Pass around const struct sudoers_parse_tree pointers where possible.

plugins/sudoers/alias.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2004-2005, 2007-2019
+ * Copyright (c) 2004-2005, 2007-2021, 2023
  *	Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -66,7 +66,8 @@ alias_compare(const void *v1, const void *v2)
  * alias to mark it as unused.
  */
 struct alias *
-alias_get(struct sudoers_parse_tree *parse_tree, const char *name, int type)
+alias_get(const struct sudoers_parse_tree *parse_tree, const char *name,
+    int type)
 {
     struct alias key;
     struct rbnode *node;
@@ -197,7 +198,7 @@ alias_apply(struct sudoers_parse_tree *parse_tree,
  * Returns true if there are no aliases in the parse_tree, else false.
  */
 bool
-no_aliases(struct sudoers_parse_tree *parse_tree)
+no_aliases(const struct sudoers_parse_tree *parse_tree)
 {
     debug_decl(no_aliases, SUDOERS_DEBUG_ALIAS);
     debug_return_bool(parse_tree->aliases == NULL ||

plugins/sudoers/cvtsudoers.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2018-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2018-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above

plugins/sudoers/cvtsudoers.h

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2018, 2021-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -90,13 +90,13 @@ extern struct cvtsudoers_filter *filters;
 void log_warnx(const char *fmt, ...) sudo_printflike(1, 2);
 
 /* cvtsudoers_csv.c */
-bool convert_sudoers_csv(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf);
+bool convert_sudoers_csv(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf);
 
 /* cvtsudoers_json.c */
-bool convert_sudoers_json(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf);
+bool convert_sudoers_json(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf);
 
 /* cvtsudoers_ldif.c */
-bool convert_sudoers_ldif(struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf);
+bool convert_sudoers_ldif(const struct sudoers_parse_tree *parse_tree, const char *output_file, struct cvtsudoers_config *conf);
 
 /* cvtsudoers_merge.c */
 struct sudoers_parse_tree *merge_sudoers(struct sudoers_parse_tree_list *parse_trees, struct sudoers_parse_tree *merged_tree);

plugins/sudoers/cvtsudoers_csv.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -36,7 +36,7 @@
 #include "cvtsudoers.h"
 #include <gram.h>
 
-static void print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases);
+static void print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree, struct member_list *members, bool negated, int alias_type, bool expand_aliases);
 
 /*
  * Print sudoOptions from a defaults_list.
@@ -206,8 +206,9 @@ format_cmnd(struct sudo_command *c, bool negated)
  * See print_member_int() in parse.c.
  */
 static void
-print_member_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name,
+print_member_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree,
-    int type, bool negated, bool quoted, int alias_type, bool expand_aliases)
+    char *name, int type, bool negated, bool quoted, int alias_type,
+    bool expand_aliases)
 {
     struct alias *a;
     char *str;
@@ -258,7 +259,7 @@ print_member_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name,
  * See print_member_int() in parse.c.
  */
 static void
-print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_member_list_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     struct member_list *members, bool negated, int alias_type,
     bool expand_aliases)
 {
@@ -287,7 +288,8 @@ print_member_list_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Print the binding for a Defaults entry of the specified type.
  */
 static void
-print_defaults_binding_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_defaults_binding_csv(FILE *fp,
+    const struct sudoers_parse_tree *parse_tree,
      struct defaults_binding *binding, int type, bool expand_aliases)
 {
     int alias_type;
@@ -312,7 +314,7 @@ print_defaults_binding_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * and boolean flags use true/false for the value.
  */
 static bool
-print_defaults_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_defaults_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     bool expand_aliases)
 {
     struct defaults *def;
@@ -377,8 +379,7 @@ print_defaults_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Callback for alias_apply() to print an alias entry.
  */
 static int
-print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v
+print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v)
-)
 {
     FILE *fp = v;
     const char *title;
@@ -400,7 +401,7 @@ print_alias_csv(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v
  * Print all aliases in CSV format:
  */
 static bool
-print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree)
+print_aliases_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree)
 {
     debug_decl(print_aliases_csv, SUDOERS_DEBUG_UTIL);
 
@@ -410,7 +411,8 @@ print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree)
     /* Heading line. */
     fputs("alias_type,alias_name,members\n", fp);
 
-    alias_apply(parse_tree, print_alias_csv, fp);
+    /* print_alias_csv() does not modify parse_tree. */
+    alias_apply((struct sudoers_parse_tree *)parse_tree, print_alias_csv, fp);
     putc('\n', fp);
 
     debug_return_bool(true);
@@ -420,7 +422,7 @@ print_aliases_csv(FILE *fp, struct sudoers_parse_tree *parse_tree)
  * Print a Cmnd_Spec in CSV format.
  */
 static void
-print_cmndspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_cmndspec_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     struct cmndspec *cs, struct cmndspec **nextp,
     struct defaults_list *options, bool expand_aliases)
 {
@@ -626,7 +628,7 @@ print_cmndspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Print a single User_Spec.
  */
 static bool
-print_userspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_userspec_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     struct userspec *us, bool expand_aliases)
 {
     struct privilege *priv;
@@ -660,7 +662,7 @@ print_userspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Print User_Specs.
  */
 static bool
-print_userspecs_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_userspecs_csv(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     bool expand_aliases)
 {
     struct userspec *us;
@@ -683,7 +685,7 @@ print_userspecs_csv(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Export the parsed sudoers file in CSV format.
  */
 bool
-convert_sudoers_csv(struct sudoers_parse_tree *parse_tree,
+convert_sudoers_csv(const struct sudoers_parse_tree *parse_tree,
     const char *output_file, struct cvtsudoers_config *conf)
 {
     bool ret = true;

plugins/sudoers/cvtsudoers_json.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2013-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2013-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -156,8 +156,8 @@ defaults_to_word_type(int defaults_type)
  */
 static void
 print_member_json_int(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, char *name, int type, bool negated,
+    const struct sudoers_parse_tree *parse_tree, char *name, int type,
-    enum word_type word_type, bool expand_aliases)
+    bool negated, enum word_type word_type, bool expand_aliases)
 {
     struct json_value value;
     const char *typestr = NULL;
@@ -330,7 +330,7 @@ print_member_json_int(struct json_container *jsonc,
 
 static void
 print_member_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, struct member *m,
+    const struct sudoers_parse_tree *parse_tree, struct member *m,
     enum word_type word_type, bool expand_aliases)
 {
     print_member_json_int(jsonc, parse_tree, m->name, m->type, m->negated,
@@ -342,7 +342,8 @@ print_member_json(struct json_container *jsonc,
  * the type specified in the closure.
  */
 static int
-print_alias_json(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v)
+print_alias_json(struct sudoers_parse_tree *parse_tree, struct alias *a,
+    void *v)
 {
     struct json_alias_closure *closure = v;
     struct member *m;
@@ -371,8 +372,8 @@ print_alias_json(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v
  */
 static void
 print_binding_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, struct defaults_binding *binding,
+    const struct sudoers_parse_tree *parse_tree,
-    int type, bool expand_aliases)
+    struct defaults_binding *binding, int type, bool expand_aliases)
 {
     struct member *m;
     debug_decl(print_binding_json, SUDOERS_DEBUG_UTIL);
@@ -462,7 +463,7 @@ get_defaults_type(struct defaults *def)
  */
 static void
 print_defaults_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, bool expand_aliases)
+    const struct sudoers_parse_tree *parse_tree, bool expand_aliases)
 {
     struct json_value value;
     struct defaults *def, *next;
@@ -534,16 +535,19 @@ print_defaults_json(struct json_container *jsonc,
  */
 static void
 print_aliases_by_type_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, int alias_type, const char *title)
+    const struct sudoers_parse_tree *parse_tree, int alias_type,
+    const char *title)
 {
     struct json_alias_closure closure;
     debug_decl(print_aliases_by_type_json, SUDOERS_DEBUG_UTIL);
 
+    /* print_alias_json() does not modify parse_tree. */
     closure.jsonc = jsonc;
     closure.count = 0;
     closure.alias_type = alias_type;
     closure.title = title;
-    alias_apply(parse_tree, print_alias_json, &closure);
+    alias_apply((struct sudoers_parse_tree *)parse_tree, print_alias_json,
+	&closure);
     if (closure.count != 0) {
 	sudo_json_close_array(jsonc);
 	sudo_json_close_object(jsonc);
@@ -557,7 +561,7 @@ print_aliases_by_type_json(struct json_container *jsonc,
  */
 static void
 print_aliases_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree)
+    const struct sudoers_parse_tree *parse_tree)
 {
     debug_decl(print_aliases_json, SUDOERS_DEBUG_UTIL);
 
@@ -595,7 +599,7 @@ cmndspec_continues(struct cmndspec *cs, struct cmndspec *next)
  */
 static void
 print_cmndspec_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, struct cmndspec *cs,
+    const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs,
     struct cmndspec **nextp, struct defaults_list *options, bool expand_aliases)
 {
     char timebuf[sizeof("20120727121554Z")];
@@ -814,7 +818,7 @@ print_cmndspec_json(struct json_container *jsonc,
  */
 static void
 print_userspec_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, struct userspec *us,
+    const struct sudoers_parse_tree *parse_tree, struct userspec *us,
     bool expand_aliases)
 {
     struct privilege *priv;
@@ -864,7 +868,7 @@ print_userspec_json(struct json_container *jsonc,
 
 static void
 print_userspecs_json(struct json_container *jsonc,
-    struct sudoers_parse_tree *parse_tree, bool expand_aliases)
+    const struct sudoers_parse_tree *parse_tree, bool expand_aliases)
 {
     struct userspec *us;
     debug_decl(print_userspecs_json, SUDOERS_DEBUG_UTIL);
@@ -885,7 +889,7 @@ print_userspecs_json(struct json_container *jsonc,
  * Export the parsed sudoers file in JSON format.
  */
 bool
-convert_sudoers_json(struct sudoers_parse_tree *parse_tree,
+convert_sudoers_json(const struct sudoers_parse_tree *parse_tree,
     const char *output_file, struct cvtsudoers_config *conf)
 {
     struct json_container jsonc;

plugins/sudoers/cvtsudoers_ldif.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2018-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2018-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -126,7 +126,7 @@ print_attribute_ldif(FILE *fp, const char *name, const char *value)
  * Print sudoOptions from a defaults_list.
  */
 static bool
-print_options_ldif(FILE *fp, struct defaults_list *options)
+print_options_ldif(FILE *fp, const struct defaults_list *options)
 {
     struct defaults *opt;
     char *attr_val;
@@ -161,8 +161,8 @@ print_options_ldif(FILE *fp, struct defaults_list *options)
  * Print global Defaults in a single sudoRole object.
  */
 static bool
-print_global_defaults_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_global_defaults_ldif(FILE *fp,
-    const char *base)
+    const struct sudoers_parse_tree *parse_tree, const char *base)
 {
     unsigned int count = 0;
     struct sudo_lbuf lbuf;
@@ -258,8 +258,8 @@ format_cmnd(struct sudo_command *c, bool negated)
  * See print_member_int() in parse.c.
  */
 static void
-print_member_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name,
+print_member_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree,
-    int type, bool negated, int alias_type, const char *attr_name)
+    char *name, int type, bool negated, int alias_type, const char *attr_name)
 {
     struct alias *a;
     struct member *m;
@@ -313,7 +313,7 @@ print_member_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, char *name,
  * merge adjacent entries that are identical in all but the command.
  */
 static void
-print_cmndspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_cmndspec_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     struct cmndspec *cs, struct cmndspec **nextp, struct defaults_list *options)
 {
     char timebuf[sizeof("20120727121554Z")];
@@ -607,7 +607,7 @@ bad:
  * Print a single User_Spec.
  */
 static bool
-print_userspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_userspec_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     struct userspec *us, struct cvtsudoers_config *conf)
 {
     struct privilege *priv;
@@ -676,7 +676,7 @@ print_userspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Print User_Specs.
  */
 static bool
-print_userspecs_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree,
+print_userspecs_ldif(FILE *fp, const struct sudoers_parse_tree *parse_tree,
     struct cvtsudoers_config *conf)
 {
     struct userspec *us;
@@ -693,7 +693,7 @@ print_userspecs_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree,
  * Export the parsed sudoers file in LDIF format.
  */
 bool
-convert_sudoers_ldif(struct sudoers_parse_tree *parse_tree,
+convert_sudoers_ldif(const struct sudoers_parse_tree *parse_tree,
     const char *output_file, struct cvtsudoers_config *conf)
 {
     bool ret = true;

plugins/sudoers/defaults.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1999-2005, 2007-2022
+ * Copyright (c) 1999-2005, 2007-2023
  *	Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -800,7 +800,7 @@ update_defaults(struct sudoers_parse_tree *parse_tree,
  * Check all defaults entries without actually setting them.
  */
 bool
-check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet)
+check_defaults(const struct sudoers_parse_tree *parse_tree, bool quiet)
 {
     struct defaults *d;
     bool ret = true;

plugins/sudoers/defaults.h

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1999-2005, 2008-2022
+ * Copyright (c) 1999-2005, 2008-2023
  *	Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -145,7 +145,7 @@ void dump_default(void);
 bool init_defaults(void);
 bool set_default(const char *var, const char *val, int op, const char *file, int line, int column, bool quiet);
 bool update_defaults(struct sudoers_parse_tree *parse_tree, struct defaults_list *defs, int what, bool quiet);
-bool check_defaults(struct sudoers_parse_tree *parse_tree, bool quiet);
+bool check_defaults(const struct sudoers_parse_tree *parse_tree, bool quiet);
 bool append_default(const char *var, const char *val, int op, char *source, struct defaults_list *defs);
 bool cb_passprompt_regex(const char *file, int line, int column, const union sudo_defs_val *sd_un, int op);
 

plugins/sudoers/fmtsudoers.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2004-2005, 2007-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2004-2005, 2007-2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -40,8 +40,8 @@
  */
 static bool
 sudoers_format_member_int(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree, char *name, int type, bool negated,
+    const struct sudoers_parse_tree *parse_tree, char *name, int type,
-    const char *separator, int alias_type)
+    bool negated, const char *separator, int alias_type)
 {
     struct alias *a;
     struct member *m;
@@ -136,7 +136,7 @@ sudoers_format_member_int(struct sudo_lbuf *lbuf,
 
 bool
 sudoers_format_member(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree, struct member *m,
+    const struct sudoers_parse_tree *parse_tree, struct member *m,
     const char *separator, int alias_type)
 {
     return sudoers_format_member_int(lbuf, parse_tree, m->name, m->type,
@@ -222,7 +222,7 @@ sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags)
  */
 bool
 sudoers_format_cmndspec(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree, struct cmndspec *cs,
+    const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs,
     struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases)
 {
     debug_decl(sudoers_format_cmndspec, SUDOERS_DEBUG_UTIL);

plugins/sudoers/fmtsudoers_cvt.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2004-2005, 2007-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2004-2005, 2007-2021, 2023 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -37,7 +37,7 @@
  */
 bool
 sudoers_format_privilege(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree, struct privilege *priv,
+    const struct sudoers_parse_tree *parse_tree, struct privilege *priv,
     bool expand_aliases)
 {
     struct cmndspec *cs, *prev_cs;
@@ -100,7 +100,7 @@ sudoers_format_privilege(struct sudo_lbuf *lbuf,
  */
 bool
 sudoers_format_userspec(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree,
+    const struct sudoers_parse_tree *parse_tree,
     struct userspec *us, bool expand_aliases)
 {
     struct privilege *priv;
@@ -139,7 +139,7 @@ sudoers_format_userspec(struct sudo_lbuf *lbuf,
  */
 bool
 sudoers_format_userspecs(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree, const char *separator,
+    const struct sudoers_parse_tree *parse_tree, const char *separator,
     bool expand_aliases, bool flush)
 {
     struct userspec *us;
@@ -164,7 +164,7 @@ sudoers_format_userspecs(struct sudo_lbuf *lbuf,
  */
 bool
 sudoers_format_default_line(struct sudo_lbuf *lbuf,
-    struct sudoers_parse_tree *parse_tree, struct defaults *d,
+    const struct sudoers_parse_tree *parse_tree, struct defaults *d,
     struct defaults **next, bool expand_aliases)
 {
     struct member *m;

plugins/sudoers/match.c

@@ -65,8 +65,8 @@ static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty);
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
+user_matches(const struct sudoers_parse_tree *parse_tree,
-    const struct member *m)
+    const struct passwd *pw, const struct member *m)
 {
     const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost;
     const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost;
@@ -111,8 +111,8 @@ user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-userlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
+userlist_matches(const struct sudoers_parse_tree *parse_tree,
-    const struct member_list *list)
+    const struct passwd *pw, const struct member_list *list)
 {
     struct member *m;
     int matched = UNSPEC;
@@ -147,7 +147,7 @@ runas_getgroups(void)
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-runaslist_matches(struct sudoers_parse_tree *parse_tree,
+runaslist_matches(const struct sudoers_parse_tree *parse_tree,
     const struct member_list *user_list, const struct member_list *group_list,
     struct member **matching_user, struct member **matching_group)
 {
@@ -285,7 +285,7 @@ runaslist_matches(struct sudoers_parse_tree *parse_tree,
  * Returns ALLOW, DENY or UNSPEC.
  */
 static int
-hostlist_matches_int(struct sudoers_parse_tree *parse_tree,
+hostlist_matches_int(const struct sudoers_parse_tree *parse_tree,
     const struct passwd *pw, const char *lhost, const char *shost,
     const struct member_list *list)
 {
@@ -306,8 +306,8 @@ hostlist_matches_int(struct sudoers_parse_tree *parse_tree,
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
+hostlist_matches(const struct sudoers_parse_tree *parse_tree,
-    const struct member_list *list)
+    const struct passwd *pw, const struct member_list *list)
 {
     const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost;
     const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost;
@@ -320,8 +320,9 @@ hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
+host_matches(const struct sudoers_parse_tree *parse_tree,
-    const char *lhost, const char *shost, const struct member *m)
+    const struct passwd *pw, const char *lhost, const char *shost,
+    const struct member *m)
 {
     struct alias *a;
     int matched = UNSPEC;
@@ -369,7 +370,7 @@ host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-cmndlist_matches(struct sudoers_parse_tree *parse_tree,
+cmndlist_matches(const struct sudoers_parse_tree *parse_tree,
     const struct member_list *list, const char *runchroot,
     struct cmnd_info *info)
 {
@@ -390,8 +391,8 @@ cmndlist_matches(struct sudoers_parse_tree *parse_tree,
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-cmnd_matches(struct sudoers_parse_tree *parse_tree, const struct member *m,
+cmnd_matches(const struct sudoers_parse_tree *parse_tree,
-    const char *runchroot, struct cmnd_info *info)
+    const struct member *m, const char *runchroot, struct cmnd_info *info)
 {
     struct alias *a;
     struct sudo_command *c;
@@ -423,8 +424,8 @@ cmnd_matches(struct sudoers_parse_tree *parse_tree, const struct member *m,
  * Returns ALLOW, DENY or UNSPEC.
  */
 int
-cmnd_matches_all(struct sudoers_parse_tree *parse_tree, const struct member *m,
+cmnd_matches_all(const struct sudoers_parse_tree *parse_tree,
-    const char *runchroot, struct cmnd_info *info)
+    const struct member *m, const char *runchroot, struct cmnd_info *info)
 {
     const bool negated = m->negated;
     struct sudo_command *c;

plugins/sudoers/parse.h

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 1996, 1998-2000, 2004, 2007-2022
+ * Copyright (c) 1996, 1998-2000, 2004, 2007-2023
  *	Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -356,10 +356,10 @@ SLIST_HEAD(parser_leak_list, parser_leak_entry);
 /* alias.c */
 struct rbtree *alloc_aliases(void);
 void free_aliases(struct rbtree *aliases);
-bool no_aliases(struct sudoers_parse_tree *parse_tree);
+bool no_aliases(const struct sudoers_parse_tree *parse_tree);
 bool alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type, char *file, int line, int column, struct member *members);
 const char *alias_type_to_string(int alias_type);
-struct alias *alias_get(struct sudoers_parse_tree *parse_tree, const char *name, int type);
+struct alias *alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, int type);
 struct alias *alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, int type);
 bool alias_find_used(struct sudoers_parse_tree *parse_tree, struct rbtree *used_aliases);
 void alias_apply(struct sudoers_parse_tree *parse_tree, int (*func)(struct sudoers_parse_tree *, struct alias *, void *), void *cookie);
@@ -406,14 +406,14 @@ bool hostname_matches(const char *shost, const char *lhost, const char *pattern)
 bool netgr_matches(struct sudo_nss *nss, const char *netgr, const char *lhost, const char *shost, const char *user);
 bool usergr_matches(const char *group, const char *user, const struct passwd *pw);
 bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw);
-int cmnd_matches(struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info);
+int cmnd_matches(const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info);
-int cmnd_matches_all(struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info);
+int cmnd_matches_all(const struct sudoers_parse_tree *parse_tree, const struct member *m, const char *runchroot, struct cmnd_info *info);
-int cmndlist_matches(struct sudoers_parse_tree *parse_tree, const struct member_list *list, const char *runchroot, struct cmnd_info *info);
+int cmndlist_matches(const struct sudoers_parse_tree *parse_tree, const struct member_list *list, const char *runchroot, struct cmnd_info *info);
-int host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const char *host, const char *shost, const struct member *m);
+int host_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const char *host, const char *shost, const struct member *m);
-int hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list);
+int hostlist_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list);
-int runaslist_matches(struct sudoers_parse_tree *parse_tree, const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group);
+int runaslist_matches(const struct sudoers_parse_tree *parse_tree, const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group);
-int user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member *m);
+int user_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member *m);
-int userlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list);
+int userlist_matches(const struct sudoers_parse_tree *parse_tree, const struct passwd *pw, const struct member_list *list);
 const char *sudo_getdomainname(void);
 struct gid_list *runas_getgroups(void);
 
@@ -447,14 +447,16 @@ bool sudoers_parse_ldif(struct sudoers_parse_tree *parse_tree, FILE *fp, const c
 
 /* fmtsudoers.c */
 struct sudo_lbuf;
-bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases);
+bool sudoers_format_cmndspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct cmndspec *cs, struct cmndspec *prev_cs, struct cmndtag tags, bool expand_aliases);
 bool sudoers_format_default(struct sudo_lbuf *lbuf, struct defaults *d);
-bool sudoers_format_default_line(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct defaults *d, struct defaults **next, bool expand_aliases);
+bool sudoers_format_member(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, int alias_type);
-bool sudoers_format_member(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct member *m, const char *separator, int alias_type);
-bool sudoers_format_privilege(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct privilege *priv, bool expand_aliases);
-bool sudoers_format_userspec(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases);
-bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush);
 bool sudoers_defaults_to_tags(const char *var, const char *val, int op, struct cmndtag *tags);
 bool sudoers_defaults_list_to_tags(struct defaults_list *defs, struct cmndtag *tags);
 
+/* fmtsudoers_cvt.c */
+bool sudoers_format_privilege(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct privilege *priv, bool expand_aliases);
+bool sudoers_format_userspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct userspec *us, bool expand_aliases);
+bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush);
+bool sudoers_format_default_line(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, struct defaults *d, struct defaults **next, bool expand_aliases);
+
 #endif /* SUDOERS_PARSE_H */