isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Display more specific parser error messages when possible.

Browse Source
This commit is contained in:
Todd C. Miller
2020-08-07 14:20:45 -06:00
parent 7c342e5862
commit 3235e4353c
51 changed files with 221 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/sudoers/defaults.c
View File

@@ -180,7 +180,7 @@ find_default(const char *name, const char *file, int lineno, bool quiet)
}
if (!quiet && !def_ignore_unknown_defaults) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""),
sudo_warnx(U_("%s:%d: unknown defaults entry \"%s\""),
file, lineno, name);
} else {
sudo_warnx(U_("%s: unknown defaults entry \"%s\""),
@@ -204,7 +204,7 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
int rc;
debug_decl(parse_default_entry, SUDOERS_DEBUG_DEFAULTS);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%d %s=%s op=%d",
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: %s:%d: %s=%s op=%d",
__func__, file, lineno, def->name, val ? val : "", op);
/*
@@ -229,7 +229,7 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
if (!ISSET(def->type, T_BOOL) || op != false) {
if (!quiet) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d no value specified for \"%s\""),
sudo_warnx(U_("%s:%d: no value specified for \"%s\""),
file, lineno, def->name);
} else {
sudo_warnx(U_("%s: no value specified for \"%s\""),
@@ -252,7 +252,7 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
if (ISSET(def->type, T_PATH) && val != NULL && *val != '/') {
if (!quiet) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d values for \"%s\" must start with a '/'"),
sudo_warnx(U_("%s:%d: values for \"%s\" must start with a '/'"),
file, lineno, def->name);
} else {
sudo_warnx(U_("%s: values for \"%s\" must start with a '/'"),
@@ -277,7 +277,7 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
if (val != NULL) {
if (!quiet) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d option \"%s\" does not take a value"),
sudo_warnx(U_("%s:%d: option \"%s\" does not take a value"),
file, lineno, def->name);
} else {
sudo_warnx(U_("%s: option \"%s\" does not take a value"),
@@ -305,7 +305,7 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
default:
if (!quiet) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d invalid Defaults type 0x%x for option \"%s\""),
sudo_warnx(U_("%s:%d: invalid Defaults type 0x%x for option \"%s\""),
file, lineno, def->type, def->name);
} else {
sudo_warnx(U_("%s: invalid Defaults type 0x%x for option \"%s\""),
@@ -318,7 +318,7 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
if (rc == false) {
if (!quiet) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d value \"%s\" is invalid for option \"%s\""),
sudo_warnx(U_("%s:%d: value \"%s\" is invalid for option \"%s\""),
file, lineno, val, def->name);
} else {
sudo_warnx(U_("%s: value \"%s\" is invalid for option \"%s\""),

16
plugins/sudoers/gram.c
View File

@@ -719,8 +719,16 @@ int yyparse(void);
void
sudoerserror(const char *s)
{
static int last_error_line = -1;
static char *last_error_file = NULL;
debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER);
/* Avoid displaying a generic error after a more specific one. */
if (last_error_file == sudoers && last_error_line == this_lineno)
debug_return;
last_error_file = sudoers;
last_error_line = this_lineno;
/* Save the line the first error occurred on. */
if (errorlineno == -1) {
errorlineno = this_lineno;
@@ -731,12 +739,12 @@ sudoerserror(const char *s)
LEXTRACE("<*> ");
#ifndef TRACELEXER
if (trace_print == NULL || trace_print == sudoers_trace_print) {
const char fmt[] = ">>> %s: %s near line %d <<<\n";
int oldlocale;
/* Warnings are displayed in the user's locale. */
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), this_lineno);
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d: %s\n"), sudoers,
this_lineno, _(s));
sudoers_setlocale(oldlocale, NULL);
/* Display the offending line and token if possible. */
@@ -1183,7 +1191,7 @@ init_options(struct command_options *opts)
opts->limitprivs = NULL;
#endif
}
#line 1129 "gram.c"
#line 1137 "gram.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
static int yygrowstack(void)
{
@@ -2332,7 +2340,7 @@ case 120:
}
}
break;
#line 2278 "gram.c"
#line 2286 "gram.c"
}
yyssp -= yym;
yystate = *yyssp;

12
plugins/sudoers/gram.y
View File

@@ -933,8 +933,16 @@ group : ALIAS {
void
sudoerserror(const char *s)
{
static int last_error_line = -1;
static char *last_error_file = NULL;
debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER);
/* Avoid displaying a generic error after a more specific one. */
if (last_error_file == sudoers && last_error_line == this_lineno)
debug_return;
last_error_file = sudoers;
last_error_line = this_lineno;
/* Save the line the first error occurred on. */
if (errorlineno == -1) {
errorlineno = this_lineno;
@@ -945,12 +953,12 @@ sudoerserror(const char *s)
LEXTRACE("<*> ");
#ifndef TRACELEXER
if (trace_print == NULL || trace_print == sudoers_trace_print) {
const char fmt[] = ">>> %s: %s near line %d <<<\n";
int oldlocale;
/* Warnings are displayed in the user's locale. */
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), this_lineno);
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d: %s\n"), sudoers,
this_lineno, _(s));
sudoers_setlocale(oldlocale, NULL);
/* Display the offending line and token if possible. */

2
plugins/sudoers/parse.c
View File

@@ -161,7 +161,7 @@ sudoers_lookup_check(struct sudo_nss *nss, struct passwd *pw,
*matching_cs = cs;
*defs = &priv->defaults;
sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
"userspec matched @ %s:%d %s",
"userspec matched @ %s:%d: %s",
us->file ? us->file : "???", us->lineno,
cmnd_match ? "allowed" : "denied");
debug_return_int(cmnd_match);

2
plugins/sudoers/regress/sudoers/test1.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su - : ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id
user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi : ALL = NOSETENV: EXEC: PASSWD: /usr/bin/echo

2
plugins/sudoers/regress/sudoers/test10.out.ok
View File

@@ -1,2 +1,2 @@
Parses OK.
Parses OK

1
plugins/sudoers/regress/sudoers/test11.out.ok
View File

@@ -1,2 +1 @@
Parse error in sudoers near line 1.

1
plugins/sudoers/regress/sudoers/test12.out.ok
View File

@@ -1,2 +1 @@
Parse error in sudoers near line 1.

1
plugins/sudoers/regress/sudoers/test13.out.ok
View File

@@ -1,2 +1 @@
Parse error in sudoers near line 1.

2
plugins/sudoers/regress/sudoers/test14.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls
Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh

2
plugins/sudoers/regress/sudoers/test15.out.ok
View File

@@ -1,3 +1,3 @@
Parses OK.
Parses OK
user ALL = sudoedit /etc/motd

2
plugins/sudoers/regress/sudoers/test16.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Cmnd_Alias EDIT = sudoedit /etc/motd

2
plugins/sudoers/regress/sudoers/test17.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults command_timeout=2d8h10m59s

2
plugins/sudoers/regress/sudoers/test18.out.ok
View File

@@ -1,4 +1,4 @@
Parse error in sudoers near line 4 (problem with defaults entries).
Problem with defaults entries
Defaults command_timeout=2d8h10m59ss
Defaults:root command_timeout=15f

4
plugins/sudoers/regress/sudoers/test18.toke.ok
View File

@@ -6,5 +6,5 @@ WORD(5) ALL = CMND_TIMEOUT = WORD(5) <*> COMMAND
WORD(5) ALL = CMND_TIMEOUT = WORD(5) <*> COMMAND
WORD(5) ALL = CMND_TIMEOUT = WORD(5) <*> COMMAND
WORD(5) ALL = CMND_TIMEOUT = WORD(5) <*> COMMAND
testsudoers: sudoers:2 value "2d8h10m59ss" is invalid for option "command_timeout"
testsudoers: sudoers:3 value "15f" is invalid for option "command_timeout"
testsudoers: sudoers:2: value "2d8h10m59ss" is invalid for option "command_timeout"
testsudoers: sudoers:3: value "15f" is invalid for option "command_timeout"

2
plugins/sudoers/regress/sudoers/test19.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, /bin/ls
user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, NOTAFTER=20170301083000Z /bin/ls

2
plugins/sudoers/regress/sudoers/test2.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults@somehost set_home
Defaults@quoted\" set_home

2
plugins/sudoers/regress/sudoers/test20.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults lecture
Defaults !lecture

2
plugins/sudoers/regress/sudoers/test21.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults syslog
Defaults !syslog

2
plugins/sudoers/regress/sudoers/test22.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
user1 ALL = (root) ALL
user2 ALL = (root) ALL

2
plugins/sudoers/regress/sudoers/test23.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS"
Defaults env_check+="TERM TZ"

2
plugins/sudoers/regress/sudoers/test3.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults:FOO env_reset
Defaults:foo, bar env_reset

1
plugins/sudoers/regress/sudoers/test4.out.ok
View File

@@ -1,4 +1,3 @@
Parse error in sudoers near line 7.
User_Alias BAR = bar
User_Alias FOO = foo

2
plugins/sudoers/regress/sudoers/test4.toke.ok
View File

@@ -2,4 +2,4 @@
USERALIAS ALIAS = WORD(5) : ALIAS = WORD(5)
#
USERALIAS ALIAS = WORD(5) ERROR <*> ALIAS = WORD(5)
USERALIAS ALIAS = WORD(5) <*> ERROR ALIAS = WORD(5)

1
plugins/sudoers/regress/sudoers/test5.out.ok
View File

@@ -1,2 +1 @@
Parse error in sudoers near line 2.

2
plugins/sudoers/regress/sudoers/test5.toke.ok
View File

@@ -1,3 +1,3 @@
#
USERALIAS ALIAS = BEGINSTR ENDSTR ERROR <*>
USERALIAS ALIAS = BEGINSTR ENDSTR <*> ERROR
BEGINSTR ENDSTR ERROR <*> ALL = ALL

2
plugins/sudoers/regress/sudoers/test6.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Defaults:#123 set_home
Defaults>#123 set_home

1
plugins/sudoers/regress/sudoers/test7.out.ok
View File

@@ -1,2 +1 @@
Parse error in sudoers near line 2.

12
plugins/sudoers/regress/sudoers/test7.toke.ok
View File

@@ -1,7 +1,7 @@
#
USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*>
USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*>
USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*>
USERALIAS ALIAS = ERROR <*>
USERALIAS ALIAS = ERROR <*>
USERALIAS ALIAS = ERROR <*>
USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR <*> ERROR
USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR <*> ERROR
USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR <*> ERROR
USERALIAS ALIAS = <*> ERROR
USERALIAS ALIAS = <*> ERROR
USERALIAS ALIAS = <*> ERROR

1
plugins/sudoers/regress/sudoers/test8.out.ok
View File

@@ -1,4 +1,3 @@
Parse error in sudoers near line 8.
User_Alias UA1 = xy
User_Alias UA2 = xy

2
plugins/sudoers/regress/sudoers/test8.toke.ok
View File

@@ -4,4 +4,4 @@ USERALIAS ALIAS = BEGINSTR STRBODY STRBODY ENDSTR WORD(4)
USERALIAS ALIAS = WORD(5)
#
USERALIAS ALIAS = BEGINSTR STRBODY ERROR <*> ERROR
USERALIAS ALIAS = BEGINSTR STRBODY <*> ERROR ERROR

2
plugins/sudoers/regress/sudoers/test9.out.ok
View File

@@ -1,2 +1,2 @@
Parses OK.
Parses OK

2
plugins/sudoers/regress/testsudoers/test1.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Entries for user root:

8
plugins/sudoers/regress/testsudoers/test10.out.ok
View File

@@ -1,6 +1,6 @@
Testing @include of a path with escaped white space
Parses OK.
Parses OK
Entries for user root:
@@ -13,7 +13,7 @@ Command allowed
Testing @include of a double-quoted path with white space
Parses OK.
Parses OK
Entries for user root:
@@ -26,7 +26,7 @@ Command allowed
Testing #include of a path with escaped white space
Parses OK.
Parses OK
Entries for user root:
@@ -39,7 +39,7 @@ Command allowed
Testing #include of a double-quoted path with white space
Parses OK.
Parses OK
Entries for user root:

6
plugins/sudoers/regress/testsudoers/test11.out.ok
View File

@@ -1,9 +1,8 @@
Testing @include with garbage after the path name
>>> sudoers: syntax error near line 1 <<<
sudoers:1: syntax error
@include ../../../trunk/plugins/sudoers/regress/testsudoers/test2.inc womp womp
^
Parse error in sudoers near line 1.
Entries for user root:
@@ -16,10 +15,9 @@ Command allowed
Testing #include with garbage after the path name
>>> sudoers: syntax error near line 1 <<<
sudoers:1: syntax error
#include ../../../trunk/plugins/sudoers/regress/testsudoers/test2.inc womp womp
^
Parse error in sudoers near line 1.
Entries for user root:

4
plugins/sudoers/regress/testsudoers/test2.out.ok
View File

@@ -1,6 +1,6 @@
Testing @include
Parses OK.
Parses OK
Entries for user root:
@@ -13,7 +13,7 @@ Command allowed
Testing #include
Parses OK.
Parses OK
Entries for user root:

8
plugins/sudoers/regress/testsudoers/test3.out.ok
View File

@@ -1,6 +1,6 @@
Testing @includedir of an unquoted path
Parses OK.
Parses OK
Entries for user root:
@@ -13,7 +13,7 @@ Command allowed
Testing @includedir of a double-quoted path
Parses OK.
Parses OK
Entries for user root:
@@ -26,7 +26,7 @@ Command allowed
Testing #includedir of an unquoted path
Parses OK.
Parses OK
Entries for user root:
@@ -39,7 +39,7 @@ Command allowed
Testing #includedir of a double-quoted path
Parses OK.
Parses OK
Entries for user root:

1
plugins/sudoers/regress/testsudoers/test4.out.ok
View File

@@ -1,5 +1,4 @@
testsudoers: test2.inc should be owned by uid 1
Parse error in sudoers near line 1.
Entries for user root:

2
plugins/sudoers/regress/testsudoers/test5.out.ok
View File

@@ -1,11 +1,9 @@
testsudoers: test5.inc is world writable
Parse error in sudoers near line 1.
Entries for user root:
Command unmatched
testsudoers: test5.inc should be owned by gid 4294967294
Parse error in sudoers near line 1.
Entries for user root:

2
plugins/sudoers/regress/testsudoers/test6.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Entries for user root:

2
plugins/sudoers/regress/testsudoers/test7.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Entries for user root:

4
plugins/sudoers/regress/testsudoers/test8.out.ok
View File

@@ -1,6 +1,6 @@
Testing @include without a newline
Parses OK.
Parses OK
Entries for user root:
@@ -13,7 +13,7 @@ Command allowed
Testing #include without a newline
Parses OK.
Parses OK
Entries for user root:

2
plugins/sudoers/regress/testsudoers/test9.out.ok
View File

@@ -1,4 +1,4 @@
Parses OK.
Parses OK
Entries for user root:

2
plugins/sudoers/regress/visudo/test2.err.ok
View File

@@ -1 +1 @@
Error: stdin:1 cycle in User_Alias "FOO"
Error: stdin:1: cycle in User_Alias "FOO"

4
plugins/sudoers/regress/visudo/test3.err.ok
View File

@@ -1,2 +1,2 @@
Warning: stdin:1 unused User_Alias "A"
Warning: stdin:2 unused User_Alias "B"
Warning: stdin:1: unused User_Alias "A"
Warning: stdin:2: unused User_Alias "B"

2
plugins/sudoers/regress/visudo/test8.err.ok
View File

@@ -1 +1 @@
visudo: stdin:1 value "2.5" is invalid for option "passwd_timeout"
visudo: stdin:1: value "2.5" is invalid for option "passwd_timeout"

2
plugins/sudoers/regress/visudo/test8.sh
View File

@@ -24,7 +24,7 @@ if [ $? -eq 0 ]; then
else
# No support for LC_NUMERIC?
echo "parse error in stdin near line 1"
echo 'visudo: stdin:1 value "2.5" is invalid for option "passwd_timeout"' 1>&2
echo 'visudo: stdin:1: value "2.5" is invalid for option "passwd_timeout"' 1>&2
fi
exit 0

23
plugins/sudoers/testsudoers.c
View File

@@ -290,30 +290,23 @@ main(int argc, char *argv[])
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL);
switch (input_format) {
case format_ldif:
if (!sudoers_parse_ldif(&parsed_policy, stdin, NULL, true))
(void) printf("Parse error in LDIF");
else
(void) fputs("Parses OK", stdout);
if (!sudoers_parse_ldif(&parsed_policy, stdin, NULL, true)) {
(void) puts("Parse error in LDIF");
parse_error = true;
}
break;
case format_sudoers:
if (sudoersparse() != 0 || parse_error) {
if (sudoersparse() != 0 || parse_error)
parse_error = true;
if (errorlineno != -1)
(void) printf("Parse error in %s near line %d",
errorfile, errorlineno);
else
(void) printf("Parse error in %s", errorfile);
} else {
(void) fputs("Parses OK", stdout);
}
break;
default:
sudo_fatalx("error: unhandled input %d", input_format);
}
if (!parse_error)
(void) puts("Parses OK");
if (!update_defaults(&parsed_policy, NULL, SETDEF_ALL, false))
(void) fputs(" (problem with defaults entries)", stdout);
puts(".");
(void) puts("Problem with defaults entries");
if (dflag) {
(void) putchar('\n');

188
plugins/sudoers/toke.c
View File

@@ -2632,7 +2632,8 @@ YY_RULE_SETUP
BEGIN prev_state;
if (sudoerslval.string == NULL) {
LEXTRACE("ERROR "); /* empty string */
sudoerserror("empty string");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
if (prev_state == INITIAL || prev_state == GOTDEFS) {
@@ -2641,14 +2642,16 @@ YY_RULE_SETUP
if (sudoerslval.string[1] == '\0' ||
(sudoerslval.string[1] == ':' &&
sudoerslval.string[2] == '\0')) {
LEXTRACE("ERROR "); /* empty group */
sudoerserror("empty group");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
LEXTRACE("USERGROUP ");
LEXRETURN(USERGROUP);
case '+':
if (sudoerslval.string[1] == '\0') {
LEXTRACE("ERROR "); /* empty netgroup */
sudoerserror("empty netgroup");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
LEXTRACE("NETGROUP ");
@@ -2661,7 +2664,7 @@ YY_RULE_SETUP
YY_BREAK
case 12:
YY_RULE_SETUP
#line 211 "toke.l"
#line 214 "toke.l"
{
LEXTRACE("BACKSLASH ");
if (!append(sudoerstext, sudoersleng))
@@ -2670,7 +2673,7 @@ YY_RULE_SETUP
YY_BREAK
case 13:
YY_RULE_SETUP
#line 217 "toke.l"
#line 220 "toke.l"
{
LEXTRACE("STRBODY ");
if (!append(sudoerstext, sudoersleng))
@@ -2681,7 +2684,7 @@ YY_RULE_SETUP
case 14:
YY_RULE_SETUP
#line 225 "toke.l"
#line 228 "toke.l"
{
/* quoted fnmatch glob char, pass verbatim */
LEXTRACE("QUOTEDCHAR ");
@@ -2692,7 +2695,7 @@ YY_RULE_SETUP
YY_BREAK
case 15:
YY_RULE_SETUP
#line 233 "toke.l"
#line 236 "toke.l"
{
/* quoted sudoers special char, strip backslash */
LEXTRACE("QUOTEDCHAR ");
@@ -2704,7 +2707,7 @@ YY_RULE_SETUP
case 16:
/* rule 16 can match eol */
YY_RULE_SETUP
#line 241 "toke.l"
#line 244 "toke.l"
{
BEGIN INITIAL;
sudoersless(0);
@@ -2714,7 +2717,7 @@ YY_RULE_SETUP
YY_BREAK
case 17:
YY_RULE_SETUP
#line 248 "toke.l"
#line 251 "toke.l"
{
LEXTRACE("ARG ");
if (!fill_args(sudoerstext, sudoersleng, sawspace))
@@ -2725,7 +2728,7 @@ YY_RULE_SETUP
case 18:
YY_RULE_SETUP
#line 256 "toke.l"
#line 259 "toke.l"
{
/* Only return DIGEST if the length is correct. */
yy_size_t digest_len =
@@ -2743,7 +2746,7 @@ YY_RULE_SETUP
YY_BREAK
case 19:
YY_RULE_SETUP
#line 271 "toke.l"
#line 274 "toke.l"
{
/* Only return DIGEST if the length is correct. */
yy_size_t len, digest_len =
@@ -2768,9 +2771,10 @@ YY_RULE_SETUP
YY_BREAK
case 20:
YY_RULE_SETUP
#line 293 "toke.l"
#line 296 "toke.l"
{
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -2782,9 +2786,10 @@ YY_RULE_SETUP
YY_BREAK
case 21:
YY_RULE_SETUP
#line 304 "toke.l"
#line 308 "toke.l"
{
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -2797,9 +2802,10 @@ YY_RULE_SETUP
case 22:
/* rule 22 can match eol */
YY_RULE_SETUP
#line 315 "toke.l"
#line 320 "toke.l"
{
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -2816,9 +2822,10 @@ YY_RULE_SETUP
case 23:
/* rule 23 can match eol */
YY_RULE_SETUP
#line 330 "toke.l"
#line 336 "toke.l"
{
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -2834,12 +2841,13 @@ YY_RULE_SETUP
YY_BREAK
case 24:
YY_RULE_SETUP
#line 345 "toke.l"
#line 352 "toke.l"
{
char deftype;
int n;
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -2854,14 +2862,10 @@ YY_RULE_SETUP
BEGIN GOTDEFS;
switch (deftype) {
case ':':
sudolinebuf.toke_end =
sudolinebuf.toke_start + n;
sudoersless(n);
LEXTRACE("DEFAULTS_USER ");
LEXRETURN(DEFAULTS_USER);
case '>':
sudolinebuf.toke_end =
sudolinebuf.toke_start + n;
sudoersless(n);
LEXTRACE("DEFAULTS_RUNAS ");
LEXRETURN(DEFAULTS_RUNAS);
@@ -2881,11 +2885,12 @@ YY_RULE_SETUP
YY_BREAK
case 25:
YY_RULE_SETUP
#line 389 "toke.l"
#line 393 "toke.l"
{
int n;
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -2910,7 +2915,7 @@ YY_RULE_SETUP
YY_BREAK
case 26:
YY_RULE_SETUP
#line 415 "toke.l"
#line 420 "toke.l"
{
/* cmnd does not require passwd for this user */
LEXTRACE("NOPASSWD ");
@@ -2919,7 +2924,7 @@ YY_RULE_SETUP
YY_BREAK
case 27:
YY_RULE_SETUP
#line 421 "toke.l"
#line 426 "toke.l"
{
/* cmnd requires passwd for this user */
LEXTRACE("PASSWD ");
@@ -2928,7 +2933,7 @@ YY_RULE_SETUP
YY_BREAK
case 28:
YY_RULE_SETUP
#line 427 "toke.l"
#line 432 "toke.l"
{
LEXTRACE("NOEXEC ");
LEXRETURN(NOEXEC);
@@ -2936,7 +2941,7 @@ YY_RULE_SETUP
YY_BREAK
case 29:
YY_RULE_SETUP
#line 432 "toke.l"
#line 437 "toke.l"
{
LEXTRACE("EXEC ");
LEXRETURN(EXEC);
@@ -2944,7 +2949,7 @@ YY_RULE_SETUP
YY_BREAK
case 30:
YY_RULE_SETUP
#line 437 "toke.l"
#line 442 "toke.l"
{
LEXTRACE("SETENV ");
LEXRETURN(SETENV);
@@ -2952,7 +2957,7 @@ YY_RULE_SETUP
YY_BREAK
case 31:
YY_RULE_SETUP
#line 442 "toke.l"
#line 447 "toke.l"
{
LEXTRACE("NOSETENV ");
LEXRETURN(NOSETENV);
@@ -2960,7 +2965,7 @@ YY_RULE_SETUP
YY_BREAK
case 32:
YY_RULE_SETUP
#line 447 "toke.l"
#line 452 "toke.l"
{
LEXTRACE("LOG_OUTPUT ");
LEXRETURN(LOG_OUTPUT);
@@ -2968,7 +2973,7 @@ YY_RULE_SETUP
YY_BREAK
case 33:
YY_RULE_SETUP
#line 452 "toke.l"
#line 457 "toke.l"
{
LEXTRACE("NOLOG_OUTPUT ");
LEXRETURN(NOLOG_OUTPUT);
@@ -2976,7 +2981,7 @@ YY_RULE_SETUP
YY_BREAK
case 34:
YY_RULE_SETUP
#line 457 "toke.l"
#line 462 "toke.l"
{
LEXTRACE("LOG_INPUT ");
LEXRETURN(LOG_INPUT);
@@ -2984,7 +2989,7 @@ YY_RULE_SETUP
YY_BREAK
case 35:
YY_RULE_SETUP
#line 462 "toke.l"
#line 467 "toke.l"
{
LEXTRACE("NOLOG_INPUT ");
LEXRETURN(NOLOG_INPUT);
@@ -2992,7 +2997,7 @@ YY_RULE_SETUP
YY_BREAK
case 36:
YY_RULE_SETUP
#line 467 "toke.l"
#line 472 "toke.l"
{
LEXTRACE("MAIL ");
LEXRETURN(MAIL);
@@ -3000,7 +3005,7 @@ YY_RULE_SETUP
YY_BREAK
case 37:
YY_RULE_SETUP
#line 472 "toke.l"
#line 477 "toke.l"
{
LEXTRACE("NOMAIL ");
LEXRETURN(NOMAIL);
@@ -3008,7 +3013,7 @@ YY_RULE_SETUP
YY_BREAK
case 38:
YY_RULE_SETUP
#line 477 "toke.l"
#line 482 "toke.l"
{
LEXTRACE("FOLLOW ");
LEXRETURN(FOLLOWLNK);
@@ -3016,7 +3021,7 @@ YY_RULE_SETUP
YY_BREAK
case 39:
YY_RULE_SETUP
#line 482 "toke.l"
#line 487 "toke.l"
{
LEXTRACE("NOFOLLOW ");
LEXRETURN(NOFOLLOWLNK);
@@ -3024,16 +3029,19 @@ YY_RULE_SETUP
YY_BREAK
case 40:
YY_RULE_SETUP
#line 487 "toke.l"
#line 492 "toke.l"
{
/* empty group or netgroup */
if (sudoerstext[0] == '+')
sudoerserror("empty netgroup");
else
sudoerserror("empty group");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
YY_BREAK
case 41:
YY_RULE_SETUP
#line 493 "toke.l"
#line 501 "toke.l"
{
/* netgroup */
if (!fill(sudoerstext, sudoersleng))
@@ -3044,7 +3052,7 @@ YY_RULE_SETUP
YY_BREAK
case 42:
YY_RULE_SETUP
#line 501 "toke.l"
#line 509 "toke.l"
{
/* group */
if (!fill(sudoerstext, sudoersleng))
@@ -3055,7 +3063,7 @@ YY_RULE_SETUP
YY_BREAK
case 43:
YY_RULE_SETUP
#line 509 "toke.l"
#line 517 "toke.l"
{
if (!fill(sudoerstext, sudoersleng))
yyterminate();
@@ -3065,7 +3073,7 @@ YY_RULE_SETUP
YY_BREAK
case 44:
YY_RULE_SETUP
#line 516 "toke.l"
#line 524 "toke.l"
{
if (!fill(sudoerstext, sudoersleng))
yyterminate();
@@ -3075,9 +3083,10 @@ YY_RULE_SETUP
YY_BREAK
case 45:
YY_RULE_SETUP
#line 523 "toke.l"
#line 531 "toke.l"
{
if (!ipv6_valid(sudoerstext)) {
sudoerserror("invalid IPv6 address");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -3089,9 +3098,10 @@ YY_RULE_SETUP
YY_BREAK
case 46:
YY_RULE_SETUP
#line 534 "toke.l"
#line 543 "toke.l"
{
if (!ipv6_valid(sudoerstext)) {
sudoerserror("invalid IPv6 address");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -3103,7 +3113,7 @@ YY_RULE_SETUP
YY_BREAK
case 47:
YY_RULE_SETUP
#line 545 "toke.l"
#line 555 "toke.l"
{
LEXTRACE("ALL ");
LEXRETURN(ALL);
@@ -3112,7 +3122,7 @@ YY_RULE_SETUP
YY_BREAK
case 48:
YY_RULE_SETUP
#line 551 "toke.l"
#line 561 "toke.l"
{
LEXTRACE("CMND_TIMEOUT ");
LEXRETURN(CMND_TIMEOUT);
@@ -3120,7 +3130,7 @@ YY_RULE_SETUP
YY_BREAK
case 49:
YY_RULE_SETUP
#line 556 "toke.l"
#line 566 "toke.l"
{
LEXTRACE("NOTBEFORE ");
LEXRETURN(NOTBEFORE);
@@ -3128,7 +3138,7 @@ YY_RULE_SETUP
YY_BREAK
case 50:
YY_RULE_SETUP
#line 561 "toke.l"
#line 571 "toke.l"
{
LEXTRACE("NOTAFTER ");
LEXRETURN(NOTAFTER);
@@ -3136,7 +3146,7 @@ YY_RULE_SETUP
YY_BREAK
case 51:
YY_RULE_SETUP
#line 566 "toke.l"
#line 576 "toke.l"
{
#ifdef HAVE_SELINUX
LEXTRACE("ROLE ");
@@ -3148,7 +3158,7 @@ YY_RULE_SETUP
YY_BREAK
case 52:
YY_RULE_SETUP
#line 575 "toke.l"
#line 585 "toke.l"
{
#ifdef HAVE_SELINUX
LEXTRACE("TYPE ");
@@ -3160,7 +3170,7 @@ YY_RULE_SETUP
YY_BREAK
case 53:
YY_RULE_SETUP
#line 583 "toke.l"
#line 593 "toke.l"
{
#ifdef HAVE_PRIV_SET
LEXTRACE("PRIVS ");
@@ -3172,7 +3182,7 @@ YY_RULE_SETUP
YY_BREAK
case 54:
YY_RULE_SETUP
#line 592 "toke.l"
#line 602 "toke.l"
{
#ifdef HAVE_PRIV_SET
LEXTRACE("LIMITPRIVS ");
@@ -3184,7 +3194,7 @@ YY_RULE_SETUP
YY_BREAK
case 55:
YY_RULE_SETUP
#line 601 "toke.l"
#line 611 "toke.l"
{
got_alias:
if (!fill(sudoerstext, sudoersleng))
@@ -3195,7 +3205,7 @@ YY_RULE_SETUP
YY_BREAK
case 56:
YY_RULE_SETUP
#line 609 "toke.l"
#line 619 "toke.l"
{
/* XXX - no way to specify digest for command */
/* no command args allowed for Defaults!/path */
@@ -3207,7 +3217,7 @@ YY_RULE_SETUP
YY_BREAK
case 57:
YY_RULE_SETUP
#line 618 "toke.l"
#line 628 "toke.l"
{
digest_type = SUDO_DIGEST_SHA224;
BEGIN WANTDIGEST;
@@ -3217,7 +3227,7 @@ YY_RULE_SETUP
YY_BREAK
case 58:
YY_RULE_SETUP
#line 625 "toke.l"
#line 635 "toke.l"
{
digest_type = SUDO_DIGEST_SHA256;
BEGIN WANTDIGEST;
@@ -3227,7 +3237,7 @@ YY_RULE_SETUP
YY_BREAK
case 59:
YY_RULE_SETUP
#line 632 "toke.l"
#line 642 "toke.l"
{
digest_type = SUDO_DIGEST_SHA384;
BEGIN WANTDIGEST;
@@ -3237,7 +3247,7 @@ YY_RULE_SETUP
YY_BREAK
case 60:
YY_RULE_SETUP
#line 639 "toke.l"
#line 649 "toke.l"
{
digest_type = SUDO_DIGEST_SHA512;
BEGIN WANTDIGEST;
@@ -3247,7 +3257,7 @@ YY_RULE_SETUP
YY_BREAK
case 61:
YY_RULE_SETUP
#line 646 "toke.l"
#line 656 "toke.l"
{
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
@@ -3257,7 +3267,7 @@ YY_RULE_SETUP
YY_BREAK
case 62:
YY_RULE_SETUP
#line 653 "toke.l"
#line 663 "toke.l"
{
/* directories can't have args... */
if (sudoerstext[sudoersleng - 1] == '/') {
@@ -3275,7 +3285,7 @@ YY_RULE_SETUP
YY_BREAK
case 63:
YY_RULE_SETUP
#line 668 "toke.l"
#line 678 "toke.l"
{
LEXTRACE("BEGINSTR ");
sudoerslval.string = NULL;
@@ -3285,7 +3295,7 @@ YY_RULE_SETUP
YY_BREAK
case 64:
YY_RULE_SETUP
#line 675 "toke.l"
#line 685 "toke.l"
{
/* a word */
if (!fill(sudoerstext, sudoersleng))
@@ -3297,7 +3307,7 @@ YY_RULE_SETUP
case 65:
YY_RULE_SETUP
#line 684 "toke.l"
#line 694 "toke.l"
{
/* include file/directory */
if (!fill(sudoerstext, sudoersleng))
@@ -3309,7 +3319,7 @@ YY_RULE_SETUP
YY_BREAK
case 66:
YY_RULE_SETUP
#line 693 "toke.l"
#line 703 "toke.l"
{
LEXTRACE("BEGINSTR ");
sudoerslval.string = NULL;
@@ -3320,7 +3330,7 @@ YY_RULE_SETUP
case 67:
YY_RULE_SETUP
#line 701 "toke.l"
#line 711 "toke.l"
{
LEXTRACE("( ");
LEXRETURN('(');
@@ -3328,7 +3338,7 @@ YY_RULE_SETUP
YY_BREAK
case 68:
YY_RULE_SETUP
#line 706 "toke.l"
#line 716 "toke.l"
{
LEXTRACE(") ");
LEXRETURN(')');
@@ -3336,7 +3346,7 @@ YY_RULE_SETUP
YY_BREAK
case 69:
YY_RULE_SETUP
#line 711 "toke.l"
#line 721 "toke.l"
{
LEXTRACE(", ");
LEXRETURN(',');
@@ -3344,7 +3354,7 @@ YY_RULE_SETUP
YY_BREAK
case 70:
YY_RULE_SETUP
#line 716 "toke.l"
#line 726 "toke.l"
{
LEXTRACE("= ");
LEXRETURN('=');
@@ -3352,7 +3362,7 @@ YY_RULE_SETUP
YY_BREAK
case 71:
YY_RULE_SETUP
#line 721 "toke.l"
#line 731 "toke.l"
{
LEXTRACE(": ");
LEXRETURN(':');
@@ -3360,7 +3370,7 @@ YY_RULE_SETUP
YY_BREAK
case 72:
YY_RULE_SETUP
#line 726 "toke.l"
#line 736 "toke.l"
{
if (sudoersleng & 1) {
LEXTRACE("!");
@@ -3371,12 +3381,12 @@ YY_RULE_SETUP
case 73:
/* rule 73 can match eol */
YY_RULE_SETUP
#line 733 "toke.l"
#line 743 "toke.l"
{
if (YY_START == INSTR) {
/* XXX - better error message */
sudoerserror("unexpected line break in string");
LEXTRACE("ERROR ");
LEXRETURN(ERROR); /* line break in string */
LEXRETURN(ERROR);
}
BEGIN INITIAL;
sudolineno++;
@@ -3387,7 +3397,7 @@ YY_RULE_SETUP
YY_BREAK
case 74:
YY_RULE_SETUP
#line 746 "toke.l"
#line 756 "toke.l"
{ /* throw away space/tabs */
sawspace = true; /* but remember for fill_args */
}
@@ -3395,7 +3405,7 @@ YY_RULE_SETUP
case 75:
/* rule 75 can match eol */
YY_RULE_SETUP
#line 750 "toke.l"
#line 760 "toke.l"
{
sawspace = true; /* remember for fill_args */
sudolineno++;
@@ -3405,7 +3415,7 @@ YY_RULE_SETUP
case 76:
/* rule 76 can match eol */
YY_RULE_SETUP
#line 756 "toke.l"
#line 766 "toke.l"
{
if (sudoerstext[sudoersleng - 1] == '\n') {
/* comment ending in a newline */
@@ -3413,6 +3423,7 @@ YY_RULE_SETUP
sudolineno++;
continued = false;
} else if (!feof(sudoersin)) {
sudoerserror(strerror(errno));
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -3422,7 +3433,7 @@ YY_RULE_SETUP
YY_BREAK
case 77:
YY_RULE_SETUP
#line 770 "toke.l"
#line 781 "toke.l"
{
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
@@ -3436,7 +3447,7 @@ case YY_STATE_EOF(INDEFS):
case YY_STATE_EOF(INSTR):
case YY_STATE_EOF(WANTDIGEST):
case YY_STATE_EOF(GOTINC):
#line 775 "toke.l"
#line 786 "toke.l"
{
if (YY_START != INITIAL) {
BEGIN INITIAL;
@@ -3449,10 +3460,10 @@ case YY_STATE_EOF(GOTINC):
YY_BREAK
case 78:
YY_RULE_SETUP
#line 785 "toke.l"
#line 796 "toke.l"
ECHO;
YY_BREAK
#line 3450 "toke.c"
#line 3461 "toke.c"
case YY_END_OF_BUFFER:
{
@@ -4413,7 +4424,7 @@ void sudoersfree (void * ptr )
#define YYTABLES_NAME "yytables"
#line 785 "toke.l"
#line 796 "toke.l"
struct path_list {
@@ -4800,8 +4811,8 @@ pop_include(void)
SLIST_REMOVE_HEAD(&istack[idepth - 1].more, entries);
fp = open_sudoers(pl->path, false, &keepopen);
if (fp != NULL) {
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
sudolinebuf.len = sudolinebuf.off = 0;
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
rcstr_delref(sudoers);
sudoers = pl->path;
sudolineno = 1;
@@ -4850,7 +4861,7 @@ sudoers_trace_print(const char *msg)
if (strchr(msg, '\n') != NULL)
{
sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG,
"%s:%d %s", sudoers, sudolineno, lbuf.buf);
"%s:%d: %s", sudoers, sudolineno, lbuf.buf);
lbuf.len = 0;
}
return 0;
@@ -4864,17 +4875,16 @@ sudoers_input(char *buf, yy_size_t max_size)
/* Refill line buffer if needed. */
if (avail == 0) {
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
sudolinebuf.off = 0;
sudolinebuf.len = getdelim(&sudolinebuf.buf, &sudolinebuf.size,
'\n', sudoersin);
if (sudolinebuf.len == (size_t)-1) {
avail = getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin);
if (avail == (size_t)-1) {
/* EOF or error. */
if (ferror(sudoersin) && errno != EINTR)
YY_FATAL_ERROR("input in flex scanner failed");
sudolinebuf.len = 0;
return 0;
}
avail = sudolinebuf.len;
sudolinebuf.len = avail;
sudolinebuf.off = 0;
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
}
if (avail > max_size)

48
plugins/sudoers/toke.l
View File

@@ -181,7 +181,8 @@ DEFVAR [a-z_]+
BEGIN prev_state;
if (sudoerslval.string == NULL) {
LEXTRACE("ERROR "); /* empty string */
sudoerserror("empty string");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
if (prev_state == INITIAL || prev_state == GOTDEFS) {
@@ -190,14 +191,16 @@ DEFVAR [a-z_]+
if (sudoerslval.string[1] == '\0' ||
(sudoerslval.string[1] == ':' &&
sudoerslval.string[2] == '\0')) {
LEXTRACE("ERROR "); /* empty group */
sudoerserror("empty group");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
LEXTRACE("USERGROUP ");
LEXRETURN(USERGROUP);
case '+':
if (sudoerslval.string[1] == '\0') {
LEXTRACE("ERROR "); /* empty netgroup */
sudoerserror("empty netgroup");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
LEXTRACE("NETGROUP ");
@@ -292,6 +295,7 @@ DEFVAR [a-z_]+
<INITIAL>@include {
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -303,6 +307,7 @@ DEFVAR [a-z_]+
<INITIAL>@includedir {
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -314,6 +319,7 @@ DEFVAR [a-z_]+
<INITIAL>^#include[[:blank:]]+.*(\r\n|\n)? {
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -329,6 +335,7 @@ DEFVAR [a-z_]+
<INITIAL>^#includedir[[:blank:]]+.*(\r\n|\n)? {
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -347,6 +354,7 @@ DEFVAR [a-z_]+
int n;
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -361,14 +369,10 @@ DEFVAR [a-z_]+
BEGIN GOTDEFS;
switch (deftype) {
case ':':
sudolinebuf.toke_end =
sudolinebuf.toke_start + n;
sudoersless(n);
LEXTRACE("DEFAULTS_USER ");
LEXRETURN(DEFAULTS_USER);
case '>':
sudolinebuf.toke_end =
sudolinebuf.toke_start + n;
sudoersless(n);
LEXTRACE("DEFAULTS_RUNAS ");
LEXRETURN(DEFAULTS_RUNAS);
@@ -390,6 +394,7 @@ DEFVAR [a-z_]+
int n;
if (continued) {
sudoerserror("invalid line continuation");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -485,7 +490,10 @@ NOFOLLOW[[:blank:]]*: {
}
<INITIAL,GOTDEFS>(\+|\%|\%:) {
/* empty group or netgroup */
if (sudoerstext[0] == '+')
sudoerserror("empty netgroup");
else
sudoerserror("empty group");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -522,6 +530,7 @@ NOFOLLOW[[:blank:]]*: {
{IPV6ADDR}(\/{IPV6ADDR})? {
if (!ipv6_valid(sudoerstext)) {
sudoerserror("invalid IPv6 address");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -533,6 +542,7 @@ NOFOLLOW[[:blank:]]*: {
{IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) {
if (!ipv6_valid(sudoerstext)) {
sudoerserror("invalid IPv6 address");
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -732,9 +742,9 @@ sudoedit {
<*>\r?\n {
if (YY_START == INSTR) {
/* XXX - better error message */
sudoerserror("unexpected line break in string");
LEXTRACE("ERROR ");
LEXRETURN(ERROR); /* line break in string */
LEXRETURN(ERROR);
}
BEGIN INITIAL;
sudolineno++;
@@ -760,6 +770,7 @@ sudoedit {
sudolineno++;
continued = false;
} else if (!feof(sudoersin)) {
sudoerserror(strerror(errno));
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
@@ -1167,8 +1178,8 @@ pop_include(void)
SLIST_REMOVE_HEAD(&istack[idepth - 1].more, entries);
fp = open_sudoers(pl->path, false, &keepopen);
if (fp != NULL) {
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
sudolinebuf.len = sudolinebuf.off = 0;
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
rcstr_delref(sudoers);
sudoers = pl->path;
sudolineno = 1;
@@ -1217,7 +1228,7 @@ sudoers_trace_print(const char *msg)
if (strchr(msg, '\n') != NULL)
{
sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG,
"%s:%d %s", sudoers, sudolineno, lbuf.buf);
"%s:%d: %s", sudoers, sudolineno, lbuf.buf);
lbuf.len = 0;
}
return 0;
@@ -1231,17 +1242,16 @@ sudoers_input(char *buf, yy_size_t max_size)
/* Refill line buffer if needed. */
if (avail == 0) {
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
sudolinebuf.off = 0;
sudolinebuf.len = getdelim(&sudolinebuf.buf, &sudolinebuf.size,
'\n', sudoersin);
if (sudolinebuf.len == (size_t)-1) {
avail = getdelim(&sudolinebuf.buf, &sudolinebuf.size, '\n', sudoersin);
if (avail == (size_t)-1) {
/* EOF or error. */
if (ferror(sudoersin) && errno != EINTR)
YY_FATAL_ERROR("input in flex scanner failed");
sudolinebuf.len = 0;
return 0;
}
avail = sudolinebuf.len;
sudolinebuf.len = avail;
sudolinebuf.off = 0;
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
}
if (avail > max_size)

10
plugins/sudoers/visudo.c
View File

@@ -1080,13 +1080,13 @@ check_alias(char *name, int type, char *file, int lineno, bool strict, bool quie
if (!quiet) {
if (errno == ELOOP) {
fprintf(stderr, strict ?
U_("Error: %s:%d cycle in %s \"%s\"") :
U_("Warning: %s:%d cycle in %s \"%s\""),
U_("Error: %s:%d: cycle in %s \"%s\"") :
U_("Warning: %s:%d: cycle in %s \"%s\""),
file, lineno, alias_type_to_string(type), name);
} else {
fprintf(stderr, strict ?
U_("Error: %s:%d %s \"%s\" referenced but not defined") :
U_("Warning: %s:%d %s \"%s\" referenced but not defined"),
U_("Error: %s:%d: %s \"%s\" referenced but not defined") :
U_("Warning: %s:%d: %s \"%s\" referenced but not defined"),
file, lineno, alias_type_to_string(type), name);
}
fputc('\n', stderr);
@@ -1177,7 +1177,7 @@ check_aliases(bool strict, bool quiet)
static int
print_unused(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v)
{
fprintf(stderr, U_("Warning: %s:%d unused %s \"%s\""),
fprintf(stderr, U_("Warning: %s:%d: unused %s \"%s\""),
a->file, a->lineno, alias_type_to_string(a->type), a->name);
fputc('\n', stderr);
return 0;