isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid a -Wshadow warning on Solaris 9.

Browse Source
This commit is contained in:
Todd C. Miller
2022-10-07 11:00:17 -06:00
parent 0eb136d65c
commit 57b5ff8e8c
17 changed files with 383 additions and 372 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
docs/sudo_plugin.man.in
View File

@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.TH "SUDO_PLUGIN" "5" "September 11, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.TH "SUDO_PLUGIN" "5" "October 7, 2022" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh
.if n .ad l
.SH "NAME"
@@ -70,7 +70,7 @@ struct policy_plugin {
unsigned int type; /* always SUDO_POLICY_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[], const char **errstr);
void (*close)(int exit_status, int error);
@@ -79,9 +79,9 @@ struct policy_plugin {
char *env_add[], char **command_info[],
char **argv_out[], char **user_env_out[], const char **errstr);
int (*list)(int argc, char * const argv[], int verbose,
const char *list_user, const char **errstr);
const char *user, const char **errstr);
int (*validate)(const char **errstr);
void (*invalidate)(int remove);
void (*invalidate)(int rmcred);
int (*init_session)(struct passwd *pwd, char **user_env[],
const char **errstr);
void (*register_hooks)(int version,
@@ -117,7 +117,7 @@ built against.
.nf
.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[], const char **errstr);
.RE
@@ -132,7 +132,7 @@ will print a usage message before it exits.
If an error occurs, the plugin may optionally call the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional error information to the user.
@@ -154,7 +154,7 @@ function that can be used by the plugin to interact with the user (see
for details).
Returns 0 on success and \-1 on failure.
.TP 6n
\fIplugin_printf\fR
\fIsudo_plugin_printf\fR
A pointer to a
\fBprintf\fR()-style
function that may be used to display informational or error messages (see
@@ -822,7 +822,7 @@ system call.
The plugin is responsible for displaying error information via the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function.
If the command was successfully executed, the value of
\fIerror\fR
@@ -861,7 +861,7 @@ option.
The plugin may display its version information to the user via the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR.
If the user requests detailed version information, the
@@ -948,7 +948,7 @@ exits.
If an error occurs, the plugin may optionally call the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional error information to the user.
@@ -1634,7 +1634,7 @@ Failure to do so may result in a crash.
.nf
.RS 6n
int (*list)(int argc, char * const argv[], int verbose,
const char *list_user, const char **errstr);
const char *user, const char **errstr);
.RE
.fi
.RS 6n
@@ -1644,7 +1644,7 @@ Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional error information to
@@ -1653,7 +1653,7 @@ the user.
Privileges should be output via the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR.
.sp
@@ -1680,7 +1680,7 @@ to the command should be displayed along with any command line arguments.
\fIverbose\fR
Flag indicating whether to list in verbose mode or not.
.TP 6n
\fIlist_user\fR
\fIuser\fR
The name of a different user to list privileges for if the policy
allows it.
If
@@ -1749,7 +1749,7 @@ Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
@@ -1791,7 +1791,7 @@ Failure to do so may result in a crash.
\fIinvalidate\fR
.nf
.RS 6n
void (*invalidate)(int remove);
void (*invalidate)(int rmcred);
.RE
.fi
.RS 6n
@@ -1811,7 +1811,7 @@ that
cache authentication credentials, this function will invalidate the
credentials.
If the
\fIremove\fR
\fIrmcred\fR
flag is non-zero, the plugin may remove
the credentials instead of simply invalidating them.
.sp
@@ -1853,7 +1853,7 @@ Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional
@@ -2097,7 +2097,7 @@ struct io_plugin {
unsigned int type; /* always SUDO_IO_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[],
char * const plugin_options[], const char **errstr);
@@ -2197,7 +2197,7 @@ built against.
.nf
.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[],
char * const plugin_options[]);
@@ -2230,7 +2230,7 @@ will print a usage message before it exits.
If an error occurs, the plugin may optionally call the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function with
\fRSUDO_CONF_ERROR_MSG\fR
to present additional error information to the user.
@@ -2259,7 +2259,7 @@ The
\fBconversation\fR()
function returns 0 on success and \-1 on failure.
.TP 6n
\fIplugin_printf\fR
\fIsudo_plugin_printf\fR
A pointer to a
\fBprintf\fR()-style
function that may be used by the
@@ -2267,10 +2267,10 @@ function that may be used by the
function to display version information (see
show_version below).
The
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function may also be used to display additional error message to the user.
The
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function returns number of characters printed on success and \-1 on failure.
.TP 6n
\fIsettings\fR
@@ -2511,7 +2511,7 @@ option.
The plugin may display its version information to the user via the
\fBconversation\fR()
or
\fBplugin_printf\fR()
\fBsudo_plugin_printf\fR()
function using
\fRSUDO_CONV_INFO_MSG\fR.
If the user requests detailed version information, the
@@ -3008,7 +3008,7 @@ struct audit_plugin {
unsigned int type; /* always SUDO_AUDIT_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -3065,7 +3065,7 @@ built against.
.nf
.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -3687,7 +3687,7 @@ struct approval_plugin {
unsigned int type; /* always SUDO_APPROVAL_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -3737,7 +3737,7 @@ built against.
.nf
.RS 6n
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -5013,7 +5013,7 @@ initialization, cleanup, and group lookup.
.RS 0n
struct sudoers_group_plugin {
unsigned int version;
int (*init)(int version, sudo_printf_t sudo_printf,
int (*init)(int version, sudo_printf_t sudo_plugin_printf,
char *const argv[]);
void (*cleanup)(void);
int (*query)(const char *user, const char *group,
@@ -5039,7 +5039,7 @@ was built against.
\fIinit\fR
.nf
.RS 6n
int (*init)(int version, sudo_printf_t plugin_printf,
int (*init)(int version, sudo_printf_t sudo_plugin_printf,
char *const argv[]);
.RE
.fi

62
docs/sudo_plugin.mdoc.in
View File

@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd September 11, 2022
.Dd October 7, 2022
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
@@ -67,7 +67,7 @@ struct policy_plugin {
unsigned int type; /* always SUDO_POLICY_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[], const char **errstr);
void (*close)(int exit_status, int error);
@@ -76,9 +76,9 @@ struct policy_plugin {
char *env_add[], char **command_info[],
char **argv_out[], char **user_env_out[], const char **errstr);
int (*list)(int argc, char * const argv[], int verbose,
const char *list_user, const char **errstr);
const char *user, const char **errstr);
int (*validate)(const char **errstr);
void (*invalidate)(int remove);
void (*invalidate)(int rmcred);
int (*init_session)(struct passwd *pwd, char **user_env[],
const char **errstr);
void (*register_hooks)(int version,
@@ -110,7 +110,7 @@ built against.
.It Fa open
.Bd -literal -compact
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[], const char **errstr);
.Ed
@@ -123,7 +123,7 @@ will print a usage message before it exits.
If an error occurs, the plugin may optionally call the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function with
.Dv SUDO_CONF_ERROR_MSG
to present additional error information to the user.
@@ -143,7 +143,7 @@ function that can be used by the plugin to interact with the user (see
.Sx Conversation API
for details).
Returns 0 on success and \-1 on failure.
.It Fa plugin_printf
.It Fa sudo_plugin_printf
A pointer to a
.Fn printf Ns -style
function that may be used to display informational or error messages (see
@@ -729,7 +729,7 @@ system call.
The plugin is responsible for displaying error information via the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function.
If the command was successfully executed, the value of
.Fa error
@@ -764,7 +764,7 @@ option.
The plugin may display its version information to the user via the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function using
.Dv SUDO_CONV_INFO_MSG .
If the user requests detailed version information, the
@@ -846,7 +846,7 @@ exits.
If an error occurs, the plugin may optionally call the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function with
.Dv SUDO_CONF_ERROR_MSG
to present additional error information to the user.
@@ -1462,7 +1462,7 @@ Failure to do so may result in a crash.
.It Fa list
.Bd -literal -compact
int (*list)(int argc, char * const argv[], int verbose,
const char *list_user, const char **errstr);
const char *user, const char **errstr);
.Ed
.Pp
List available privileges for the invoking user.
@@ -1470,7 +1470,7 @@ Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function with
.Dv SUDO_CONF_ERROR_MSG
to present additional error information to
@@ -1479,7 +1479,7 @@ the user.
Privileges should be output via the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function using
.Dv SUDO_CONV_INFO_MSG .
.Pp
@@ -1503,7 +1503,7 @@ If the command is permitted by the policy, the fully-qualified path
to the command should be displayed along with any command line arguments.
.It Fa verbose
Flag indicating whether to list in verbose mode or not.
.It Fa list_user
.It Fa user
The name of a different user to list privileges for if the policy
allows it.
If
@@ -1564,7 +1564,7 @@ Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function with
.Dv SUDO_CONF_ERROR_MSG
to present additional
@@ -1601,7 +1601,7 @@ Failure to do so may result in a crash.
.El
.It Fa invalidate
.Bd -literal -compact
void (*invalidate)(int remove);
void (*invalidate)(int rmcred);
.Ed
.Pp
The
@@ -1619,7 +1619,7 @@ that
cache authentication credentials, this function will invalidate the
credentials.
If the
.Fa remove
.Fa rmcred
flag is non-zero, the plugin may remove
the credentials instead of simply invalidating them.
.Pp
@@ -1656,7 +1656,7 @@ Returns 1 on success, 0 on failure, and \-1 on error.
On error, the plugin may optionally call the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function with
.Dv SUDO_CONF_ERROR_MSG
to present additional
@@ -1877,7 +1877,7 @@ struct io_plugin {
unsigned int type; /* always SUDO_IO_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[],
char * const plugin_options[], const char **errstr);
@@ -1973,7 +1973,7 @@ built against.
.It Fa open
.Bd -literal -compact
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[],
char * const plugin_options[]);
@@ -2004,7 +2004,7 @@ will print a usage message before it exits.
If an error occurs, the plugin may optionally call the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function with
.Dv SUDO_CONF_ERROR_MSG
to present additional error information to the user.
@@ -2031,7 +2031,7 @@ function may also be used to display additional error message to the user.
The
.Fn conversation
function returns 0 on success and \-1 on failure.
.It Fa plugin_printf
.It Fa sudo_plugin_printf
A pointer to a
.Fn printf Ns -style
function that may be used by the
@@ -2039,10 +2039,10 @@ function that may be used by the
function to display version information (see
show_version below).
The
.Fn plugin_printf
.Fn sudo_plugin_printf
function may also be used to display additional error message to the user.
The
.Fn plugin_printf
.Fn sudo_plugin_printf
function returns number of characters printed on success and \-1 on failure.
.It Fa settings
A vector of user-supplied
@@ -2258,7 +2258,7 @@ option.
The plugin may display its version information to the user via the
.Fn conversation
or
.Fn plugin_printf
.Fn sudo_plugin_printf
function using
.Dv SUDO_CONV_INFO_MSG .
If the user requests detailed version information, the
@@ -2686,7 +2686,7 @@ struct audit_plugin {
unsigned int type; /* always SUDO_AUDIT_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -2739,7 +2739,7 @@ built against.
.It Fa open
.Bd -literal -compact
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -3291,7 +3291,7 @@ struct approval_plugin {
unsigned int type; /* always SUDO_APPROVAL_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -3337,7 +3337,7 @@ built against.
.It Fa open
.Bd -literal -compact
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -4446,7 +4446,7 @@ initialization, cleanup, and group lookup.
.Bd -literal
struct sudoers_group_plugin {
unsigned int version;
int (*init)(int version, sudo_printf_t sudo_printf,
int (*init)(int version, sudo_printf_t sudo_plugin_printf,
char *const argv[]);
void (*cleanup)(void);
int (*query)(const char *user, const char *group,
@@ -4469,7 +4469,7 @@ to determine the API version the group plugin
was built against.
.It Fa init
.Bd -literal -compact
int (*init)(int version, sudo_printf_t plugin_printf,
int (*init)(int version, sudo_printf_t sudo_plugin_printf,
char *const argv[]);
.Ed
.Pp

2
include/sudo_eventlog.h
View File

@@ -132,7 +132,7 @@ bool eventlog_accept(const struct eventlog *evlog, int flags, eventlog_json_call
bool eventlog_exit(const struct eventlog *evlog, int flags);
bool eventlog_alert(const struct eventlog *evlog, int flags, struct timespec *alert_time, const char *reason, const char *errstr);
bool eventlog_reject(const struct eventlog *evlog, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info);
bool eventlog_store_json(struct json_container *json, const struct eventlog *evlog);
bool eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog);
size_t eventlog_writeln(FILE *fp, char *line, size_t len, size_t maxlen);
void eventlog_free(struct eventlog *evlog);
void eventlog_set_type(int type);

20
include/sudo_json.h
View File

@@ -65,34 +65,34 @@ struct json_container {
bool need_comma;
};
sudo_dso_public bool sudo_json_init_v1(struct json_container *json, int indent, bool minimal, bool memfatal);
sudo_dso_public bool sudo_json_init_v1(struct json_container *jsonc, int indent, bool minimal, bool memfatal);
#define sudo_json_init(_a, _b, _c, _d) sudo_json_init_v1((_a), (_b), (_c), (_d))
sudo_dso_public void sudo_json_free_v1(struct json_container *json);
sudo_dso_public void sudo_json_free_v1(struct json_container *jsonc);
#define sudo_json_free(_a) sudo_json_free_v1((_a))
sudo_dso_public bool sudo_json_open_object_v1(struct json_container *json, const char *name);
sudo_dso_public bool sudo_json_open_object_v1(struct json_container *jsonc, const char *name);
#define sudo_json_open_object(_a, _b) sudo_json_open_object_v1((_a), (_b))
sudo_dso_public bool sudo_json_close_object_v1(struct json_container *json);
sudo_dso_public bool sudo_json_close_object_v1(struct json_container *jsonc);
#define sudo_json_close_object(_a) sudo_json_close_object_v1((_a))
sudo_dso_public bool sudo_json_open_array_v1(struct json_container *json, const char *name);
sudo_dso_public bool sudo_json_open_array_v1(struct json_container *jsonc, const char *name);
#define sudo_json_open_array(_a, _b) sudo_json_open_array_v1((_a), (_b))
sudo_dso_public bool sudo_json_close_array_v1(struct json_container *json);
sudo_dso_public bool sudo_json_close_array_v1(struct json_container *jsonc);
#define sudo_json_close_array(_a) sudo_json_close_array_v1((_a))
sudo_dso_public bool sudo_json_add_value_v1(struct json_container *json, const char *name, struct json_value *value);
sudo_dso_public bool sudo_json_add_value_v1(struct json_container *jsonc, const char *name, struct json_value *value);
#define sudo_json_add_value(_a, _b, _c) sudo_json_add_value_v1((_a), (_b), (_c))
sudo_dso_public bool sudo_json_add_value_as_object_v1(struct json_container *json, const char *name, struct json_value *value);
sudo_dso_public bool sudo_json_add_value_as_object_v1(struct json_container *jsonc, const char *name, struct json_value *value);
#define sudo_json_add_value_as_object(_a, _b, _c) sudo_json_add_value_as_object_v1((_a), (_b), (_c))
sudo_dso_public char *sudo_json_get_buf_v1(struct json_container *json);
sudo_dso_public char *sudo_json_get_buf_v1(struct json_container *jsonc);
#define sudo_json_get_buf(_a) sudo_json_get_buf_v1((_a))
sudo_dso_public unsigned int sudo_json_get_len_v1(struct json_container *json);
sudo_dso_public unsigned int sudo_json_get_len_v1(struct json_container *jsonc);
#define sudo_json_get_len(_a) sudo_json_get_len_v1((_a))
#endif /* SUDO_JSON_H */

15
include/sudo_plugin.h
View File

@@ -165,7 +165,7 @@ struct policy_plugin {
unsigned int type; /* always SUDO_POLICY_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[],
char * const plugin_options[], const char **errstr);
void (*close)(int exit_status, int error); /* wait status or error */
@@ -174,9 +174,9 @@ struct policy_plugin {
char *env_add[], char **command_info[],
char **argv_out[], char **user_env_out[], const char **errstr);
int (*list)(int argc, char * const argv[], int verbose,
const char *list_user, const char **errstr);
const char *user, const char **errstr);
int (*validate)(const char **errstr);
void (*invalidate)(int remove);
void (*invalidate)(int rmcred);
int (*init_session)(struct passwd *pwd, char **user_env_out[],
const char **errstr);
void (*register_hooks)(int version, int (*register_hook)(struct sudo_hook *hook));
@@ -190,7 +190,7 @@ struct io_plugin {
unsigned int type; /* always SUDO_IO_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[],
char * const plugin_options[], const char **errstr);
@@ -223,7 +223,7 @@ struct audit_plugin {
unsigned int type; /* always SUDO_AUDIT_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -249,7 +249,7 @@ struct approval_plugin {
unsigned int type; /* always SUDO_APPROVAL_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int submit_optind,
char * const submit_argv[], char * const submit_envp[],
char * const plugin_options[], const char **errstr);
@@ -279,7 +279,8 @@ struct approval_plugin {
*/
struct sudoers_group_plugin {
unsigned int version;
int (*init)(int version, sudo_printf_t sudo_printf, char *const argv[]);
int (*init)(int version, sudo_printf_t sudo_plugin_printf,
char *const argv[]);
void (*cleanup)(void);
int (*query)(const char *user, const char *group, const struct passwd *pwd);
};

94
lib/eventlog/eventlog.c
View File

@@ -627,24 +627,24 @@ send_mail(const struct eventlog *evlog, const char *fmt, ...)
}
static bool
json_add_timestamp(struct json_container *json, const char *name,
json_add_timestamp(struct json_container *jsonc, const char *name,
const struct timespec *ts, bool format_timestamp)
{
struct json_value json_value;
int len;
debug_decl(json_add_timestamp, SUDO_DEBUG_PLUGIN);
if (!sudo_json_open_object(json, name))
if (!sudo_json_open_object(jsonc, name))
goto oom;
json_value.type = JSON_NUMBER;
json_value.u.number = ts->tv_sec;
if (!sudo_json_add_value(json, "seconds", &json_value))
if (!sudo_json_add_value(jsonc, "seconds", &json_value))
goto oom;
json_value.type = JSON_NUMBER;
json_value.u.number = ts->tv_nsec;
if (!sudo_json_add_value(json, "nanoseconds", &json_value))
if (!sudo_json_add_value(jsonc, "nanoseconds", &json_value))
goto oom;
if (format_timestamp) {
@@ -660,7 +660,7 @@ json_add_timestamp(struct json_container *json, const char *name,
if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0') {
json_value.type = JSON_STRING;
json_value.u.string = timebuf; // -V507
if (!sudo_json_add_value(json, "iso8601", &json_value))
if (!sudo_json_add_value(jsonc, "iso8601", &json_value))
goto oom;
}
}
@@ -671,13 +671,13 @@ json_add_timestamp(struct json_container *json, const char *name,
if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0') {
json_value.type = JSON_STRING;
json_value.u.string = timebuf; // -V507
if (!sudo_json_add_value(json, "localtime", &json_value))
if (!sudo_json_add_value(jsonc, "localtime", &json_value))
goto oom;
}
}
}
if (!sudo_json_close_object(json))
if (!sudo_json_close_object(jsonc))
goto oom;
debug_return_bool(true);
@@ -693,7 +693,7 @@ oom:
* be stored and formatted by the caller.
*/
bool
eventlog_store_json(struct json_container *json, const struct eventlog *evlog)
eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog)
{
struct json_value json_value;
size_t i;
@@ -712,112 +712,112 @@ eventlog_store_json(struct json_container *json, const struct eventlog *evlog)
json_value.type = JSON_STRING;
json_value.u.string = evlog->submituser;
if (!sudo_json_add_value(json, "submituser", &json_value))
if (!sudo_json_add_value(jsonc, "submituser", &json_value))
goto oom;
if (evlog->command != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->command;
if (!sudo_json_add_value(json, "command", &json_value))
if (!sudo_json_add_value(jsonc, "command", &json_value))
goto oom;
}
if (evlog->runuser != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->runuser;
if (!sudo_json_add_value(json, "runuser", &json_value))
if (!sudo_json_add_value(jsonc, "runuser", &json_value))
goto oom;
}
if (evlog->rungroup != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->rungroup;
if (!sudo_json_add_value(json, "rungroup", &json_value))
if (!sudo_json_add_value(jsonc, "rungroup", &json_value))
goto oom;
}
if (evlog->runchroot != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->runchroot;
if (!sudo_json_add_value(json, "runchroot", &json_value))
if (!sudo_json_add_value(jsonc, "runchroot", &json_value))
goto oom;
}
if (evlog->runcwd != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->runcwd;
if (!sudo_json_add_value(json, "runcwd", &json_value))
if (!sudo_json_add_value(jsonc, "runcwd", &json_value))
goto oom;
}
if (evlog->ttyname != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->ttyname;
if (!sudo_json_add_value(json, "ttyname", &json_value))
if (!sudo_json_add_value(jsonc, "ttyname", &json_value))
goto oom;
}
if (evlog->submithost != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->submithost;
if (!sudo_json_add_value(json, "submithost", &json_value))
if (!sudo_json_add_value(jsonc, "submithost", &json_value))
goto oom;
}
if (evlog->cwd != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->cwd;
if (!sudo_json_add_value(json, "submitcwd", &json_value))
if (!sudo_json_add_value(jsonc, "submitcwd", &json_value))
goto oom;
}
if (evlog->rungroup!= NULL && evlog->rungid != (gid_t)-1) {
json_value.type = JSON_ID;
json_value.u.id = evlog->rungid;
if (!sudo_json_add_value(json, "rungid", &json_value))
if (!sudo_json_add_value(jsonc, "rungid", &json_value))
goto oom;
}
if (evlog->runuid != (uid_t)-1) {
json_value.type = JSON_ID;
json_value.u.id = evlog->runuid;
if (!sudo_json_add_value(json, "runuid", &json_value))
if (!sudo_json_add_value(jsonc, "runuid", &json_value))
goto oom;
}
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->columns;
if (!sudo_json_add_value(json, "columns", &json_value))
if (!sudo_json_add_value(jsonc, "columns", &json_value))
goto oom;
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->lines;
if (!sudo_json_add_value(json, "lines", &json_value))
if (!sudo_json_add_value(jsonc, "lines", &json_value))
goto oom;
if (evlog->argv != NULL) {
if (!sudo_json_open_array(json, "runargv"))
if (!sudo_json_open_array(jsonc, "runargv"))
goto oom;
for (i = 0; (cp = evlog->argv[i]) != NULL; i++) {
json_value.type = JSON_STRING;
json_value.u.string = cp;
if (!sudo_json_add_value(json, NULL, &json_value))
if (!sudo_json_add_value(jsonc, NULL, &json_value))
goto oom;
}
if (!sudo_json_close_array(json))
if (!sudo_json_close_array(jsonc))
goto oom;
}
if (evlog->envp != NULL) {
if (!sudo_json_open_array(json, "runenv"))
if (!sudo_json_open_array(jsonc, "runenv"))
goto oom;
for (i = 0; (cp = evlog->envp[i]) != NULL; i++) {
json_value.type = JSON_STRING;
json_value.u.string = cp;
if (!sudo_json_add_value(json, NULL, &json_value))
if (!sudo_json_add_value(jsonc, NULL, &json_value))
goto oom;
}
if (!sudo_json_close_array(json))
if (!sudo_json_close_array(jsonc))
goto oom;
}
@@ -829,9 +829,9 @@ oom:
}
static bool
default_json_cb(struct json_container *json, void *v)
default_json_cb(struct json_container *jsonc, void *v)
{
return eventlog_store_json(json, v);
return eventlog_store_json(jsonc, v);
}
static char *
@@ -840,7 +840,7 @@ format_json(int event_type, struct eventlog_args *args,
{
eventlog_json_callback_t info_cb = args->json_info_cb;
void *info = args->json_info;
struct json_container json = { 0 };
struct json_container jsonc = { 0 };
struct json_value json_value;
const char *time_str, *type_str;
struct timespec now;
@@ -880,15 +880,15 @@ format_json(int event_type, struct eventlog_args *args,
debug_return_str(NULL);
}
if (!sudo_json_init(&json, 4, compact, false))
if (!sudo_json_init(&jsonc, 4, compact, false))
goto bad;
if (!sudo_json_open_object(&json, type_str))
if (!sudo_json_open_object(&jsonc, type_str))
goto bad;
if (evlog != NULL && evlog->uuid_str[0] != '\0') {
json_value.type = JSON_STRING;
json_value.u.string = evlog->uuid_str;
if (!sudo_json_add_value(&json, "uuid", &json_value))
if (!sudo_json_add_value(&jsonc, "uuid", &json_value))
goto bad;
}
@@ -907,7 +907,7 @@ format_json(int event_type, struct eventlog_args *args,
}
json_value.type = JSON_STRING;
json_value.u.string = ereason ? ereason : args->reason;
if (!sudo_json_add_value(&json, "reason", &json_value)) {
if (!sudo_json_add_value(&jsonc, "reason", &json_value)) {
free(ereason);
goto bad;
}
@@ -915,7 +915,7 @@ format_json(int event_type, struct eventlog_args *args,
}
/* Log event time on server (set earlier) */
if (!json_add_timestamp(&json, "server_time", &now, true)) {
if (!json_add_timestamp(&jsonc, "server_time", &now, true)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable format timestamp");
goto bad;
@@ -923,7 +923,7 @@ format_json(int event_type, struct eventlog_args *args,
/* Log event time from client */
if (args->event_time != NULL) {
if (!json_add_timestamp(&json, time_str, args->event_time, true)) {
if (!json_add_timestamp(&jsonc, time_str, args->event_time, true)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable format timestamp");
goto bad;
@@ -938,7 +938,7 @@ format_json(int event_type, struct eventlog_args *args,
}
if (sudo_timespecisset(&evlog->run_time)) {
if (!json_add_timestamp(&json, "run_time", &evlog->run_time, false)) {
if (!json_add_timestamp(&jsonc, "run_time", &evlog->run_time, false)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable format timestamp");
goto bad;
@@ -947,17 +947,17 @@ format_json(int event_type, struct eventlog_args *args,
if (evlog->signal_name != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->signal_name;
if (!sudo_json_add_value(&json, "signal", &json_value))
if (!sudo_json_add_value(&jsonc, "signal", &json_value))
goto bad;
json_value.type = JSON_BOOL;
json_value.u.boolean = evlog->dumped_core;
if (!sudo_json_add_value(&json, "dumped_core", &json_value))
if (!sudo_json_add_value(&jsonc, "dumped_core", &json_value))
goto bad;
}
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->exit_value;
if (!sudo_json_add_value(&json, "exit_value", &json_value))
if (!sudo_json_add_value(&jsonc, "exit_value", &json_value))
goto bad;
}
@@ -966,18 +966,18 @@ format_json(int event_type, struct eventlog_args *args,
if (evlog->peeraddr != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->peeraddr;
if (!sudo_json_add_value(&json, "peeraddr", &json_value))
if (!sudo_json_add_value(&jsonc, "peeraddr", &json_value))
goto bad;
}
if (evlog->iolog_path != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->iolog_path;
if (!sudo_json_add_value(&json, "iolog_path", &json_value))
if (!sudo_json_add_value(&jsonc, "iolog_path", &json_value))
goto bad;
if (sudo_timespecisset(&evlog->iolog_offset)) {
if (!json_add_timestamp(&json, "iolog_offset", &evlog->iolog_offset, false)) {
if (!json_add_timestamp(&jsonc, "iolog_offset", &evlog->iolog_offset, false)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable format timestamp");
goto bad;
@@ -988,18 +988,18 @@ format_json(int event_type, struct eventlog_args *args,
/* Write log info. */
if (info != NULL) {
if (!info_cb(&json, info))
if (!info_cb(&jsonc, info))
goto bad;
}
if (!sudo_json_close_object(&json))
if (!sudo_json_close_object(&jsonc))
goto bad;
/* Caller is responsible for freeing the buffer. */
debug_return_str(sudo_json_get_buf(&json));
debug_return_str(sudo_json_get_buf(&jsonc));
bad:
sudo_json_free(&json);
sudo_json_free(&jsonc);
debug_return_str(NULL);
}

18
lib/iolog/iolog_loginfo.c
View File

@@ -153,34 +153,34 @@ iolog_write_info_file_legacy(int dfd, struct eventlog *evlog)
static bool
iolog_write_info_file_json(int dfd, struct eventlog *evlog)
{
struct json_container json;
struct json_container jsonc;
struct json_value json_value;
bool ret = false;
FILE *fp = NULL;
int fd = -1;
debug_decl(iolog_write_info_file_json, SUDO_DEBUG_UTIL);
if (!sudo_json_init(&json, 4, false, false))
if (!sudo_json_init(&jsonc, 4, false, false))
debug_return_bool(false);
/* Timestamp */
if (!sudo_json_open_object(&json, "timestamp"))
if (!sudo_json_open_object(&jsonc, "timestamp"))
goto oom;
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->submit_time.tv_sec;
if (!sudo_json_add_value(&json, "seconds", &json_value))
if (!sudo_json_add_value(&jsonc, "seconds", &json_value))
goto oom;
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->submit_time.tv_nsec;
if (!sudo_json_add_value(&json, "nanoseconds", &json_value))
if (!sudo_json_add_value(&jsonc, "nanoseconds", &json_value))
goto oom;
if (!sudo_json_close_object(&json))
if (!sudo_json_close_object(&jsonc))
goto oom;
if (!eventlog_store_json(&json, evlog))
if (!eventlog_store_json(&jsonc, evlog))
goto done;
fd = iolog_openat(dfd, "log.json", O_CREAT|O_TRUNC|O_WRONLY);
@@ -197,7 +197,7 @@ iolog_write_info_file_json(int dfd, struct eventlog *evlog)
}
fd = -1;
fprintf(fp, "{%s\n}\n", sudo_json_get_buf(&json));
fprintf(fp, "{%s\n}\n", sudo_json_get_buf(&jsonc));
fflush(fp);
if (ferror(fp)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
@@ -211,7 +211,7 @@ iolog_write_info_file_json(int dfd, struct eventlog *evlog)
oom:
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
done:
sudo_json_free(&json);
sudo_json_free(&jsonc);
if (fp != NULL)
fclose(fp);
if (fd != -1)

42
lib/iolog/regress/iolog_json/check_iolog_json.c
View File

@@ -35,7 +35,7 @@
sudo_dso_public int main(int argc, char *argv[]);
static bool
json_print_object(struct json_container *json, struct json_object *object)
json_print_object(struct json_container *jsonc, struct json_object *object)
{
struct json_item *item;
struct json_value json_value;
@@ -46,40 +46,40 @@ json_print_object(struct json_container *json, struct json_object *object)
case JSON_STRING:
json_value.type = JSON_STRING;
json_value.u.string = item->u.string;
if (!sudo_json_add_value(json, item->name, &json_value))
if (!sudo_json_add_value(jsonc, item->name, &json_value))
goto oom;
break;
case JSON_NUMBER:
json_value.type = JSON_NUMBER;
json_value.u.number = item->u.number;
if (!sudo_json_add_value(json, item->name, &json_value))
if (!sudo_json_add_value(jsonc, item->name, &json_value))
goto oom;
break;
case JSON_OBJECT:
if (!sudo_json_open_object(json, item->name))
if (!sudo_json_open_object(jsonc, item->name))
goto oom;
if (!json_print_object(json, &item->u.child))
if (!json_print_object(jsonc, &item->u.child))
goto done;
if (!sudo_json_close_object(json))
if (!sudo_json_close_object(jsonc))
goto oom;
break;
case JSON_ARRAY:
if (!sudo_json_open_array(json, item->name))
if (!sudo_json_open_array(jsonc, item->name))
goto oom;
if (!json_print_object(json, &item->u.child))
if (!json_print_object(jsonc, &item->u.child))
goto done;
if (!sudo_json_close_array(json))
if (!sudo_json_close_array(jsonc))
goto oom;
break;
case JSON_BOOL:
json_value.type = JSON_BOOL;
json_value.u.boolean = item->u.boolean;
if (!sudo_json_add_value(json, item->name, &json_value))
if (!sudo_json_add_value(jsonc, item->name, &json_value))
goto oom;
break;
case JSON_NULL:
json_value.type = JSON_NULL;
if (!sudo_json_add_value(json, item->name, &json_value))
if (!sudo_json_add_value(jsonc, item->name, &json_value))
goto oom;
break;
default:
@@ -98,7 +98,7 @@ done:
}
static bool
json_format(struct json_container *json, struct json_object *object)
json_format(struct json_container *jsonc, struct json_object *object)
{
struct json_item *item;
bool ret = false;
@@ -111,7 +111,7 @@ json_format(struct json_container *json, struct json_object *object)
}
object = &item->u.child;
if (!json_print_object(json, object))
if (!json_print_object(jsonc, object))
goto done;
ret = true;
@@ -129,7 +129,7 @@ usage(void)
}
static bool
compare(FILE *fp, const char *infile, struct json_container *json)
compare(FILE *fp, const char *infile, struct json_container *jsonc)
{
const char *cp;
unsigned int lineno = 0;
@@ -137,7 +137,7 @@ compare(FILE *fp, const char *infile, struct json_container *json)
char *line = NULL;
ssize_t len;
cp = sudo_json_get_buf(json);
cp = sudo_json_get_buf(jsonc);
while ((len = getdelim(&line, &linesize, '\n', fp)) != -1) {
lineno++;
@@ -192,7 +192,7 @@ main(int argc, char *argv[])
usage();
for (i = 0; i < argc; i++) {
struct json_container json;
struct json_container jsonc;
const char *infile = argv[i];
const char *outfile = argv[i];
const char *cp;
@@ -202,7 +202,7 @@ main(int argc, char *argv[])
ntests++;
if (!sudo_json_init(&json, 4, false, true)) {
if (!sudo_json_init(&jsonc, 4, false, true)) {
errors++;
continue;
}
@@ -219,7 +219,7 @@ main(int argc, char *argv[])
}
/* Format as pretty-printed JSON */
if (!json_format(&json, &root)) {
if (!json_format(&jsonc, &root)) {
errors++;
goto next;
}
@@ -237,18 +237,18 @@ main(int argc, char *argv[])
/* Compare output to expected output. */
rewind(outfp);
if (!compare(outfp, outfile, &json))
if (!compare(outfp, outfile, &jsonc))
errors++;
/* Write the formatted output to stdout for -c (cat) */
if (cat) {
fprintf(stdout, "{%s\n}\n", sudo_json_get_buf(&json));
fprintf(stdout, "{%s\n}\n", sudo_json_get_buf(&jsonc));
fflush(stdout);
}
next:
free_json_items(&root.items);
sudo_json_free(&json);
sudo_json_free(&jsonc);
if (infp != NULL)
fclose(infp);
if (outfp != NULL && outfp != infp)

174
lib/util/json.c
View File

@@ -44,13 +44,13 @@
* Returns true on success, false if out of memory.
*/
static bool
json_expand_buf(struct json_container *json)
json_expand_buf(struct json_container *jsonc)
{
char *newbuf;
debug_decl(json_expand_buf, SUDO_DEBUG_UTIL);
if ((newbuf = reallocarray(json->buf, 2, json->bufsize)) == NULL) {
if (json->memfatal) {
if ((newbuf = reallocarray(jsonc->buf, 2, jsonc->bufsize)) == NULL) {
if (jsonc->memfatal) {
sudo_fatalx(U_("%s: %s"),
__func__, U_("unable to allocate memory"));
}
@@ -58,8 +58,8 @@ json_expand_buf(struct json_container *json)
"%s: %s", __func__, "unable to allocate memory");
debug_return_bool(false);
}
json->buf = newbuf;
json->bufsize *= 2;
jsonc->buf = newbuf;
jsonc->bufsize *= 2;
debug_return_bool(true);
}
@@ -69,24 +69,24 @@ json_expand_buf(struct json_container *json)
* Append "indent" number of blank characters.
*/
static bool
json_new_line(struct json_container *json)
json_new_line(struct json_container *jsonc)
{
int indent = json->indent_level;
int indent = jsonc->indent_level;
debug_decl(json_new_line, SUDO_DEBUG_UTIL);
/* No non-essential white space in minimal mode. */
if (json->minimal)
if (jsonc->minimal)
debug_return_bool(true);
while (json->buflen + 1 + indent >= json->bufsize) {
if (!json_expand_buf(json))
while (jsonc->buflen + 1 + indent >= jsonc->bufsize) {
if (!json_expand_buf(jsonc))
debug_return_bool(false);
}
json->buf[json->buflen++] = '\n';
jsonc->buf[jsonc->buflen++] = '\n';
while (indent--) {
json->buf[json->buflen++] = ' ';
jsonc->buf[jsonc->buflen++] = ' ';
}
json->buf[json->buflen] = '\0';
jsonc->buf[jsonc->buflen] = '\0';
debug_return_bool(true);
}
@@ -96,20 +96,20 @@ json_new_line(struct json_container *json)
* Does not perform any quoting.
*/
static bool
json_append_buf(struct json_container *json, const char *str)
json_append_buf(struct json_container *jsonc, const char *str)
{
size_t len;
debug_decl(json_append_buf, SUDO_DEBUG_UTIL);
len = strlen(str);
while (json->buflen + len >= json->bufsize) {
if (!json_expand_buf(json))
while (jsonc->buflen + len >= jsonc->bufsize) {
if (!json_expand_buf(jsonc))
debug_return_bool(false);
}
memcpy(json->buf + json->buflen, str, len);
json->buflen += len;
json->buf[json->buflen] = '\0';
memcpy(jsonc->buf + jsonc->buflen, str, len);
jsonc->buflen += len;
jsonc->buf[jsonc->buflen] = '\0';
debug_return_bool(true);
}
@@ -119,12 +119,12 @@ json_append_buf(struct json_container *json, const char *str)
* Does not support unicode escapes.
*/
static bool
json_append_string(struct json_container *json, const char *str)
json_append_string(struct json_container *jsonc, const char *str)
{
char ch;
debug_decl(json_append_string, SUDO_DEBUG_UTIL);
if (!json_append_buf(json, "\""))
if (!json_append_buf(jsonc, "\""))
debug_return_bool(false);
while ((ch = *str++) != '\0') {
char buf[3], *cp = buf;
@@ -157,29 +157,29 @@ json_append_string(struct json_container *json, const char *str)
}
*cp++ = ch;
*cp++ = '\0';
if (!json_append_buf(json, buf))
if (!json_append_buf(jsonc, buf))
debug_return_bool(false);
}
if (!json_append_buf(json, "\""))
if (!json_append_buf(jsonc, "\""))
debug_return_bool(false);
debug_return_bool(true);
}
bool
sudo_json_init_v1(struct json_container *json, int indent, bool minimal,
sudo_json_init_v1(struct json_container *jsonc, int indent, bool minimal,
bool memfatal)
{
debug_decl(sudo_json_init, SUDO_DEBUG_UTIL);
memset(json, 0, sizeof(*json));
json->indent_level = indent;
json->indent_increment = indent;
json->minimal = minimal;
json->memfatal = memfatal;
json->buf = malloc(64 * 1024);
if (json->buf == NULL) {
if (json->memfatal) {
memset(jsonc, 0, sizeof(*jsonc));
jsonc->indent_level = indent;
jsonc->indent_increment = indent;
jsonc->minimal = minimal;
jsonc->memfatal = memfatal;
jsonc->buf = malloc(64 * 1024);
if (jsonc->buf == NULL) {
if (jsonc->memfatal) {
sudo_fatalx(U_("%s: %s"),
__func__, U_("unable to allocate memory"));
}
@@ -187,162 +187,162 @@ sudo_json_init_v1(struct json_container *json, int indent, bool minimal,
"%s: %s", __func__, "unable to allocate memory");
debug_return_bool(false);
}
*json->buf = '\0';
json->bufsize = 64 * 1024;
*jsonc->buf = '\0';
jsonc->bufsize = 64 * 1024;
debug_return_bool(true);
}
void
sudo_json_free_v1(struct json_container *json)
sudo_json_free_v1(struct json_container *jsonc)
{
debug_decl(sudo_json_free, SUDO_DEBUG_UTIL);
free(json->buf);
memset(json, 0, sizeof(*json));
free(jsonc->buf);
memset(jsonc, 0, sizeof(*jsonc));
debug_return;
}
bool
sudo_json_open_object_v1(struct json_container *json, const char *name)
sudo_json_open_object_v1(struct json_container *jsonc, const char *name)
{
debug_decl(sudo_json_open_object, SUDO_DEBUG_UTIL);
/* Add comma if we are continuing an object/array. */
if (json->need_comma) {
if (!json_append_buf(json, ","))
if (jsonc->need_comma) {
if (!json_append_buf(jsonc, ","))
debug_return_bool(false);
}
if (!json_new_line(json))
if (!json_new_line(jsonc))
debug_return_bool(false);
if (name != NULL) {
json_append_string(json, name);
if (!json_append_buf(json, json->minimal ? ":{" : ": {"))
json_append_string(jsonc, name);
if (!json_append_buf(jsonc, jsonc->minimal ? ":{" : ": {"))
debug_return_bool(false);
} else {
if (!json_append_buf(json, "{"))
if (!json_append_buf(jsonc, "{"))
debug_return_bool(false);
}
json->indent_level += json->indent_increment;
json->need_comma = false;
jsonc->indent_level += jsonc->indent_increment;
jsonc->need_comma = false;
debug_return_bool(true);
}
bool
sudo_json_close_object_v1(struct json_container *json)
sudo_json_close_object_v1(struct json_container *jsonc)
{
debug_decl(sudo_json_close_object, SUDO_DEBUG_UTIL);
if (!json->minimal) {
json->indent_level -= json->indent_increment;
if (!json_new_line(json))
if (!jsonc->minimal) {
jsonc->indent_level -= jsonc->indent_increment;
if (!json_new_line(jsonc))
debug_return_bool(false);
}
if (!json_append_buf(json, "}"))
if (!json_append_buf(jsonc, "}"))
debug_return_bool(false);
debug_return_bool(true);
}
bool
sudo_json_open_array_v1(struct json_container *json, const char *name)
sudo_json_open_array_v1(struct json_container *jsonc, const char *name)
{
debug_decl(sudo_json_open_array, SUDO_DEBUG_UTIL);
/* Add comma if we are continuing an object/array. */
if (json->need_comma) {
if (!json_append_buf(json, ","))
if (jsonc->need_comma) {
if (!json_append_buf(jsonc, ","))
debug_return_bool(false);
}
if (!json_new_line(json))
if (!json_new_line(jsonc))
debug_return_bool(false);
if (name != NULL) {
json_append_string(json, name);
if (!json_append_buf(json, json->minimal ? ":[" : ": ["))
json_append_string(jsonc, name);
if (!json_append_buf(jsonc, jsonc->minimal ? ":[" : ": ["))
debug_return_bool(false);
} else {
if (!json_append_buf(json, "["))
if (!json_append_buf(jsonc, "["))
debug_return_bool(false);
}
json->indent_level += json->indent_increment;
json->need_comma = false;
jsonc->indent_level += jsonc->indent_increment;
jsonc->need_comma = false;
debug_return_bool(true);
}
bool
sudo_json_close_array_v1(struct json_container *json)
sudo_json_close_array_v1(struct json_container *jsonc)
{
debug_decl(sudo_json_close_array, SUDO_DEBUG_UTIL);
if (!json->minimal) {
json->indent_level -= json->indent_increment;
if (!json_new_line(json))
if (!jsonc->minimal) {
jsonc->indent_level -= jsonc->indent_increment;
if (!json_new_line(jsonc))
debug_return_bool(false);
}
if (!json_append_buf(json, "]"))
if (!json_append_buf(jsonc, "]"))
debug_return_bool(false);
debug_return_bool(true);
}
static bool
sudo_json_add_value_int(struct json_container *json, const char *name,
sudo_json_add_value_int(struct json_container *jsonc, const char *name,
struct json_value *value, bool as_object)
{
char numbuf[(((sizeof(long long) * 8) + 2) / 3) + 2];
debug_decl(sudo_json_add_value, SUDO_DEBUG_UTIL);
/* Add comma if we are continuing an object/array. */
if (json->need_comma) {
if (!json_append_buf(json, ","))
if (jsonc->need_comma) {
if (!json_append_buf(jsonc, ","))
debug_return_bool(false);
}
if (!json_new_line(json))
if (!json_new_line(jsonc))
debug_return_bool(false);
json->need_comma = true;
jsonc->need_comma = true;
if (as_object) {
if (!json_append_buf(json, json->minimal ? "{" : "{ "))
if (!json_append_buf(jsonc, jsonc->minimal ? "{" : "{ "))
debug_return_bool(false);
}
/* name */
if (name != NULL) {
if (!json_append_string(json, name))
if (!json_append_string(jsonc, name))
debug_return_bool(false);
if (!json_append_buf(json, json->minimal ? ":" : ": "))
if (!json_append_buf(jsonc, jsonc->minimal ? ":" : ": "))
debug_return_bool(false);
}
/* value */
switch (value->type) {
case JSON_STRING:
if (!json_append_string(json, value->u.string))
if (!json_append_string(jsonc, value->u.string))
debug_return_bool(false);
break;
case JSON_ID:
snprintf(numbuf, sizeof(numbuf), "%u", (unsigned int)value->u.id);
if (!json_append_buf(json, numbuf))
if (!json_append_buf(jsonc, numbuf))
debug_return_bool(false);
break;
case JSON_NUMBER:
snprintf(numbuf, sizeof(numbuf), "%lld", value->u.number);
if (!json_append_buf(json, numbuf))
if (!json_append_buf(jsonc, numbuf))
debug_return_bool(false);
break;
case JSON_NULL:
if (!json_append_buf(json, "null"))
if (!json_append_buf(jsonc, "null"))
debug_return_bool(false);
break;
case JSON_BOOL:
if (!json_append_buf(json, value->u.boolean ? "true" : "false"))
if (!json_append_buf(jsonc, value->u.boolean ? "true" : "false"))
debug_return_bool(false);
break;
case JSON_ARRAY:
@@ -354,7 +354,7 @@ sudo_json_add_value_int(struct json_container *json, const char *name,
}
if (as_object) {
if (!json_append_buf(json, json->minimal ? "}" : " }"))
if (!json_append_buf(jsonc, jsonc->minimal ? "}" : " }"))
debug_return_bool(false);
}
@@ -362,27 +362,27 @@ sudo_json_add_value_int(struct json_container *json, const char *name,
}
bool
sudo_json_add_value_v1(struct json_container *json, const char *name,
sudo_json_add_value_v1(struct json_container *jsonc, const char *name,
struct json_value *value)
{
return sudo_json_add_value_int(json, name, value, false);
return sudo_json_add_value_int(jsonc, name, value, false);
}
bool
sudo_json_add_value_as_object_v1(struct json_container *json, const char *name,
sudo_json_add_value_as_object_v1(struct json_container *jsonc, const char *name,
struct json_value *value)
{
return sudo_json_add_value_int(json, name, value, true);
return sudo_json_add_value_int(jsonc, name, value, true);
}
char *
sudo_json_get_buf_v1(struct json_container *json)
sudo_json_get_buf_v1(struct json_container *jsonc)
{
return json->buf;
return jsonc->buf;
}
unsigned int
sudo_json_get_len_v1(struct json_container *json)
sudo_json_get_len_v1(struct json_container *jsonc)
{
return json->buflen;
return jsonc->buflen;
}

42
logsrvd/logsrvd_local.c
View File

@@ -87,7 +87,7 @@ set_random_drop(const char *dropstr)
}
static bool
logsrvd_json_log_cb(struct json_container *json, void *v)
logsrvd_json_log_cb(struct json_container *jsonc, void *v)
{
struct logsrvd_info_closure *closure = v;
struct json_value json_value;
@@ -101,7 +101,7 @@ logsrvd_json_log_cb(struct json_container *json, void *v)
case INFO_MESSAGE__VALUE_NUMVAL:
json_value.type = JSON_NUMBER;
json_value.u.number = info->u.numval;
if (!sudo_json_add_value(json, info->key, &json_value))
if (!sudo_json_add_value(jsonc, info->key, &json_value))
goto bad;
break;
case INFO_MESSAGE__VALUE_STRVAL:
@@ -112,7 +112,7 @@ logsrvd_json_log_cb(struct json_container *json, void *v)
}
json_value.type = JSON_STRING;
json_value.u.string = info->u.strval;
if (!sudo_json_add_value(json, info->key, &json_value))
if (!sudo_json_add_value(jsonc, info->key, &json_value))
goto bad;
break;
case INFO_MESSAGE__VALUE_STRLISTVAL: {
@@ -124,7 +124,7 @@ logsrvd_json_log_cb(struct json_container *json, void *v)
"local", info->key);
break;
}
if (!sudo_json_open_array(json, info->key))
if (!sudo_json_open_array(jsonc, info->key))
goto bad;
for (n = 0; n < strlist->n_strings; n++) {
if (strlist->strings[n] == NULL) {
@@ -134,10 +134,10 @@ logsrvd_json_log_cb(struct json_container *json, void *v)
}
json_value.type = JSON_STRING;
json_value.u.string = strlist->strings[n];
if (!sudo_json_add_value(json, NULL, &json_value))
if (!sudo_json_add_value(jsonc, NULL, &json_value))
goto bad;
}
if (!sudo_json_close_array(json))
if (!sudo_json_close_array(jsonc))
goto bad;
break;
}
@@ -150,15 +150,15 @@ logsrvd_json_log_cb(struct json_container *json, void *v)
"local", info->key);
break;
}
if (!sudo_json_open_array(json, info->key))
if (!sudo_json_open_array(jsonc, info->key))
goto bad;
for (n = 0; n < numlist->n_numbers; n++) {
json_value.type = JSON_NUMBER;
json_value.u.number = numlist->numbers[n];
if (!sudo_json_add_value(json, NULL, &json_value))
if (!sudo_json_add_value(jsonc, NULL, &json_value))
goto bad;
}
if (!sudo_json_close_array(json))
if (!sudo_json_close_array(jsonc))
goto bad;
break;
}
@@ -304,7 +304,7 @@ done:
static bool
store_exit_info_json(int dfd, struct eventlog *evlog)
{
struct json_container json = { 0 };
struct json_container jsonc = { 0 };
struct json_value json_value;
struct iovec iov[3];
bool ret = false;
@@ -312,7 +312,7 @@ store_exit_info_json(int dfd, struct eventlog *evlog)
off_t pos;
debug_decl(store_exit_info_json, SUDO_DEBUG_UTIL);
if (!sudo_json_init(&json, 4, false, false))
if (!sudo_json_init(&jsonc, 4, false, false))
goto done;
fd = iolog_openat(dfd, "log.json", O_RDWR);
@@ -327,38 +327,38 @@ store_exit_info_json(int dfd, struct eventlog *evlog)
}
if (sudo_timespecisset(&evlog->run_time)) {
if (!sudo_json_open_object(&json, "run_time"))
if (!sudo_json_open_object(&jsonc, "run_time"))
goto done;
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->run_time.tv_sec;
if (!sudo_json_add_value(&json, "seconds", &json_value))
if (!sudo_json_add_value(&jsonc, "seconds", &json_value))
goto done;
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->run_time.tv_nsec;
if (!sudo_json_add_value(&json, "nanoseconds", &json_value))
if (!sudo_json_add_value(&jsonc, "nanoseconds", &json_value))
goto done;
if (!sudo_json_close_object(&json))
if (!sudo_json_close_object(&jsonc))
goto done;
}
if (evlog->signal_name != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = evlog->signal_name;
if (!sudo_json_add_value(&json, "signal", &json_value))
if (!sudo_json_add_value(&jsonc, "signal", &json_value))
goto done;
json_value.type = JSON_BOOL;
json_value.u.boolean = evlog->dumped_core;
if (!sudo_json_add_value(&json, "dumped_core", &json_value))
if (!sudo_json_add_value(&jsonc, "dumped_core", &json_value))
goto done;
}
json_value.type = JSON_NUMBER;
json_value.u.number = evlog->exit_value;
if (!sudo_json_add_value(&json, "exit_value", &json_value))
if (!sudo_json_add_value(&jsonc, "exit_value", &json_value))
goto done;
/* Back up to overwrite the final "\n}\n" */
@@ -372,8 +372,8 @@ store_exit_info_json(int dfd, struct eventlog *evlog)
/* Append the exit data and close the object. */
iov[0].iov_base = (char *)",";
iov[0].iov_len = 1;
iov[1].iov_base = sudo_json_get_buf(&json);
iov[1].iov_len = sudo_json_get_len(&json);
iov[1].iov_base = sudo_json_get_buf(&jsonc);
iov[1].iov_len = sudo_json_get_len(&jsonc);
iov[2].iov_base = (char *)"\n}\n";
iov[2].iov_len = 3;
if (writev(fd, iov, 3) == -1) {
@@ -391,7 +391,7 @@ store_exit_info_json(int dfd, struct eventlog *evlog)
done:
if (fd != -1)
close(fd);
sudo_json_free(&json);
sudo_json_free(&jsonc);
debug_return_bool(ret);
}

108
plugins/audit_json/audit_json.c
View File

@@ -189,7 +189,7 @@ done:
}
static bool
add_key_value(struct json_container *json, const char *str)
add_key_value(struct json_container *jsonc, const char *str)
{
struct json_value json_value;
const char *cp, *errstr;
@@ -256,26 +256,26 @@ add_key_value(struct json_container *json, const char *str)
json_value.u.string = cp;
}
debug_return_bool(sudo_json_add_value(json, name, &json_value));
debug_return_bool(sudo_json_add_value(jsonc, name, &json_value));
}
static bool
add_array(struct json_container *json, const char *name, char * const * array)
add_array(struct json_container *jsonc, const char *name, char * const * array)
{
const char *cp;
struct json_value json_value;
debug_decl(add_array, SUDO_DEBUG_PLUGIN);
if (!sudo_json_open_array(json, name))
if (!sudo_json_open_array(jsonc, name))
debug_return_bool(false);
while ((cp = *array) != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = cp;
if (!sudo_json_add_value(json, name, &json_value))
if (!sudo_json_add_value(jsonc, name, &json_value))
debug_return_bool(false);
array++;
}
if (!sudo_json_close_array(json))
if (!sudo_json_close_array(jsonc))
debug_return_bool(false);
debug_return_bool(true);
@@ -299,7 +299,7 @@ filter_key_value(const char *kv, const char * const * filter)
}
static bool
add_key_value_object(struct json_container *json, const char *name,
add_key_value_object(struct json_container *jsonc, const char *name,
char * const * array, const char * const * filter)
{
char * const *cur;
@@ -318,15 +318,15 @@ add_key_value_object(struct json_container *json, const char *name,
}
}
if (!empty) {
if (!sudo_json_open_object(json, name))
if (!sudo_json_open_object(jsonc, name))
goto bad;
for (cur = array; (cp = *cur) != NULL; cur++) {
if (filter_key_value(cp, filter))
continue;
if (!add_key_value(json, cp))
if (!add_key_value(jsonc, cp))
goto bad;
}
if (!sudo_json_close_object(json))
if (!sudo_json_close_object(jsonc))
goto bad;
}
@@ -336,7 +336,7 @@ bad:
}
static bool
add_timestamp(struct json_container *json, struct timespec *ts)
add_timestamp(struct json_container *jsonc, struct timespec *ts)
{
struct json_value json_value;
time_t secs = ts->tv_sec;
@@ -348,22 +348,22 @@ add_timestamp(struct json_container *json, struct timespec *ts)
if (gmtime_r(&secs, &gmt) == NULL)
debug_return_bool(false);
sudo_json_open_object(json, "timestamp");
sudo_json_open_object(jsonc, "timestamp");
json_value.type = JSON_NUMBER;
json_value.u.number = ts->tv_sec;
sudo_json_add_value(json, "seconds", &json_value);
sudo_json_add_value(jsonc, "seconds", &json_value);
json_value.type = JSON_NUMBER;
json_value.u.number = ts->tv_nsec;
sudo_json_add_value(json, "nanoseconds", &json_value);
sudo_json_add_value(jsonc, "nanoseconds", &json_value);
timebuf[sizeof(timebuf) - 1] = '\0';
len = strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", &gmt);
if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0'){
json_value.type = JSON_STRING;
json_value.u.string = timebuf;
sudo_json_add_value(json, "iso8601", &json_value);
sudo_json_add_value(jsonc, "iso8601", &json_value);
}
timebuf[sizeof(timebuf) - 1] = '\0';
@@ -371,16 +371,16 @@ add_timestamp(struct json_container *json, struct timespec *ts)
if (len != 0 && timebuf[sizeof(timebuf) - 1] == '\0'){
json_value.type = JSON_STRING;
json_value.u.string = timebuf;
sudo_json_add_value(json, "localtime", &json_value);
sudo_json_add_value(jsonc, "localtime", &json_value);
}
sudo_json_close_object(json);
sudo_json_close_object(jsonc);
debug_return_bool(true);
}
static int
audit_write_json(struct json_container *json)
audit_write_json(struct json_container *jsonc)
{
struct stat sb;
int ret = -1;
@@ -410,7 +410,7 @@ audit_write_json(struct json_container *json)
goto done;
}
fputs(sudo_json_get_buf(json), state.log_fp);
fputs(sudo_json_get_buf(jsonc), state.log_fp);
fputs("\n}\n", state.log_fp);
fflush(state.log_fp);
(void)sudo_lock_file(fileno(state.log_fp), SUDO_UNLOCK);
@@ -426,7 +426,7 @@ done:
static int
audit_write_exit_record(int exit_status, int error)
{
struct json_container json;
struct json_container jsonc;
struct json_value json_value;
struct timespec now;
int ret = -1;
@@ -437,33 +437,33 @@ audit_write_exit_record(int exit_status, int error)
goto done;
}
if (!sudo_json_init(&json, 4, false, false))
if (!sudo_json_init(&jsonc, 4, false, false))
goto oom;
if (!sudo_json_open_object(&json, "exit"))
if (!sudo_json_open_object(&jsonc, "exit"))
goto oom;
/* Write UUID */
json_value.type = JSON_STRING;
json_value.u.string = state.uuid_str;
if (!sudo_json_add_value(&json, "uuid", &json_value))
if (!sudo_json_add_value(&jsonc, "uuid", &json_value))
goto oom;
/* Write time stamp */
if (!add_timestamp(&json, &now))
if (!add_timestamp(&jsonc, &now))
goto oom;
if (error != 0) {
/* Error executing command */
json_value.type = JSON_STRING;
json_value.u.string = strerror(error);
if (!sudo_json_add_value(&json, "error", &json_value))
if (!sudo_json_add_value(&jsonc, "error", &json_value))
goto oom;
} else {
if (WIFEXITED(exit_status)) {
/* Command exited normally. */
json_value.type = JSON_NUMBER;
json_value.u.number = WEXITSTATUS(exit_status);
if (!sudo_json_add_value(&json, "exit_value", &json_value))
if (!sudo_json_add_value(&jsonc, "exit_value", &json_value))
goto oom;
} else if (WIFSIGNALED(exit_status)) {
/* Command killed by signal. */
@@ -472,37 +472,37 @@ audit_write_exit_record(int exit_status, int error)
if (signo <= 0 || sig2str(signo, signame) == -1) {
json_value.type = JSON_NUMBER;
json_value.u.number = signo;
if (!sudo_json_add_value(&json, "signal", &json_value))
if (!sudo_json_add_value(&jsonc, "signal", &json_value))
goto oom;
} else {
json_value.type = JSON_STRING;
json_value.u.string = signame; // -V507
if (!sudo_json_add_value(&json, "signal", &json_value))
if (!sudo_json_add_value(&jsonc, "signal", &json_value))
goto oom;
}
/* Core dump? */
json_value.type = JSON_BOOL;
json_value.u.boolean = WCOREDUMP(exit_status);
if (!sudo_json_add_value(&json, "dumped_core", &json_value))
if (!sudo_json_add_value(&jsonc, "dumped_core", &json_value))
goto oom;
/* Exit value */
json_value.type = JSON_NUMBER;
json_value.u.number = WTERMSIG(exit_status) | 128;
if (!sudo_json_add_value(&json, "exit_value", &json_value))
if (!sudo_json_add_value(&jsonc, "exit_value", &json_value))
goto oom;
}
}
if (!sudo_json_close_object(&json))
if (!sudo_json_close_object(&jsonc))
goto oom;
ret = audit_write_json(&json);
sudo_json_free(&json);
ret = audit_write_json(&jsonc);
sudo_json_free(&jsonc);
done:
debug_return_int(ret);
oom:
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
sudo_json_free(&json);
sudo_json_free(&jsonc);
debug_return_int(-1);
}
@@ -511,7 +511,7 @@ audit_write_record(const char *audit_str, const char *plugin_name,
unsigned int plugin_type, const char *reason, char * const command_info[],
char * const run_argv[], char * const run_envp[])
{
struct json_container json;
struct json_container jsonc;
struct json_value json_value;
struct timespec now;
int ret = -1;
@@ -522,14 +522,14 @@ audit_write_record(const char *audit_str, const char *plugin_name,
goto done;
}
if (!sudo_json_init(&json, 4, false, false))
if (!sudo_json_init(&jsonc, 4, false, false))
goto oom;
if (!sudo_json_open_object(&json, audit_str))
if (!sudo_json_open_object(&jsonc, audit_str))
goto oom;
json_value.type = JSON_STRING;
json_value.u.string = plugin_name;
if (!sudo_json_add_value(&json, "plugin_name", &json_value))
if (!sudo_json_add_value(&jsonc, "plugin_name", &json_value))
goto oom;
switch (plugin_type) {
@@ -553,85 +553,85 @@ audit_write_record(const char *audit_str, const char *plugin_name,
break;
}
json_value.type = JSON_STRING;
if (!sudo_json_add_value(&json, "plugin_type", &json_value))
if (!sudo_json_add_value(&jsonc, "plugin_type", &json_value))
goto oom;
/* error and reject audit events usually contain a reason. */
if (reason != NULL) {
json_value.type = JSON_STRING;
json_value.u.string = reason;
if (!sudo_json_add_value(&json, "reason", &json_value))
if (!sudo_json_add_value(&jsonc, "reason", &json_value))
goto oom;
}
json_value.type = JSON_STRING;
json_value.u.string = state.uuid_str;
if (!sudo_json_add_value(&json, "uuid", &json_value))
if (!sudo_json_add_value(&jsonc, "uuid", &json_value))
goto oom;
if (!add_timestamp(&json, &now))
if (!add_timestamp(&jsonc, &now))
goto oom;
/* Write key=value objects. */
if (state.settings != NULL) {
if (!add_key_value_object(&json, "options", state.settings, settings_filter))
if (!add_key_value_object(&jsonc, "options", state.settings, settings_filter))
goto oom;
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"missing settings list");
}
if (state.user_info != NULL) {
if (!add_key_value_object(&json, "user_info", state.user_info, NULL))
if (!add_key_value_object(&jsonc, "user_info", state.user_info, NULL))
goto oom;
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"missing user_info list");
}
if (command_info != NULL) {
if (!add_key_value_object(&json, "command_info", command_info, NULL))
if (!add_key_value_object(&jsonc, "command_info", command_info, NULL))
goto oom;
}
/* Write submit_optind before submit_argv */
json_value.type = JSON_NUMBER;
json_value.u.number = state.submit_optind;
if (!sudo_json_add_value(&json, "submit_optind", &json_value))
if (!sudo_json_add_value(&jsonc, "submit_optind", &json_value))
goto oom;
if (state.submit_argv != NULL) {
if (!add_array(&json, "submit_argv", state.submit_argv))
if (!add_array(&jsonc, "submit_argv", state.submit_argv))
goto oom;
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"missing submit_argv array");
}
if (state.submit_envp != NULL) {
if (!add_array(&json, "submit_envp", state.submit_envp))
if (!add_array(&jsonc, "submit_envp", state.submit_envp))
goto oom;
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"missing submit_envp array");
}
if (run_argv != NULL) {
if (!add_array(&json, "run_argv", run_argv))
if (!add_array(&jsonc, "run_argv", run_argv))
goto oom;
}
if (run_envp != NULL) {
if (!add_array(&json, "run_envp", run_envp))
if (!add_array(&jsonc, "run_envp", run_envp))
goto oom;
}
if (!sudo_json_close_object(&json))
if (!sudo_json_close_object(&jsonc))
goto oom;
ret = audit_write_json(&json);
sudo_json_free(&json);
ret = audit_write_json(&jsonc);
sudo_json_free(&jsonc);
done:
debug_return_int(ret);
oom:
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
sudo_json_free(&json);
sudo_json_free(&jsonc);
debug_return_int(-1);
}

2
plugins/sudoers/sudoers.h
View File

@@ -413,7 +413,7 @@ int sudoers_hook_getenv(const char *name, char **value, void *closure);
int sudoers_hook_putenv(char *string, void *closure);
int sudoers_hook_setenv(const char *name, const char *value, int overwrite, void *closure);
int sudoers_hook_unsetenv(const char *name, void *closure);
void register_env_file(void * (*ef_open)(const char *), void (*ef_close)(void *), char * (*ef_next)(void *, int *), bool system);
void register_env_file(void * (*ef_open)(const char *), void (*ef_close)(void *), char * (*ef_next)(void *, int *), bool sys);
/* env_pattern.c */
bool matches_env_pattern(const char *pattern, const char *var, bool *full_match);

20
src/env_hooks.c
View File

@@ -57,7 +57,9 @@ getenv_unhooked(const char *name)
return val;
}
sudo_dso_public char *
sudo_dso_public char *getenv(const char *name);
char *
getenv(const char *name)
{
char *val = NULL;
@@ -143,7 +145,9 @@ putenv_unhooked(PUTENV_CONST char *string)
return rpl_putenv(string);
}
sudo_dso_public int
sudo_dso_public int putenv(PUTENV_CONST char *string);
int
putenv(PUTENV_CONST char *string)
{
switch (process_hooks_putenv((char *)string)) {
@@ -215,7 +219,9 @@ setenv_unhooked(const char *var, const char *val, int overwrite)
return rpl_setenv(var, val, overwrite);
}
sudo_dso_public int
sudo_dso_public int setenv(const char *var, const char *val, int overwrite);
int
setenv(const char *var, const char *val, int overwrite)
{
switch (process_hooks_setenv(var, val, overwrite)) {
@@ -280,10 +286,14 @@ unsetenv_unhooked(const char *var)
}
#ifdef UNSETENV_VOID
sudo_dso_public void
# define UNSETENV_RTYPE void
#else
sudo_dso_public int
# define UNSETENV_RTYPE int
#endif
sudo_dso_public UNSETENV_RTYPE unsetenv(const char *var);
UNSETENV_RTYPE
unsetenv(const char *var)
{
int ret;

24
src/exec_intercept.c
View File

@@ -218,8 +218,8 @@ intercept_cleanup(void)
static bool
prepare_listener(struct intercept_closure *closure)
{
struct sockaddr_in sin;
socklen_t sin_len = sizeof(sin);
struct sockaddr_in sin4;
socklen_t sin4_len = sizeof(sin4);
int sock;
debug_decl(prepare_listener, SUDO_DEBUG_EXEC);
@@ -234,15 +234,15 @@ prepare_listener(struct intercept_closure *closure)
sudo_warn("socket");
goto bad;
}
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
sin.sin_port = 0;
if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
memset(&sin4, 0, sizeof(sin4));
sin4.sin_family = AF_INET;
sin4.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
sin4.sin_port = 0;
if (bind(sock, (struct sockaddr *)&sin4, sizeof(sin4)) == -1) {
sudo_warn("bind");
goto bad;
}
if (getsockname(sock, (struct sockaddr *)&sin, &sin_len) == -1) {
if (getsockname(sock, (struct sockaddr *)&sin4, &sin4_len) == -1) {
sudo_warn("getsockname");
goto bad;
}
@@ -252,7 +252,7 @@ prepare_listener(struct intercept_closure *closure)
}
closure->listen_sock = sock;
intercept_listen_port = ntohs(sin.sin_port);
intercept_listen_port = ntohs(sin4.sin_port);
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"%s: listening on port %hu", __func__, intercept_listen_port);
@@ -1012,8 +1012,8 @@ intercept_accept_cb(int fd, int what, void *v)
{
struct intercept_closure *closure = v;
struct sudo_event_base *evbase = sudo_ev_get_base(&closure->ev);
struct sockaddr_in sin;
socklen_t sin_len = sizeof(sin);
struct sockaddr_in sin4;
socklen_t sin4_len = sizeof(sin4);
int client_sock, flags, on = 1;
debug_decl(intercept_accept_cb, SUDO_DEBUG_EXEC);
@@ -1026,7 +1026,7 @@ intercept_accept_cb(int fd, int what, void *v)
debug_return;
}
client_sock = accept(fd, (struct sockaddr *)&sin, &sin_len);
client_sock = accept(fd, (struct sockaddr *)&sin4, &sin4_len);
if (client_sock == -1) {
sudo_warn("accept");
goto bad;

48
src/net_ifs.c
View File

@@ -105,7 +105,7 @@ int
get_net_ifs(char **addrinfo_out)
{
struct ifaddrs *ifa, *ifaddrs;
struct sockaddr_in *sin;
struct sockaddr_in *sin4;
# ifdef HAVE_STRUCT_IN6_ADDR
struct sockaddr_in6 *sin6;
# endif
@@ -156,19 +156,19 @@ get_net_ifs(char **addrinfo_out)
switch (ifa->ifa_addr->sa_family) {
case AF_INET:
sin = (struct sockaddr_in *)ifa->ifa_addr;
if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) {
sin4 = (struct sockaddr_in *)ifa->ifa_addr;
if (sin4->sin_addr.s_addr == INADDR_ANY || sin4->sin_addr.s_addr == INADDR_NONE) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring unspecified AF_INET addr for %s", ifa->ifa_name);
continue;
}
if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
if (inet_ntop(AF_INET, &sin4->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET addr for %s", ifa->ifa_name);
continue;
}
sin = (struct sockaddr_in *)ifa->ifa_netmask;
if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sin4 = (struct sockaddr_in *)ifa->ifa_netmask;
if (inet_ntop(AF_INET, &sin4->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET mask for %s", ifa->ifa_name);
continue;
@@ -315,7 +315,7 @@ get_net_ifs(char **addrinfo_out)
*/
for (i = 0; i < ifconf.ifc_len; ) {
struct ifreq *ifr = (struct ifreq *)&ifconf.ifc_buf[i];
struct sockaddr_in *sin;
struct sockaddr_in *sin4;
/* Set i to the subscript of the next interface (no sa_len). */
i += sizeof(struct ifreq);
@@ -329,13 +329,13 @@ get_net_ifs(char **addrinfo_out)
}
/* Store the address. */
sin = (struct sockaddr_in *)&ifr->ifr_addr;
if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) {
sin4 = (struct sockaddr_in *)&ifr->ifr_addr;
if (sin4->sin_addr.s_addr == INADDR_ANY || sin4->sin_addr.s_addr == INADDR_NONE) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring unspecified AF_INET addr for %s", ifr->ifr_name);
continue;
}
if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
if (inet_ntop(AF_INET, &sin4->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET addr for %s", ifr->ifr_name);
continue;
@@ -359,8 +359,8 @@ get_net_ifs(char **addrinfo_out)
}
/* Convert the mask to string form. */
sin = (struct sockaddr_in *)&ifr->ifr_addr;
if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sin4 = (struct sockaddr_in *)&ifr->ifr_addr;
if (inet_ntop(AF_INET, &sin4->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET mask for %s", ifr->ifr_name);
continue;
@@ -467,7 +467,7 @@ get_net_ifs(char **addrinfo_out)
{
struct lifconf lifconf;
struct lifnum lifn;
struct sockaddr_in *sin;
struct sockaddr_in *sin4;
struct sockaddr_in6 *sin6;
char addrstr[INET6_ADDRSTRLEN], maskstr[INET6_ADDRSTRLEN];
char *addrinfo = NULL;
@@ -540,13 +540,13 @@ get_net_ifs(char **addrinfo_out)
/* Store the address. */
switch (family) {
case AF_INET:
sin = (struct sockaddr_in *)&lifr->lifr_addr;
if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) {
sin4 = (struct sockaddr_in *)&lifr->lifr_addr;
if (sin4->sin_addr.s_addr == INADDR_ANY || sin4->sin_addr.s_addr == INADDR_NONE) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring unspecified AF_INET addr for %s", lifr->lifr_name);
continue;
}
if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
if (inet_ntop(AF_INET, &sin4->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET addr for %s", lifr->lifr_name);
continue;
@@ -592,8 +592,8 @@ get_net_ifs(char **addrinfo_out)
}
switch (family) {
case AF_INET:
sin = (struct sockaddr_in *)&lifr->lifr_addr;
if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sin4 = (struct sockaddr_in *)&lifr->lifr_addr;
if (inet_ntop(AF_INET, &sin4->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET mask for %s", lifr->lifr_name);
continue;
@@ -654,7 +654,7 @@ get_net_ifs(char **addrinfo_out)
{
struct ifconf ifconf;
struct ifreq *ifr;
struct sockaddr_in *sin;
struct sockaddr_in *sin4;
# ifdef HAVE_STRUCT_IN6_ADDR
struct sockaddr_in6 *sin6;
# endif
@@ -768,13 +768,13 @@ get_net_ifs(char **addrinfo_out)
/* Store the address. */
switch (family) {
case AF_INET:
sin = (struct sockaddr_in *)&ifr->ifr_addr;
if (sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_NONE) {
sin4 = (struct sockaddr_in *)&ifr->ifr_addr;
if (sin4->sin_addr.s_addr == INADDR_ANY || sin4->sin_addr.s_addr == INADDR_NONE) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring unspecified AF_INET addr for %s", ifr->ifr_name);
continue;
}
if (inet_ntop(AF_INET, &sin->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
if (inet_ntop(AF_INET, &sin4->sin_addr, addrstr, sizeof(addrstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET addr for %s", ifr->ifr_name);
continue;
@@ -824,8 +824,8 @@ get_net_ifs(char **addrinfo_out)
/* Convert the mask to string form. */
switch (family) {
case AF_INET:
sin = (struct sockaddr_in *)&ifr->ifr_addr;
if (inet_ntop(AF_INET, &sin->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sin4 = (struct sockaddr_in *)&ifr->ifr_addr;
if (inet_ntop(AF_INET, &sin4->sin_addr, maskstr, sizeof(maskstr)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ignoring bad AF_INET mask for %s", ifr->ifr_name);
continue;

12
src/sudo_intercept_common.c
View File

@@ -358,7 +358,7 @@ intercept_connect(void)
{
int sock = -1;
int on = 1;
struct sockaddr_in sin;
struct sockaddr_in sin4;
debug_decl(intercept_connect, SUDO_DEBUG_EXEC);
if (intercept_port == 0) {
@@ -366,10 +366,10 @@ intercept_connect(void)
goto done;
}
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
sin.sin_port = htons(intercept_port);
memset(&sin4, 0, sizeof(sin4));
sin4.sin_family = AF_INET;
sin4.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
sin4.sin_port = htons(intercept_port);
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == -1) {
@@ -380,7 +380,7 @@ intercept_connect(void)
/* Send data immediately, we need low latency IPC. */
(void)setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on));
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
if (connect(sock, (struct sockaddr *)&sin4, sizeof(sin4)) == -1) {
sudo_warn("connect");
close(sock);
sock = -1;

10
src/sudo_plugin_int.h
View File

@@ -38,7 +38,7 @@ struct policy_plugin_1_0 {
unsigned int type;
unsigned int version;
int (*open)(unsigned int version, sudo_conv_1_7_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const user_env[]);
void (*close)(int exit_status, int error); /* wait status or error */
int (*show_version)(int verbose);
@@ -46,16 +46,16 @@ struct policy_plugin_1_0 {
char *env_add[], char **command_info[],
char **argv_out[], char **user_env_out[]);
int (*list)(int argc, char * const argv[], int verbose,
const char *list_user);
const char *user);
int (*validate)(void);
void (*invalidate)(int remove);
void (*invalidate)(int rmcred);
int (*init_session)(struct passwd *pwd);
};
struct io_plugin_1_0 {
unsigned int type;
unsigned int version;
int (*open)(unsigned int version, sudo_conv_1_7_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
char * const user_env[]);
void (*close)(int exit_status, int error);
@@ -70,7 +70,7 @@ struct io_plugin_1_1 {
unsigned int type;
unsigned int version;
int (*open)(unsigned int version, sudo_conv_1_7_t conversation,
sudo_printf_t sudo_printf, char * const settings[],
sudo_printf_t sudo_plugin_printf, char * const settings[],
char * const user_info[], char * const command_info[],
int argc, char * const argv[], char * const user_env[]);
void (*close)(int exit_status, int error); /* wait status or error */