From 1f19a6b72bb26f8e86a84c8d4b2269b55d05483b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 17 Mar 2023 13:31:36 -0600 Subject: [PATCH] Pass around const struct sudoers_parse_tree pointers where possible. --- plugins/sudoers/alias.c | 7 +++--- plugins/sudoers/cvtsudoers.c | 2 +- plugins/sudoers/cvtsudoers.h | 8 +++---- plugins/sudoers/cvtsudoers_csv.c | 32 ++++++++++++++------------- plugins/sudoers/cvtsudoers_json.c | 34 ++++++++++++++++------------- plugins/sudoers/cvtsudoers_ldif.c | 20 ++++++++--------- plugins/sudoers/defaults.c | 4 ++-- plugins/sudoers/defaults.h | 4 ++-- plugins/sudoers/fmtsudoers.c | 10 ++++----- plugins/sudoers/fmtsudoers_cvt.c | 10 ++++----- plugins/sudoers/match.c | 31 +++++++++++++------------- plugins/sudoers/parse.h | 36 ++++++++++++++++--------------- 12 files changed, 104 insertions(+), 94 deletions(-) diff --git a/plugins/sudoers/alias.c b/plugins/sudoers/alias.c index d435400f7..09f086879 100644 --- a/plugins/sudoers/alias.c +++ b/plugins/sudoers/alias.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007-2019 + * Copyright (c) 2004-2005, 2007-2021, 2023 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -66,7 +66,8 @@ alias_compare(const void *v1, const void *v2) * alias to mark it as unused. */ struct alias * -alias_get(struct sudoers_parse_tree *parse_tree, const char *name, int type) +alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, + int type) { struct alias key; struct rbnode *node; @@ -197,7 +198,7 @@ alias_apply(struct sudoers_parse_tree *parse_tree, * Returns true if there are no aliases in the parse_tree, else false. */ bool -no_aliases(struct sudoers_parse_tree *parse_tree) +no_aliases(const struct sudoers_parse_tree *parse_tree) { debug_decl(no_aliases, SUDOERS_DEBUG_ALIAS); debug_return_bool(parse_tree->aliases == NULL || diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 7c5529867..f0e7bd594 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018-2021 Todd C. Miller + * Copyright (c) 2018-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above diff --git a/plugins/sudoers/cvtsudoers.h b/plugins/sudoers/cvtsudoers.h index 6aaaeb2fd..c0b9d8c77 100644 --- a/plugins/sudoers/cvtsudoers.h +++ b/plugins/sudoers/cvtsudoers.h @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018 Todd C. Miller + * Copyright (c) 2018, 2021-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -90,13 +90,13 @@ extern struct cvtsudoers_filter *filters; void log_warnx(const char *fmt, ...) sudo_printflike(1, 2); /* cvtsudoers_csv.c */ -bool convert_sudoers_csv(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); +bool convert_sudoers_csv(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); /* cvtsudoers_json.c */ -bool convert_sudoers_json(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); +bool convert_sudoers_json(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); /* cvtsudoers_ldif.c */ -bool convert_sudoers_ldif(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); +bool convert_sudoers_ldif(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf); /* cvtsudoers_merge.c */ struct sudoers_parse_tree *merge_sudoers(struct sudoers_parse_tree_list *parse_trees, struct sudoers_parse_tree *merged_tree); diff --git a/plugins/sudoers/cvtsudoers_csv.c b/plugins/sudoers/cvtsudoers_csv.c index aa96c5d63..d37da233f 100644 --- a/plugins/sudoers/cvtsudoers_csv.c +++ b/plugins/sudoers/cvtsudoers_csv.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2021 Todd C. Miller + * Copyright (c) 2021-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -36,7 +36,7 @@ #include "cvtsudoers.h" #include -static void print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases); +static void print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases); /* * Print sudoOptions from a defaults_list. @@ -206,8 +206,9 @@ format_cmnd(struct sudo_command *c, bool negated) * See print_member_int() in parse.c. */ static void -print_member_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name, - int type, bool negated, bool quoted, int alias_type, bool expand_aliases) +print_member_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, + char *name, int type, bool negated, bool quoted, int alias_type, + bool expand_aliases) { struct alias *a; char *str; @@ -258,7 +259,7 @@ print_member_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name, * See print_member_int() in parse.c. */ static void -print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases) { @@ -287,7 +288,8 @@ print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, * Print the binding for a Defaults entry of the specified type. */ static void -print_defaults_binding_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_defaults_binding_csv(FILE *fp, + const struct sudoers_parse_tree *parse_tree, struct defaults_binding *binding, int type, bool expand_aliases) { int alias_type; @@ -312,7 +314,7 @@ print_defaults_binding_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, * and boolean flags use true/false for the value. */ static bool -print_defaults_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_defaults_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, bool expand_aliases) { struct defaults *def; @@ -377,8 +379,7 @@ print_defaults_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, * Callback for alias_apply() to print an alias entry. */ static int -print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v -) +print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v) { FILE *fp = v; const char *title; @@ -400,7 +401,7 @@ print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v * Print all aliases in CSV format: */ static bool -print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree) +print_aliases_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree) { debug_decl(print_aliases_csv, SUDOERS_DEBUG_UTIL); @@ -410,7 +411,8 @@ print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree) /* Heading line. */ fputs("alias_type,alias_name,members\n", fp); - alias_apply(parse_tree, print_alias_csv, fp); + /* print_alias_csv() does not modify parse_tree. */ + alias_apply((struct sudoers_parse_tree *)parse_tree, print_alias_csv, fp); putc('\n', fp); debug_return_bool(true); @@ -420,7 +422,7 @@ print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree) * Print a Cmnd_Spec in CSV format. */ static void -print_cmndspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_cmndspec_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec **nextp, struct defaults_list *options, bool expand_aliases) { @@ -626,7 +628,7 @@ print_cmndspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, * Print a single User_Spec. */ static bool -print_userspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_userspec_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases) { struct privilege *priv; @@ -660,7 +662,7 @@ print_userspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, * Print User_Specs. */ static bool -print_userspecs_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_userspecs_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, bool expand_aliases) { struct userspec *us; @@ -683,7 +685,7 @@ print_userspecs_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, * Export the parsed sudoers file in CSV format. */ bool -convert_sudoers_csv(struct sudoers_parse_tree *parse_tree, +convert_sudoers_csv(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf) { bool ret = true; diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c index 9fc56e39b..40c351a73 100644 --- a/plugins/sudoers/cvtsudoers_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2013-2021 Todd C. Miller + * Copyright (c) 2013-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -156,8 +156,8 @@ defaults_to_word_type(int defaults_type) */ static void print_member_json_int(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, char *name, int type, bool negated, - enum word_type word_type, bool expand_aliases) + const struct sudoers_parse_tree *parse_tree, char *name, int type, + bool negated, enum word_type word_type, bool expand_aliases) { struct json_value value; const char *typestr = NULL; @@ -330,7 +330,7 @@ print_member_json_int(struct json_container *jsonc, static void print_member_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, struct member *m, + const struct sudoers_parse_tree *parse_tree, struct member *m, enum word_type word_type, bool expand_aliases) { print_member_json_int(jsonc, parse_tree, m->name, m->type, m->negated, @@ -342,7 +342,8 @@ print_member_json(struct json_container *jsonc, * the type specified in the closure. */ static int -print_alias_json(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v) +print_alias_json(struct sudoers_parse_tree *parse_tree, struct alias *a, + void *v) { struct json_alias_closure *closure = v; struct member *m; @@ -371,8 +372,8 @@ print_alias_json(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v */ static void print_binding_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, struct defaults_binding *binding, - int type, bool expand_aliases) + const struct sudoers_parse_tree *parse_tree, + struct defaults_binding *binding, int type, bool expand_aliases) { struct member *m; debug_decl(print_binding_json, SUDOERS_DEBUG_UTIL); @@ -462,7 +463,7 @@ get_defaults_type(struct defaults *def) */ static void print_defaults_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, bool expand_aliases) + const struct sudoers_parse_tree *parse_tree, bool expand_aliases) { struct json_value value; struct defaults *def, *next; @@ -534,16 +535,19 @@ print_defaults_json(struct json_container *jsonc, */ static void print_aliases_by_type_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, int alias_type, const char *title) + const struct sudoers_parse_tree *parse_tree, int alias_type, + const char *title) { struct json_alias_closure closure; debug_decl(print_aliases_by_type_json, SUDOERS_DEBUG_UTIL); + /* print_alias_json() does not modify parse_tree. */ closure.jsonc = jsonc; closure.count = 0; closure.alias_type = alias_type; closure.title = title; - alias_apply(parse_tree, print_alias_json, &closure); + alias_apply((struct sudoers_parse_tree *)parse_tree, print_alias_json, + &closure); if (closure.count != 0) { sudo_json_close_array(jsonc); sudo_json_close_object(jsonc); @@ -557,7 +561,7 @@ print_aliases_by_type_json(struct json_container *jsonc, */ static void print_aliases_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree) + const struct sudoers_parse_tree *parse_tree) { debug_decl(print_aliases_json, SUDOERS_DEBUG_UTIL); @@ -595,7 +599,7 @@ cmndspec_continues(struct cmndspec *cs, struct cmndspec *next) */ static void print_cmndspec_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, + const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec **nextp, struct defaults_list *options, bool expand_aliases) { char timebuf[sizeof("20120727121554Z")]; @@ -814,7 +818,7 @@ print_cmndspec_json(struct json_container *jsonc, */ static void print_userspec_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, struct userspec *us, + const struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases) { struct privilege *priv; @@ -864,7 +868,7 @@ print_userspec_json(struct json_container *jsonc, static void print_userspecs_json(struct json_container *jsonc, - struct sudoers_parse_tree *parse_tree, bool expand_aliases) + const struct sudoers_parse_tree *parse_tree, bool expand_aliases) { struct userspec *us; debug_decl(print_userspecs_json, SUDOERS_DEBUG_UTIL); @@ -885,7 +889,7 @@ print_userspecs_json(struct json_container *jsonc, * Export the parsed sudoers file in JSON format. */ bool -convert_sudoers_json(struct sudoers_parse_tree *parse_tree, +convert_sudoers_json(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf) { struct json_container jsonc; diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index 9be75e504..41962aa7b 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2018-2021 Todd C. Miller + * Copyright (c) 2018-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -126,7 +126,7 @@ print_attribute_ldif(FILE *fp, const char *name, const char *value) * Print sudoOptions from a defaults_list. */ static bool -print_options_ldif(FILE *fp, struct defaults_list *options) +print_options_ldif(FILE *fp, const struct defaults_list *options) { struct defaults *opt; char *attr_val; @@ -161,8 +161,8 @@ print_options_ldif(FILE *fp, struct defaults_list *options) * Print global Defaults in a single sudoRole object. */ static bool -print_global_defaults_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, - const char *base) +print_global_defaults_ldif(FILE *fp, + const struct sudoers_parse_tree *parse_tree, const char *base) { unsigned int count = 0; struct sudo_lbuf lbuf; @@ -258,8 +258,8 @@ format_cmnd(struct sudo_command *c, bool negated) * See print_member_int() in parse.c. */ static void -print_member_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name, - int type, bool negated, int alias_type, const char *attr_name) +print_member_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree, + char *name, int type, bool negated, int alias_type, const char *attr_name) { struct alias *a; struct member *m; @@ -313,7 +313,7 @@ print_member_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name, * merge adjacent entries that are identical in all but the command. */ static void -print_cmndspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_cmndspec_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec **nextp, struct defaults_list *options) { char timebuf[sizeof("20120727121554Z")]; @@ -607,7 +607,7 @@ bad: * Print a single User_Spec. */ static bool -print_userspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_userspec_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct userspec *us, struct cvtsudoers_config *conf) { struct privilege *priv; @@ -676,7 +676,7 @@ print_userspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, * Print User_Specs. */ static bool -print_userspecs_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, +print_userspecs_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct cvtsudoers_config *conf) { struct userspec *us; @@ -693,7 +693,7 @@ print_userspecs_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, * Export the parsed sudoers file in LDIF format. */ bool -convert_sudoers_ldif(struct sudoers_parse_tree *parse_tree, +convert_sudoers_ldif(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf) { bool ret = true; diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index e90be1f64..70adb4621 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2005, 2007-2022 + * Copyright (c) 1999-2005, 2007-2023 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -800,7 +800,7 @@ update_defaults(struct sudoers_parse_tree *parse_tree, * Check all defaults entries without actually setting them. */ bool -check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet) +check_defaults(const struct sudoers_parse_tree *parse_tree, bool quiet) { struct defaults *d; bool ret = true; diff --git a/plugins/sudoers/defaults.h b/plugins/sudoers/defaults.h index f0bf88ebf..bff850b9c 100644 --- a/plugins/sudoers/defaults.h +++ b/plugins/sudoers/defaults.h @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1999-2005, 2008-2022 + * Copyright (c) 1999-2005, 2008-2023 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -145,7 +145,7 @@ void dump_default(void); bool init_defaults(void); bool set_default(const char *var, const char *val, int op, const char *file, int line, int column, bool quiet); bool update_defaults(struct sudoers_parse_tree *parse_tree, struct defaults_list *defs, int what, bool quiet); -bool check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet); +bool check_defaults(const struct sudoers_parse_tree *parse_tree, bool quiet); bool append_default(const char *var, const char *val, int op, char *source, struct defaults_list *defs); bool cb_passprompt_regex(const char *file, int line, int column, const union sudo_defs_val *sd_un, int op); diff --git a/plugins/sudoers/fmtsudoers.c b/plugins/sudoers/fmtsudoers.c index 8f0ab0539..5fd042732 100644 --- a/plugins/sudoers/fmtsudoers.c +++ b/plugins/sudoers/fmtsudoers.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007-2021 Todd C. Miller + * Copyright (c) 2004-2005, 2007-2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -40,8 +40,8 @@ */ static bool sudoers_format_member_int(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, char *name, int type, bool negated, - const char *separator, int alias_type) + const struct sudoers_parse_tree *parse_tree, char *name, int type, + bool negated, const char *separator, int alias_type) { struct alias *a; struct member *m; @@ -136,7 +136,7 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf, bool sudoers_format_member(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, struct member *m, + const struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, int alias_type) { return sudoers_format_member_int(lbuf, parse_tree, m->name, m->type, @@ -222,7 +222,7 @@ sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags) */ bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, + const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases) { debug_decl(sudoers_format_cmndspec, SUDOERS_DEBUG_UTIL); diff --git a/plugins/sudoers/fmtsudoers_cvt.c b/plugins/sudoers/fmtsudoers_cvt.c index ad750fa10..9f683da22 100644 --- a/plugins/sudoers/fmtsudoers_cvt.c +++ b/plugins/sudoers/fmtsudoers_cvt.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2004-2005, 2007-2020 Todd C. Miller + * Copyright (c) 2004-2005, 2007-2021, 2023 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -37,7 +37,7 @@ */ bool sudoers_format_privilege(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, struct privilege *priv, + const struct sudoers_parse_tree *parse_tree, struct privilege *priv, bool expand_aliases) { struct cmndspec *cs, *prev_cs; @@ -100,7 +100,7 @@ sudoers_format_privilege(struct sudo_lbuf *lbuf, */ bool sudoers_format_userspec(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, + const struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases) { struct privilege *priv; @@ -139,7 +139,7 @@ sudoers_format_userspec(struct sudo_lbuf *lbuf, */ bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, const char *separator, + const struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush) { struct userspec *us; @@ -164,7 +164,7 @@ sudoers_format_userspecs(struct sudo_lbuf *lbuf, */ bool sudoers_format_default_line(struct sudo_lbuf *lbuf, - struct sudoers_parse_tree *parse_tree, struct defaults *d, + const struct sudoers_parse_tree *parse_tree, struct defaults *d, struct defaults **next, bool expand_aliases) { struct member *m; diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index 40cc87b47..0d0a70858 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -65,8 +65,8 @@ static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty); * Returns ALLOW, DENY or UNSPEC. */ int -user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, - const struct member *m) +user_matches(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const struct member *m) { const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost; const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost; @@ -111,8 +111,8 @@ user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, * Returns ALLOW, DENY or UNSPEC. */ int -userlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, - const struct member_list *list) +userlist_matches(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const struct member_list *list) { struct member *m; int matched = UNSPEC; @@ -147,7 +147,7 @@ runas_getgroups(void) * Returns ALLOW, DENY or UNSPEC. */ int -runaslist_matches(struct sudoers_parse_tree *parse_tree, +runaslist_matches(const struct sudoers_parse_tree *parse_tree, const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group) { @@ -285,7 +285,7 @@ runaslist_matches(struct sudoers_parse_tree *parse_tree, * Returns ALLOW, DENY or UNSPEC. */ static int -hostlist_matches_int(struct sudoers_parse_tree *parse_tree, +hostlist_matches_int(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const char *lhost, const char *shost, const struct member_list *list) { @@ -306,8 +306,8 @@ hostlist_matches_int(struct sudoers_parse_tree *parse_tree, * Returns ALLOW, DENY or UNSPEC. */ int -hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, - const struct member_list *list) +hostlist_matches(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const struct member_list *list) { const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost; const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost; @@ -320,8 +320,9 @@ hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, * Returns ALLOW, DENY or UNSPEC. */ int -host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, - const char *lhost, const char *shost, const struct member *m) +host_matches(const struct sudoers_parse_tree *parse_tree, + const struct passwd *pw, const char *lhost, const char *shost, + const struct member *m) { struct alias *a; int matched = UNSPEC; @@ -369,7 +370,7 @@ host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, * Returns ALLOW, DENY or UNSPEC. */ int -cmndlist_matches(struct sudoers_parse_tree *parse_tree, +cmndlist_matches(const struct sudoers_parse_tree *parse_tree, const struct member_list *list, const char *runchroot, struct cmnd_info *info) { @@ -390,8 +391,8 @@ cmndlist_matches(struct sudoers_parse_tree *parse_tree, * Returns ALLOW, DENY or UNSPEC. */ int -cmnd_matches(struct sudoers_parse_tree *parse_tree, const struct member *m, - const char *runchroot, struct cmnd_info *info) +cmnd_matches(const struct sudoers_parse_tree *parse_tree, + const struct member *m, const char *runchroot, struct cmnd_info *info) { struct alias *a; struct sudo_command *c; @@ -423,8 +424,8 @@ cmnd_matches(struct sudoers_parse_tree *parse_tree, const struct member *m, * Returns ALLOW, DENY or UNSPEC. */ int -cmnd_matches_all(struct sudoers_parse_tree *parse_tree, const struct member *m, - const char *runchroot, struct cmnd_info *info) +cmnd_matches_all(const struct sudoers_parse_tree *parse_tree, + const struct member *m, const char *runchroot, struct cmnd_info *info) { const bool negated = m->negated; struct sudo_command *c; diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 1ef950db0..4952855c6 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2000, 2004, 2007-2022 + * Copyright (c) 1996, 1998-2000, 2004, 2007-2023 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -356,10 +356,10 @@ SLIST_HEAD(parser_leak_list, parser_leak_entry); /* alias.c */ struct rbtree *alloc_aliases(void); void free_aliases(struct rbtree *aliases); -bool no_aliases(struct sudoers_parse_tree *parse_tree); +bool no_aliases(const struct sudoers_parse_tree *parse_tree); bool alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type, char *file, int line, int column, struct member *members); const char *alias_type_to_string(int alias_type); -struct alias *alias_get(struct sudoers_parse_tree *parse_tree, const char *name, int type); +struct alias *alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, int type); struct alias *alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, int type); bool alias_find_used(struct sudoers_parse_tree *parse_tree, struct rbtree *used_aliases); void alias_apply(struct sudoers_parse_tree *parse_tree, int (*func)(struct sudoers_parse_tree *, struct alias *, void *), void *cookie); @@ -406,14 +406,14 @@ bool hostname_matches(const char *shost, const char *lhost, const char *pattern) bool netgr_matches(struct sudo_nss *nss, const char *netgr, const char *lhost, const char *shost, const char *user); bool usergr_matches(const char *group, const char *user, const struct passwd *pw); bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw); -int cmnd_matches(struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info); -int cmnd_matches_all(struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info); -int cmndlist_matches(struct sudoers_parse_tree *parse_tree, const struct member_list *list, const char *runchroot, struct cmnd_info *info); -int host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const char *host, const char *shost, const struct member *m); -int hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list); -int runaslist_matches(struct sudoers_parse_tree *parse_tree, const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group); -int user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member *m); -int userlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list); +int cmnd_matches(const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info); +int cmnd_matches_all(const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info); +int cmndlist_matches(const struct sudoers_parse_tree *parse_tree, const struct member_list *list, const char *runchroot, struct cmnd_info *info); +int host_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const char *host, const char *shost, const struct member *m); +int hostlist_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list); +int runaslist_matches(const struct sudoers_parse_tree *parse_tree, const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group); +int user_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member *m); +int userlist_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list); const char *sudo_getdomainname(void); struct gid_list *runas_getgroups(void); @@ -447,14 +447,16 @@ bool sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, FILE *fp, const c /* fmtsudoers.c */ struct sudo_lbuf; -bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases); +bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases); bool sudoers_format_default(struct sudo_lbuf *lbuf, struct defaults *d); -bool sudoers_format_default_line(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct defaults *d, struct defaults **next, bool expand_aliases); -bool sudoers_format_member(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, int alias_type); -bool sudoers_format_privilege(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct privilege *priv, bool expand_aliases); -bool sudoers_format_userspec(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases); -bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush); +bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, int alias_type); bool sudoers_defaults_to_tags(const char *var, const char *val, int op, struct cmndtag *tags); bool sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags); +/* fmtsudoers_cvt.c */ +bool sudoers_format_privilege(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct privilege *priv, bool expand_aliases); +bool sudoers_format_userspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases); +bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush); +bool sudoers_format_default_line(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct defaults *d, struct defaults **next, bool expand_aliases); + #endif /* SUDOERS_PARSE_H */