 @@ parse_args(int argc, char **argv, int *old_optind, int *nargc, char ***nargv, exit(EXIT_FAILURE); /* Must have the command in argv[0]. */ - av[0] = "sudoedit"; + av[0] = (char *)"sudoedit"; for (ac = 0; argv[ac] != NULL; ac++) { av[ac + 1] = argv[ac]; } @@ -702,7 +702,7 @@ static void display_usage(int (*output)(const char *)) { struct sudo_lbuf lbuf; - char *uvec[6]; + const char *uvec[6]; int i, ulen; /* diff --git a/src/regress/noexec/check_noexec.c b/src/regress/noexec/check_noexec.c index 9e24bc0ec..79848b43a 100644 --- a/src/regress/noexec/check_noexec.c +++ b/src/regress/noexec/check_noexec.c @@ -210,7 +210,7 @@ main(int argc, char *argv[], char *envp[]) /* Disable execution for post-exec and re-exec ourself. */ if (strcmp(argv[optind], "rexec") != 0) { const char *noexec = argv[optind]; - argv[optind] = "rexec"; + argv[optind] = (char *)"rexec"; execve(argv[0], argv, disable_execute(envp, noexec)); sudo_fatalx_nodebug("execve"); } diff --git a/src/selinux.c b/src/selinux.c index 2326326ef..8c78e045e 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -445,6 +445,7 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], char **nargv; const char *sesh; int argc, nargc, serrno; + bool login_shell = false; debug_decl(selinux_execve, SUDO_DEBUG_SELINUX); sesh = sudo_conf_sesh_path(); @@ -474,11 +475,13 @@ selinux_execve(int fd, const char *path, char *const argv[], char *envp[], sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); debug_return; } + if (*argv[0] == '-') + login_shell = true; if (ISSET(flags, CD_NOEXEC)) { - nargv[0] = *argv[0] == '-' ? "-sesh-noexec" : "sesh-noexec"; + nargv[0] = (char *)(login_shell ? "-sesh-noexec" : "sesh-noexec"); CLR(flags, CD_NOEXEC); } else { - nargv[0] = *argv[0] == '-' ? "-sesh" : "sesh"; + nargv[0] = (char *)(login_shell ? "-sesh" : "sesh"); } nargc = 1; if (fd != -1 && asprintf(&nargv[nargc++], "--execfd=%d", fd) == -1) { diff --git a/src/sudo.c b/src/sudo.c index 4f0f8fa35..5bf4ad9c0 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -1246,7 +1246,7 @@ policy_list(int argc, char * const argv[], int verbose, const char *user) { const char *errstr = NULL; /* TODO: add list_user */ - char * const command_info[] = { + const char * const command_info[] = { "command=list", NULL }; @@ -1264,17 +1264,17 @@ policy_list(int argc, char * const argv[], int verbose, const char *user) switch (ok) { case 1: audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, - command_info, argv, submit_envp); + (char **)command_info, argv, submit_envp); break; case 0: audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, errstr ? errstr : _("command rejected by policy"), - command_info); + (char **)command_info); break; default: audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, errstr ? errstr : _("policy plugin error"), - command_info); + (char **)command_info); break; } @@ -1290,7 +1290,7 @@ static void policy_validate(char * const argv[]) { const char *errstr = NULL; - char * const command_info[] = { + const char * const command_info[] = { "command=validate", NULL }; @@ -1307,18 +1307,18 @@ policy_validate(char * const argv[]) switch (ok) { case 1: - audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, command_info, - argv, submit_envp); + audit_accept(policy_plugin.name, SUDO_POLICY_PLUGIN, + (char **)command_info, argv, submit_envp); break; case 0: audit_reject(policy_plugin.name, SUDO_POLICY_PLUGIN, errstr ? errstr : _("command rejected by policy"), - command_info); + (char **)command_info); break; default: audit_error(policy_plugin.name, SUDO_POLICY_PLUGIN, errstr ? errstr : _("policy plugin error"), - command_info); + (char **)command_info); break; } diff --git a/src/sudo_edit.c b/src/sudo_edit.c index 2720ae7f2..7d48d7776 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -414,7 +414,8 @@ static int selinux_edit_create_tfiles(struct command_details *command_details, struct tempfile *tf, char *files[], int nfiles) { - char **sesh_args, **sesh_ap, *user_str = NULL; + const char **sesh_args, **sesh_ap; + char *user_str = NULL; int i, error, sesh_nargs, ret = -1; struct stat sb; debug_decl(selinux_edit_create_tfiles, SUDO_DEBUG_EDIT); @@ -471,9 +472,9 @@ selinux_edit_create_tfiles(struct command_details *command_details, *sesh_ap = NULL; /* Run sesh -e [-h] 0 ... */ - error = selinux_run_helper(command_details->cred.uid, command_details->cred.gid, - command_details->cred.ngroups, command_details->cred.groups, sesh_args, - command_details->envp); + error = selinux_run_helper(command_details->cred.uid, + command_details->cred.gid, command_details->cred.ngroups, + command_details->cred.groups, (char **)sesh_args, command_details->envp); switch (error) { case SESH_SUCCESS: break; @@ -520,7 +521,8 @@ static int selinux_edit_copy_tfiles(struct command_details *command_details, struct tempfile *tf, int nfiles, struct timespec *times) { - char **sesh_args, **sesh_ap, *user_str = NULL; + const char **sesh_args, **sesh_ap; + char *user_str = NULL; int i, error, sesh_nargs, ret = 1; int tfd = -1; struct timespec ts; @@ -590,9 +592,9 @@ selinux_edit_copy_tfiles(struct command_details *command_details, if ((!check_dir && sesh_ap - sesh_args > 3) || (check_dir && sesh_ap - sesh_args > 5)) { /* Run sesh -e 1 ... */ - error = selinux_run_helper(command_details->cred.uid, command_details->cred.gid, - command_details->cred.ngroups, command_details->cred.groups, sesh_args, - command_details->envp); + error = selinux_run_helper(command_details->cred.uid, + command_details->cred.gid, command_details->cred.ngroups, + command_details->cred.groups, (char **)sesh_args, command_details->envp); switch (error) { case SESH_SUCCESS: ret = 0; diff --git a/src/sudo_intercept.c b/src/sudo_intercept.c index 8ba1fccca..97c612892 100644 --- a/src/sudo_intercept.c +++ b/src/sudo_intercept.c @@ -166,7 +166,7 @@ exec_wrapper(const char *cmnd, char * const argv[], char * const envp[], /* Fall back to exec via shell for execvp and friends. */ if (errno == ENOEXEC && is_execvp) { int argc; - char **shargv; + const char **shargv; for (argc = 0; argv[argc] != NULL; argc++) continue; @@ -176,7 +176,7 @@ exec_wrapper(const char *cmnd, char * const argv[], char * const envp[], shargv[0] = "sh"; shargv[1] = ncmnd; memcpy(shargv + 2, nargv + 1, argc * sizeof(char *)); - ((sudo_fn_execve_t)fn)(_PATH_SUDO_BSHELL, shargv, nenvp); + ((sudo_fn_execve_t)fn)(_PATH_SUDO_BSHELL, (char **)shargv, nenvp); free(shargv); } } else { @@ -225,7 +225,7 @@ execl_wrapper(int type, const char *name, const char *arg, va_list ap) static int system_wrapper(const char *cmnd) { - char * const argv[] = { "sh", "-c", (char *)cmnd, NULL }; + const char * const argv[] = { "sh", "-c", cmnd, NULL }; const char shell[] = _PATH_SUDO_BSHELL; struct sigaction saveint, savequit, sa; sigset_t mask, omask; @@ -253,7 +253,7 @@ system_wrapper(const char *cmnd) case 0: /* child */ if (sigprocmask(SIG_SETMASK, &omask, NULL) != -1) - exec_wrapper(shell, argv, environ, false); + exec_wrapper(shell, (char **)argv, environ, false); _exit(127); default: /* parent */