isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Go back to parsing Defaults entries in update_defaults instead of

Browse Source 
as sudoers is read.  Otherwise, we cannot properly support early
defaults like sudoers_locale.
This commit is contained in:
Todd C. Miller
2016-11-09 16:00:12 -07:00
parent efe957544f
commit 79ca752802
12 changed files with 262 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
plugins/sudoers/defaults.c
View File

@@ -191,6 +191,36 @@ dump_defaults(void)
debug_return; debug_return;
} }
/*
* Find the index of the specified Defaults name in sudo_defs_table[]
* On success, returns the matching index or -1 on failure.
*/
static int
find_default(const char *name, const char *file, int lineno, bool quiet)
{
int i;
debug_decl(find_default, SUDOERS_DEBUG_DEFAULTS)
for (i = 0; sudo_defs_table[i].name != NULL; i++) {
if (strcmp(name, sudo_defs_table[i].name) == 0)
debug_return_int(i);
}
if (!quiet) {
if (lineno > 0) {
sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""),
file, lineno, name);
} else {
sudo_warnx(U_("%s: unknown defaults entry \"%s\""),
file, name);
}
}
debug_return_int(-1);
}
/*
* Parse a defaults entry, storing the parsed entry in sd_un.
* Returns true on success or false on failure.
*/
static bool static bool
parse_default_entry(struct sudo_defs_types *def, const char *val, int op, parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
union sudo_defs_val *sd_un, const char *file, int lineno, bool quiet) union sudo_defs_val *sd_un, const char *file, int lineno, bool quiet)
@@ -301,24 +331,11 @@ parse_default_entry(struct sudo_defs_types *def, const char *val, int op,
} }
struct early_default * struct early_default *
is_early_default(int idx) is_early_default(const char *name)
{ {
struct early_default *early; struct early_default *early;
debug_decl(is_early_default, SUDOERS_DEBUG_DEFAULTS) debug_decl(is_early_default, SUDOERS_DEBUG_DEFAULTS)
for (early = early_defaults; early->idx != -1; early++) {
if (idx == early->idx)
debug_return_ptr(early);
}
debug_return_ptr(NULL);
}
struct early_default *
is_early_default_byname(const char *name)
{
struct early_default *early;
debug_decl(is_early_default_byname, SUDOERS_DEBUG_DEFAULTS)
for (early = early_defaults; early->idx != -1; early++) { for (early = early_defaults; early->idx != -1; early++) {
if (strcmp(name, sudo_defs_table[early->idx].name) == 0) if (strcmp(name, sudo_defs_table[early->idx].name) == 0)
debug_return_ptr(early); debug_return_ptr(early);
@@ -339,23 +356,20 @@ run_callback(struct sudo_defs_types *def)
/* /*
* Sets/clears an entry in the defaults structure. * Sets/clears an entry in the defaults structure.
* Runs the callback if present on success. * Runs the callback if present on success.
* XXX - deprecated, only used by ldap/sssd
*/ */
bool bool
set_default(const char *var, const char *val, int op, const char *file, set_default(const char *var, const char *val, int op, const char *file,
int lineno, bool quiet) int lineno, bool quiet)
{ {
union sudo_defs_val sd_un;
int idx; int idx;
debug_decl(set_default, SUDOERS_DEBUG_DEFAULTS) debug_decl(set_default, SUDOERS_DEBUG_DEFAULTS)
memset(&sd_un, 0, sizeof(sd_un)); idx = find_default(var, file, lineno, quiet);
idx = parse_default(var, val, op, &sd_un, file, lineno, quiet);
if (idx != -1) { if (idx != -1) {
/* Set parsed value in sudo_defs_table and run callback (if any). */ /* Set parsed value in sudo_defs_table and run callback (if any). */
struct sudo_defs_types *def = &sudo_defs_table[idx]; struct sudo_defs_types *def = &sudo_defs_table[idx];
def->sd_un = sd_un; if (parse_default_entry(def, val, op, &def->sd_un, file, lineno, quiet))
debug_return_bool(run_callback(def)); debug_return_bool(run_callback(def));
} }
debug_return_bool(false); debug_return_bool(false);
} }
@@ -363,25 +377,22 @@ set_default(const char *var, const char *val, int op, const char *file,
/* /*
* Like set_default() but stores the matching default value * Like set_default() but stores the matching default value
* and does not run callbacks. * and does not run callbacks.
* XXX - deprecated, only used by ldap/sssd
*/ */
bool bool
set_early_default(const char *var, const char *val, int op, const char *file, set_early_default(const char *var, const char *val, int op, const char *file,
int lineno, bool quiet, struct early_default *early) int lineno, bool quiet, struct early_default *early)
{ {
union sudo_defs_val sd_un;
int idx; int idx;
debug_decl(set_early_default, SUDOERS_DEBUG_DEFAULTS) debug_decl(set_early_default, SUDOERS_DEBUG_DEFAULTS)
memset(&sd_un, 0, sizeof(sd_un)); idx = find_default(var, file, lineno, quiet);
idx = parse_default(var, val, op, &sd_un, file, lineno, quiet);
if (idx != -1) { if (idx != -1) {
/* Set parsed value in sudo_defs_table. */ /* Set parsed value in sudo_defs_table but defer callback (if any). */
struct sudo_defs_types *def = &sudo_defs_table[idx]; struct sudo_defs_types *def = &sudo_defs_table[idx];
def->sd_un = sd_un; if (parse_default_entry(def, val, op, &def->sd_un, file, lineno, quiet)) {
/* Defer running callback until all early defaults are set. */ early->run_callback = true;
early->run_callback = true; debug_return_bool(true);
debug_return_bool(true); }
} }
debug_return_bool(false); debug_return_bool(false);
} }
@@ -407,17 +418,17 @@ run_early_defaults(void)
} }
static void static void
free_default(struct sudo_defs_types *def) free_default(int type, union sudo_defs_val *sd_un)
{ {
switch (def->type & T_MASK) { switch (type & T_MASK) {
case T_STR: case T_STR:
free(def->sd_un.str); free(sd_un->str);
break; break;
case T_LIST: case T_LIST:
(void)list_op(NULL, 0, &def->sd_un, freeall); (void)list_op(NULL, 0, sd_un, freeall);
break; break;
} }
memset(&def->sd_un, 0, sizeof(def->sd_un)); memset(sd_un, 0, sizeof(*sd_un));
} }
/* /*
@@ -434,7 +445,7 @@ init_defaults(void)
/* Clear any old settings. */ /* Clear any old settings. */
if (!firsttime) { if (!firsttime) {
for (def = sudo_defs_table; def->name != NULL; def++) for (def = sudo_defs_table; def->name != NULL; def++)
free_default(def); free_default(def->type, &def->sd_un);
} }
/* First initialize the flags. */ /* First initialize the flags. */
@@ -692,7 +703,7 @@ update_defaults(int what, bool quiet)
* First apply Defaults values marked as early. * First apply Defaults values marked as early.
*/ */
TAILQ_FOREACH(d, &defaults, entries) { TAILQ_FOREACH(d, &defaults, entries) {
struct early_default *early = is_early_default(d->idx); struct early_default *early = is_early_default(d->var);
if (early == NULL) if (early == NULL)
continue; continue;
@@ -702,8 +713,9 @@ update_defaults(int what, bool quiet)
continue; continue;
/* Copy the value to sudo_defs_table and mark as early. */ /* Copy the value to sudo_defs_table and mark as early. */
sudo_defs_table[d->idx].sd_un = d->sd_un; if (!set_early_default(d->var, d->val, d->op, d->file, d->lineno,
early->run_callback = true; quiet, early))
ret = false;
} }
/* Run callbacks for early defaults (if any) */ /* Run callbacks for early defaults (if any) */
if (!run_early_defaults()) if (!run_early_defaults())
@@ -714,7 +726,7 @@ update_defaults(int what, bool quiet)
*/ */
TAILQ_FOREACH(d, &defaults, entries) { TAILQ_FOREACH(d, &defaults, entries) {
/* Skip Defaults marked as early, we already did them. */ /* Skip Defaults marked as early, we already did them. */
if (is_early_default(d->idx)) if (is_early_default(d->var))
continue; continue;
/* Defaults type and binding must match. */ /* Defaults type and binding must match. */
@@ -723,42 +735,40 @@ update_defaults(int what, bool quiet)
continue; continue;
/* Copy the value to sudo_defs_table and run callback (if any) */ /* Copy the value to sudo_defs_table and run callback (if any) */
sudo_defs_table[d->idx].sd_un = d->sd_un; if (!set_default(d->var, d->val, d->op, d->file, d->lineno, quiet))
if (!run_callback(&sudo_defs_table[d->idx]))
ret = false; ret = false;
} }
debug_return_bool(ret); debug_return_bool(ret);
} }
/* /*
* Parse a defaults entry, storing the parsed entry in sd_un. * Check all defaults entries without actually setting them.
* Returns the matching sudo_defs_table[] index on success or -1 on failure.
*/ */
int bool
parse_default(const char *var, const char *val, int op, check_defaults(bool quiet)
union sudo_defs_val *sd_un, const char *file, int lineno, bool quiet)
{ {
int i; struct defaults *d;
debug_decl(parse_default, SUDOERS_DEBUG_DEFAULTS) bool ret = true;
int idx;
debug_decl(check_defaults, SUDOERS_DEBUG_DEFAULTS)
for (i = 0; sudo_defs_table[i].name != NULL; i++) { TAILQ_FOREACH(d, &defaults, entries) {
if (strcmp(var, sudo_defs_table[i].name) == 0) { idx = find_default(d->var, d->file, d->lineno, quiet);
if (parse_default_entry(&sudo_defs_table[i], val, op, if (idx != -1) {
sd_un, file, lineno, quiet)) struct sudo_defs_types *def = &sudo_defs_table[idx];
debug_return_int(i); union sudo_defs_val sd_un;
debug_return_int(-1); memset(&sd_un, 0, sizeof(sd_un));
if (parse_default_entry(def, d->val, d->op, &sd_un, d->file,
d->lineno, quiet)) {
free_default(def->type, &sd_un);
continue;
}
} }
/* There was an error in the entry, flag it. */
d->error = true;
ret = false;
} }
if (!quiet) { debug_return_bool(ret);
if (lineno > 0) {
sudo_warnx(U_("%s:%d unknown defaults entry \"%s\""),
file, lineno, var);
} else {
sudo_warnx(U_("%s: unknown defaults entry \"%s\""),
file, var);
}
}
debug_return_int(-1);
} }
static bool static bool

5
plugins/sudoers/defaults.h
View File

@@ -121,13 +121,12 @@ struct early_default {
*/ */
void dump_default(void); void dump_default(void);
bool init_defaults(void); bool init_defaults(void);
struct early_default *is_early_default(int idx); struct early_default *is_early_default(const char *name);
struct early_default *is_early_default_byname(const char *name);
bool run_early_defaults(void); bool run_early_defaults(void);
bool set_early_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet, struct early_default *early); bool set_early_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet, struct early_default *early);
bool set_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet); bool set_default(const char *var, const char *val, int op, const char *file, int lineno, bool quiet);
bool update_defaults(int what, bool quiet); bool update_defaults(int what, bool quiet);
int parse_default(const char *var, const char *val, int op, union sudo_defs_val *sd_un, const char *file, int lineno, bool quiet); bool check_defaults(bool quiet);
extern struct sudo_defs_types sudo_defs_table[]; extern struct sudo_defs_types sudo_defs_table[];

251
plugins/sudoers/gram.c
View File

@@ -91,7 +91,6 @@
* Globals * Globals
*/ */
bool sudoers_warnings = true; bool sudoers_warnings = true;
bool allow_unknown_defaults = true;
bool parse_error = false; bool parse_error = false;
int errorlineno = -1; int errorlineno = -1;
char *errorfile = NULL; char *errorfile = NULL;
@@ -104,10 +103,10 @@ struct userspec_list userspecs = TAILQ_HEAD_INITIALIZER(userspecs);
*/ */
static bool add_defaults(int, struct member *, struct defaults *); static bool add_defaults(int, struct member *, struct defaults *);
static bool add_userspec(struct member *, struct privilege *); static bool add_userspec(struct member *, struct privilege *);
static struct defaults *new_default(char *, char *, int); static struct defaults *new_default(char *, char *, short);
static struct member *new_member(char *, int); static struct member *new_member(char *, int);
static struct sudo_digest *new_digest(int, const char *); static struct sudo_digest *new_digest(int, const char *);
#line 74 "gram.y" #line 73 "gram.y"
#ifndef YYSTYPE_DEFINED #ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED #define YYSTYPE_DEFINED
typedef union { typedef union {
@@ -125,7 +124,7 @@ typedef union {
int tok; int tok;
} YYSTYPE; } YYSTYPE;
#endif /* YYSTYPE_DEFINED */ #endif /* YYSTYPE_DEFINED */
#line 128 "gram.c" #line 127 "gram.c"
#define COMMAND 257 #define COMMAND 257
#define ALIAS 258 #define ALIAS 258
#define DEFVAR 259 #define DEFVAR 259
@@ -690,7 +689,7 @@ short *yysslim;
YYSTYPE *yyvs; YYSTYPE *yyvs;
unsigned int yystacksize; unsigned int yystacksize;
int yyparse(void); int yyparse(void);
#line 850 "gram.y" #line 849 "gram.y"
void void
sudoerserror(const char *s) sudoerserror(const char *s)
{ {
@@ -728,7 +727,7 @@ sudoerserror(const char *s)
} }
static struct defaults * static struct defaults *
new_default(char *var, char *val, int op) new_default(char *var, char *val, short op)
{ {
struct defaults *d; struct defaults *d;
debug_decl(new_default, SUDOERS_DEBUG_PARSER) debug_decl(new_default, SUDOERS_DEBUG_PARSER)
@@ -744,6 +743,14 @@ new_default(char *var, char *val, int op)
/* d->type = 0; */ /* d->type = 0; */
d->op = op; d->op = op;
/* d->binding = NULL */ /* d->binding = NULL */
d->lineno = last_token == COMMENT ? sudolineno - 1 : sudolineno;
d->file = strdup(sudoers);
if (d->file == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate memory");
free(d);
debug_return_ptr(NULL);
}
HLTQ_INIT(d, entries); HLTQ_INIT(d, entries);
debug_return_ptr(d); debug_return_ptr(d);
@@ -802,7 +809,6 @@ add_defaults(int type, struct member *bmem, struct defaults *defs)
{ {
struct defaults *d, *next; struct defaults *d, *next;
struct member_list *binding; struct member_list *binding;
bool binding_used = false;
bool ret = true; bool ret = true;
debug_decl(add_defaults, SUDOERS_DEBUG_PARSER) debug_decl(add_defaults, SUDOERS_DEBUG_PARSER)
@@ -823,33 +829,12 @@ add_defaults(int type, struct member *bmem, struct defaults *defs)
/* /*
* Set type and binding (who it applies to) for new entries. * Set type and binding (who it applies to) for new entries.
* Then add to the global defaults list if it parses. * Then add to the global defaults list.
*/ */
HLTQ_FOREACH_SAFE(d, defs, entries, next) { HLTQ_FOREACH_SAFE(d, defs, entries, next) {
d->idx = parse_default(d->var, d->val, d->op, &d->sd_un, d->type = type;
sudoers, sudolineno, !sudoers_warnings); d->binding = binding;
if (d->idx != -1) { TAILQ_INSERT_TAIL(&defaults, d, entries);
/* Append to defaults list */
d->type = type;
d->binding = binding;
binding_used = true;
TAILQ_INSERT_TAIL(&defaults, d, entries);
} else {
/* Did not parse */
if (ret && !allow_unknown_defaults) {
sudoerserror(NULL);
ret = false;
}
free(d->var);
free(d->val);
free(d);
}
}
if (!binding_used) {
/* No valid Defaults entries, binding unused. */
free_members(binding);
free(binding);
} }
} }
@@ -903,7 +888,7 @@ free_members(struct member_list *members)
* the current sudoers file to path. * the current sudoers file to path.
*/ */
bool bool
init_parser(const char *path, bool quiet, bool strict_defaults) init_parser(const char *path, bool quiet)
{ {
struct member_list *binding; struct member_list *binding;
struct defaults *d, *d_next; struct defaults *d, *d_next;
@@ -999,6 +984,7 @@ init_parser(const char *path, bool quiet, bool strict_defaults)
/* no need to free sd_un */ /* no need to free sd_un */
free(d->var); free(d->var);
free(d->val); free(d->val);
free(d->file);
free(d); free(d);
} }
TAILQ_INIT(&defaults); TAILQ_INIT(&defaults);
@@ -1025,11 +1011,10 @@ init_parser(const char *path, bool quiet, bool strict_defaults)
free(errorfile); free(errorfile);
errorfile = NULL; errorfile = NULL;
sudoers_warnings = !quiet; sudoers_warnings = !quiet;
allow_unknown_defaults = !strict_defaults;
debug_return_bool(ret); debug_return_bool(ret);
} }
#line 980 "gram.c" #line 965 "gram.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */ /* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__) #if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void) static int yygrowstack(void)
@@ -1238,23 +1223,23 @@ yyreduce:
switch (yyn) switch (yyn)
{ {
case 1: case 1:
#line 168 "gram.y" #line 167 "gram.y"
{ ; } { ; }
break; break;
case 5: case 5:
#line 176 "gram.y" #line 175 "gram.y"
{ {
; ;
} }
break; break;
case 6: case 6:
#line 179 "gram.y" #line 178 "gram.y"
{ {
yyerrok; yyerrok;
} }
break; break;
case 7: case 7:
#line 182 "gram.y" #line 181 "gram.y"
{ {
if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) { if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) {
sudoerserror(N_("unable to allocate memory")); sudoerserror(N_("unable to allocate memory"));
@@ -1263,73 +1248,73 @@ case 7:
} }
break; break;
case 8: case 8:
#line 188 "gram.y" #line 187 "gram.y"
{ {
; ;
} }
break; break;
case 9: case 9:
#line 191 "gram.y" #line 190 "gram.y"
{ {
; ;
} }
break; break;
case 10: case 10:
#line 194 "gram.y" #line 193 "gram.y"
{ {
; ;
} }
break; break;
case 11: case 11:
#line 197 "gram.y" #line 196 "gram.y"
{ {
; ;
} }
break; break;
case 12: case 12:
#line 200 "gram.y" #line 199 "gram.y"
{ {
if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults)) if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults))
YYERROR; YYERROR;
} }
break; break;
case 13: case 13:
#line 204 "gram.y" #line 203 "gram.y"
{ {
if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults)) if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR; YYERROR;
} }
break; break;
case 14: case 14:
#line 208 "gram.y" #line 207 "gram.y"
{ {
if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults)) if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR; YYERROR;
} }
break; break;
case 15: case 15:
#line 212 "gram.y" #line 211 "gram.y"
{ {
if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults)) if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR; YYERROR;
} }
break; break;
case 16: case 16:
#line 216 "gram.y" #line 215 "gram.y"
{ {
if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults)) if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR; YYERROR;
} }
break; break;
case 18: case 18:
#line 223 "gram.y" #line 222 "gram.y"
{ {
HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries); HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries);
yyval.defaults = yyvsp[-2].defaults; yyval.defaults = yyvsp[-2].defaults;
} }
break; break;
case 19: case 19:
#line 229 "gram.y" #line 228 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[0].string, NULL, true); yyval.defaults = new_default(yyvsp[0].string, NULL, true);
if (yyval.defaults == NULL) { if (yyval.defaults == NULL) {
@@ -1339,7 +1324,7 @@ case 19:
} }
break; break;
case 20: case 20:
#line 236 "gram.y" #line 235 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[0].string, NULL, false); yyval.defaults = new_default(yyvsp[0].string, NULL, false);
if (yyval.defaults == NULL) { if (yyval.defaults == NULL) {
@@ -1349,7 +1334,7 @@ case 20:
} }
break; break;
case 21: case 21:
#line 243 "gram.y" #line 242 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
if (yyval.defaults == NULL) { if (yyval.defaults == NULL) {
@@ -1359,7 +1344,7 @@ case 21:
} }
break; break;
case 22: case 22:
#line 250 "gram.y" #line 249 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
if (yyval.defaults == NULL) { if (yyval.defaults == NULL) {
@@ -1369,7 +1354,7 @@ case 22:
} }
break; break;
case 23: case 23:
#line 257 "gram.y" #line 256 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
if (yyval.defaults == NULL) { if (yyval.defaults == NULL) {
@@ -1379,14 +1364,14 @@ case 23:
} }
break; break;
case 25: case 25:
#line 267 "gram.y" #line 266 "gram.y"
{ {
HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries); HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries);
yyval.privilege = yyvsp[-2].privilege; yyval.privilege = yyvsp[-2].privilege;
} }
break; break;
case 26: case 26:
#line 273 "gram.y" #line 272 "gram.y"
{ {
struct privilege *p = calloc(1, sizeof(*p)); struct privilege *p = calloc(1, sizeof(*p));
if (p == NULL) { if (p == NULL) {
@@ -1400,21 +1385,21 @@ case 26:
} }
break; break;
case 27: case 27:
#line 286 "gram.y" #line 285 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 28: case 28:
#line 290 "gram.y" #line 289 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 29: case 29:
#line 296 "gram.y" #line 295 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1424,7 +1409,7 @@ case 29:
} }
break; break;
case 30: case 30:
#line 303 "gram.y" #line 302 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1434,7 +1419,7 @@ case 30:
} }
break; break;
case 31: case 31:
#line 310 "gram.y" #line 309 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, NETGROUP); yyval.member = new_member(yyvsp[0].string, NETGROUP);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1444,7 +1429,7 @@ case 31:
} }
break; break;
case 32: case 32:
#line 317 "gram.y" #line 316 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, NTWKADDR); yyval.member = new_member(yyvsp[0].string, NTWKADDR);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1454,7 +1439,7 @@ case 32:
} }
break; break;
case 33: case 33:
#line 324 "gram.y" #line 323 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, WORD); yyval.member = new_member(yyvsp[0].string, WORD);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1464,7 +1449,7 @@ case 33:
} }
break; break;
case 35: case 35:
#line 334 "gram.y" #line 333 "gram.y"
{ {
struct cmndspec *prev; struct cmndspec *prev;
prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries);
@@ -1510,7 +1495,7 @@ case 35:
} }
break; break;
case 36: case 36:
#line 379 "gram.y" #line 378 "gram.y"
{ {
struct cmndspec *cs = calloc(1, sizeof(*cs)); struct cmndspec *cs = calloc(1, sizeof(*cs));
if (cs == NULL) { if (cs == NULL) {
@@ -1559,7 +1544,7 @@ case 36:
} }
break; break;
case 37: case 37:
#line 427 "gram.y" #line 426 "gram.y"
{ {
yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string);
if (yyval.digest == NULL) { if (yyval.digest == NULL) {
@@ -1569,7 +1554,7 @@ case 37:
} }
break; break;
case 38: case 38:
#line 434 "gram.y" #line 433 "gram.y"
{ {
yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string);
if (yyval.digest == NULL) { if (yyval.digest == NULL) {
@@ -1579,7 +1564,7 @@ case 38:
} }
break; break;
case 39: case 39:
#line 441 "gram.y" #line 440 "gram.y"
{ {
yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string);
if (yyval.digest == NULL) { if (yyval.digest == NULL) {
@@ -1589,7 +1574,7 @@ case 39:
} }
break; break;
case 40: case 40:
#line 448 "gram.y" #line 447 "gram.y"
{ {
yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string);
if (yyval.digest == NULL) { if (yyval.digest == NULL) {
@@ -1599,13 +1584,13 @@ case 40:
} }
break; break;
case 41: case 41:
#line 457 "gram.y" #line 456 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
} }
break; break;
case 42: case 42:
#line 460 "gram.y" #line 459 "gram.y"
{ {
if (yyvsp[0].member->type != COMMAND) { if (yyvsp[0].member->type != COMMAND) {
sudoerserror(N_("a digest requires a path name")); sudoerserror(N_("a digest requires a path name"));
@@ -1617,127 +1602,127 @@ case 42:
} }
break; break;
case 43: case 43:
#line 471 "gram.y" #line 470 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 44: case 44:
#line 475 "gram.y" #line 474 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 45: case 45:
#line 481 "gram.y" #line 480 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 46: case 46:
#line 486 "gram.y" #line 485 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 47: case 47:
#line 491 "gram.y" #line 490 "gram.y"
{ {
yyval.seinfo.role = NULL; yyval.seinfo.role = NULL;
yyval.seinfo.type = NULL; yyval.seinfo.type = NULL;
} }
break; break;
case 48: case 48:
#line 495 "gram.y" #line 494 "gram.y"
{ {
yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.role = yyvsp[0].string;
yyval.seinfo.type = NULL; yyval.seinfo.type = NULL;
} }
break; break;
case 49: case 49:
#line 499 "gram.y" #line 498 "gram.y"
{ {
yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.type = yyvsp[0].string;
yyval.seinfo.role = NULL; yyval.seinfo.role = NULL;
} }
break; break;
case 50: case 50:
#line 503 "gram.y" #line 502 "gram.y"
{ {
yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.role = yyvsp[-1].string;
yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.type = yyvsp[0].string;
} }
break; break;
case 51: case 51:
#line 507 "gram.y" #line 506 "gram.y"
{ {
yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.type = yyvsp[-1].string;
yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.role = yyvsp[0].string;
} }
break; break;
case 52: case 52:
#line 513 "gram.y" #line 512 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 53: case 53:
#line 517 "gram.y" #line 516 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 54: case 54:
#line 522 "gram.y" #line 521 "gram.y"
{ {
yyval.privinfo.privs = NULL; yyval.privinfo.privs = NULL;
yyval.privinfo.limitprivs = NULL; yyval.privinfo.limitprivs = NULL;
} }
break; break;
case 55: case 55:
#line 526 "gram.y" #line 525 "gram.y"
{ {
yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.privs = yyvsp[0].string;
yyval.privinfo.limitprivs = NULL; yyval.privinfo.limitprivs = NULL;
} }
break; break;
case 56: case 56:
#line 530 "gram.y" #line 529 "gram.y"
{ {
yyval.privinfo.privs = NULL; yyval.privinfo.privs = NULL;
yyval.privinfo.limitprivs = yyvsp[0].string; yyval.privinfo.limitprivs = yyvsp[0].string;
} }
break; break;
case 57: case 57:
#line 534 "gram.y" #line 533 "gram.y"
{ {
yyval.privinfo.privs = yyvsp[-1].string; yyval.privinfo.privs = yyvsp[-1].string;
yyval.privinfo.limitprivs = yyvsp[0].string; yyval.privinfo.limitprivs = yyvsp[0].string;
} }
break; break;
case 58: case 58:
#line 538 "gram.y" #line 537 "gram.y"
{ {
yyval.privinfo.limitprivs = yyvsp[-1].string; yyval.privinfo.limitprivs = yyvsp[-1].string;
yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.privs = yyvsp[0].string;
} }
break; break;
case 59: case 59:
#line 544 "gram.y" #line 543 "gram.y"
{ {
yyval.runas = NULL; yyval.runas = NULL;
} }
break; break;
case 60: case 60:
#line 547 "gram.y" #line 546 "gram.y"
{ {
yyval.runas = yyvsp[-1].runas; yyval.runas = yyvsp[-1].runas;
} }
break; break;
case 61: case 61:
#line 552 "gram.y" #line 551 "gram.y"
{ {
yyval.runas = calloc(1, sizeof(struct runascontainer)); yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas != NULL) { if (yyval.runas != NULL) {
@@ -1755,7 +1740,7 @@ case 61:
} }
break; break;
case 62: case 62:
#line 567 "gram.y" #line 566 "gram.y"
{ {
yyval.runas = calloc(1, sizeof(struct runascontainer)); yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas == NULL) { if (yyval.runas == NULL) {
@@ -1767,7 +1752,7 @@ case 62:
} }
break; break;
case 63: case 63:
#line 576 "gram.y" #line 575 "gram.y"
{ {
yyval.runas = calloc(1, sizeof(struct runascontainer)); yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas == NULL) { if (yyval.runas == NULL) {
@@ -1779,7 +1764,7 @@ case 63:
} }
break; break;
case 64: case 64:
#line 585 "gram.y" #line 584 "gram.y"
{ {
yyval.runas = calloc(1, sizeof(struct runascontainer)); yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas == NULL) { if (yyval.runas == NULL) {
@@ -1791,7 +1776,7 @@ case 64:
} }
break; break;
case 65: case 65:
#line 594 "gram.y" #line 593 "gram.y"
{ {
yyval.runas = calloc(1, sizeof(struct runascontainer)); yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas != NULL) { if (yyval.runas != NULL) {
@@ -1809,97 +1794,97 @@ case 65:
} }
break; break;
case 66: case 66:
#line 611 "gram.y" #line 610 "gram.y"
{ {
TAGS_INIT(yyval.tag); TAGS_INIT(yyval.tag);
} }
break; break;
case 67: case 67:
#line 614 "gram.y" #line 613 "gram.y"
{ {
yyval.tag.nopasswd = true; yyval.tag.nopasswd = true;
} }
break; break;
case 68: case 68:
#line 617 "gram.y" #line 616 "gram.y"
{ {
yyval.tag.nopasswd = false; yyval.tag.nopasswd = false;
} }
break; break;
case 69: case 69:
#line 620 "gram.y" #line 619 "gram.y"
{ {
yyval.tag.noexec = true; yyval.tag.noexec = true;
} }
break; break;
case 70: case 70:
#line 623 "gram.y" #line 622 "gram.y"
{ {
yyval.tag.noexec = false; yyval.tag.noexec = false;
} }
break; break;
case 71: case 71:
#line 626 "gram.y" #line 625 "gram.y"
{ {
yyval.tag.setenv = true; yyval.tag.setenv = true;
} }
break; break;
case 72: case 72:
#line 629 "gram.y" #line 628 "gram.y"
{ {
yyval.tag.setenv = false; yyval.tag.setenv = false;
} }
break; break;
case 73: case 73:
#line 632 "gram.y" #line 631 "gram.y"
{ {
yyval.tag.log_input = true; yyval.tag.log_input = true;
} }
break; break;
case 74: case 74:
#line 635 "gram.y" #line 634 "gram.y"
{ {
yyval.tag.log_input = false; yyval.tag.log_input = false;
} }
break; break;
case 75: case 75:
#line 638 "gram.y" #line 637 "gram.y"
{ {
yyval.tag.log_output = true; yyval.tag.log_output = true;
} }
break; break;
case 76: case 76:
#line 641 "gram.y" #line 640 "gram.y"
{ {
yyval.tag.log_output = false; yyval.tag.log_output = false;
} }
break; break;
case 77: case 77:
#line 644 "gram.y" #line 643 "gram.y"
{ {
yyval.tag.follow = true; yyval.tag.follow = true;
} }
break; break;
case 78: case 78:
#line 647 "gram.y" #line 646 "gram.y"
{ {
yyval.tag.follow = false; yyval.tag.follow = false;
} }
break; break;
case 79: case 79:
#line 650 "gram.y" #line 649 "gram.y"
{ {
yyval.tag.send_mail = true; yyval.tag.send_mail = true;
} }
break; break;
case 80: case 80:
#line 653 "gram.y" #line 652 "gram.y"
{ {
yyval.tag.send_mail = false; yyval.tag.send_mail = false;
} }
break; break;
case 81: case 81:
#line 658 "gram.y" #line 657 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1909,7 +1894,7 @@ case 81:
} }
break; break;
case 82: case 82:
#line 665 "gram.y" #line 664 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -1919,7 +1904,7 @@ case 82:
} }
break; break;
case 83: case 83:
#line 672 "gram.y" #line 671 "gram.y"
{ {
struct sudo_command *c = calloc(1, sizeof(*c)); struct sudo_command *c = calloc(1, sizeof(*c));
if (c == NULL) { if (c == NULL) {
@@ -1937,7 +1922,7 @@ case 83:
} }
break; break;
case 86: case 86:
#line 693 "gram.y" #line 692 "gram.y"
{ {
const char *s; const char *s;
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
@@ -1947,14 +1932,14 @@ case 86:
} }
break; break;
case 88: case 88:
#line 703 "gram.y" #line 702 "gram.y"
{ {
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 91: case 91:
#line 713 "gram.y" #line 712 "gram.y"
{ {
const char *s; const char *s;
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
@@ -1964,14 +1949,14 @@ case 91:
} }
break; break;
case 93: case 93:
#line 723 "gram.y" #line 722 "gram.y"
{ {
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 96: case 96:
#line 733 "gram.y" #line 732 "gram.y"
{ {
const char *s; const char *s;
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
@@ -1981,7 +1966,7 @@ case 96:
} }
break; break;
case 99: case 99:
#line 746 "gram.y" #line 745 "gram.y"
{ {
const char *s; const char *s;
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
@@ -1991,28 +1976,28 @@ case 99:
} }
break; break;
case 101: case 101:
#line 756 "gram.y" #line 755 "gram.y"
{ {
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 102: case 102:
#line 762 "gram.y" #line 761 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 103: case 103:
#line 766 "gram.y" #line 765 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 104: case 104:
#line 772 "gram.y" #line 771 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2022,7 +2007,7 @@ case 104:
} }
break; break;
case 105: case 105:
#line 779 "gram.y" #line 778 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2032,7 +2017,7 @@ case 105:
} }
break; break;
case 106: case 106:
#line 786 "gram.y" #line 785 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, NETGROUP); yyval.member = new_member(yyvsp[0].string, NETGROUP);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2042,7 +2027,7 @@ case 106:
} }
break; break;
case 107: case 107:
#line 793 "gram.y" #line 792 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, USERGROUP); yyval.member = new_member(yyvsp[0].string, USERGROUP);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2052,7 +2037,7 @@ case 107:
} }
break; break;
case 108: case 108:
#line 800 "gram.y" #line 799 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, WORD); yyval.member = new_member(yyvsp[0].string, WORD);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2062,28 +2047,28 @@ case 108:
} }
break; break;
case 110: case 110:
#line 810 "gram.y" #line 809 "gram.y"
{ {
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 111: case 111:
#line 816 "gram.y" #line 815 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 112: case 112:
#line 820 "gram.y" #line 819 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 113: case 113:
#line 826 "gram.y" #line 825 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2093,7 +2078,7 @@ case 113:
} }
break; break;
case 114: case 114:
#line 833 "gram.y" #line 832 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2103,7 +2088,7 @@ case 114:
} }
break; break;
case 115: case 115:
#line 840 "gram.y" #line 839 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, WORD); yyval.member = new_member(yyvsp[0].string, WORD);
if (yyval.member == NULL) { if (yyval.member == NULL) {
@@ -2112,7 +2097,7 @@ case 115:
} }
} }
break; break;
#line 2063 "gram.c" #line 2048 "gram.c"
} }
yyssp -= yym; yyssp -= yym;
yystate = *yyssp; yystate = *yyssp;

47
plugins/sudoers/gram.y
View File

@@ -53,7 +53,6 @@
* Globals * Globals
*/ */
bool sudoers_warnings = true; bool sudoers_warnings = true;
bool allow_unknown_defaults = true;
bool parse_error = false; bool parse_error = false;
int errorlineno = -1; int errorlineno = -1;
char *errorfile = NULL; char *errorfile = NULL;
@@ -66,7 +65,7 @@ struct userspec_list userspecs = TAILQ_HEAD_INITIALIZER(userspecs);
*/ */
static bool add_defaults(int, struct member *, struct defaults *); static bool add_defaults(int, struct member *, struct defaults *);
static bool add_userspec(struct member *, struct privilege *); static bool add_userspec(struct member *, struct privilege *);
static struct defaults *new_default(char *, char *, int); static struct defaults *new_default(char *, char *, short);
static struct member *new_member(char *, int); static struct member *new_member(char *, int);
static struct sudo_digest *new_digest(int, const char *); static struct sudo_digest *new_digest(int, const char *);
%} %}
@@ -884,7 +883,7 @@ sudoerserror(const char *s)
} }
static struct defaults * static struct defaults *
new_default(char *var, char *val, int op) new_default(char *var, char *val, short op)
{ {
struct defaults *d; struct defaults *d;
debug_decl(new_default, SUDOERS_DEBUG_PARSER) debug_decl(new_default, SUDOERS_DEBUG_PARSER)
@@ -900,6 +899,14 @@ new_default(char *var, char *val, int op)
/* d->type = 0; */ /* d->type = 0; */
d->op = op; d->op = op;
/* d->binding = NULL */ /* d->binding = NULL */
d->lineno = last_token == COMMENT ? sudolineno - 1 : sudolineno;
d->file = strdup(sudoers);
if (d->file == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate memory");
free(d);
debug_return_ptr(NULL);
}
HLTQ_INIT(d, entries); HLTQ_INIT(d, entries);
debug_return_ptr(d); debug_return_ptr(d);
@@ -958,7 +965,6 @@ add_defaults(int type, struct member *bmem, struct defaults *defs)
{ {
struct defaults *d, *next; struct defaults *d, *next;
struct member_list *binding; struct member_list *binding;
bool binding_used = false;
bool ret = true; bool ret = true;
debug_decl(add_defaults, SUDOERS_DEBUG_PARSER) debug_decl(add_defaults, SUDOERS_DEBUG_PARSER)
@@ -979,33 +985,12 @@ add_defaults(int type, struct member *bmem, struct defaults *defs)
/* /*
* Set type and binding (who it applies to) for new entries. * Set type and binding (who it applies to) for new entries.
* Then add to the global defaults list if it parses. * Then add to the global defaults list.
*/ */
HLTQ_FOREACH_SAFE(d, defs, entries, next) { HLTQ_FOREACH_SAFE(d, defs, entries, next) {
d->idx = parse_default(d->var, d->val, d->op, &d->sd_un, d->type = type;
sudoers, sudolineno, !sudoers_warnings); d->binding = binding;
if (d->idx != -1) { TAILQ_INSERT_TAIL(&defaults, d, entries);
/* Append to defaults list */
d->type = type;
d->binding = binding;
binding_used = true;
TAILQ_INSERT_TAIL(&defaults, d, entries);
} else {
/* Did not parse */
if (ret && !allow_unknown_defaults) {
sudoerserror(NULL);
ret = false;
}
free(d->var);
free(d->val);
free(d);
}
}
if (!binding_used) {
/* No valid Defaults entries, binding unused. */
free_members(binding);
free(binding);
} }
} }
@@ -1059,7 +1044,7 @@ free_members(struct member_list *members)
* the current sudoers file to path. * the current sudoers file to path.
*/ */
bool bool
init_parser(const char *path, bool quiet, bool strict_defaults) init_parser(const char *path, bool quiet)
{ {
struct member_list *binding; struct member_list *binding;
struct defaults *d, *d_next; struct defaults *d, *d_next;
@@ -1155,6 +1140,7 @@ init_parser(const char *path, bool quiet, bool strict_defaults)
/* no need to free sd_un */ /* no need to free sd_un */
free(d->var); free(d->var);
free(d->val); free(d->val);
free(d->file);
free(d); free(d);
} }
TAILQ_INIT(&defaults); TAILQ_INIT(&defaults);
@@ -1181,7 +1167,6 @@ init_parser(const char *path, bool quiet, bool strict_defaults)
free(errorfile); free(errorfile);
errorfile = NULL; errorfile = NULL;
sudoers_warnings = !quiet; sudoers_warnings = !quiet;
allow_unknown_defaults = !strict_defaults;
debug_return_bool(ret); debug_return_bool(ret);
} }

4
plugins/sudoers/ldap.c
View File

@@ -1162,7 +1162,7 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
goto done; goto done;
} }
op = sudo_ldap_parse_option(copy, &var, &val); op = sudo_ldap_parse_option(copy, &var, &val);
early = is_early_default_byname(var); early = is_early_default(var);
if (early != NULL) { if (early != NULL) {
set_early_default(var, val, op, set_early_default(var, val, op,
source ? source : "sudoRole UNKNOWN", 0, false, early); source ? source : "sudoRole UNKNOWN", 0, false, early);
@@ -1178,7 +1178,7 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry)
goto done; goto done;
} }
op = sudo_ldap_parse_option(copy, &var, &val); op = sudo_ldap_parse_option(copy, &var, &val);
if (is_early_default_byname(var) == NULL) { if (is_early_default(var) == NULL) {
set_default(var, val, op, set_default(var, val, op,
source ? source : "sudoRole UNKNOWN", 0, false); source ? source : "sudoRole UNKNOWN", 0, false);
} }

4
plugins/sudoers/parse.c
View File

@@ -87,7 +87,7 @@ sudo_file_close(struct sudo_nss *nss)
debug_decl(sudo_file_close, SUDOERS_DEBUG_NSS) debug_decl(sudo_file_close, SUDOERS_DEBUG_NSS)
/* Free parser data structures and close sudoers file. */ /* Free parser data structures and close sudoers file. */
init_parser(NULL, false, false); init_parser(NULL, false);
if (nss->handle != NULL) { if (nss->handle != NULL) {
fclose(nss->handle); fclose(nss->handle);
nss->handle = NULL; nss->handle = NULL;
@@ -107,7 +107,7 @@ sudo_file_parse(struct sudo_nss *nss)
if (nss->handle == NULL) if (nss->handle == NULL)
debug_return_int(-1); debug_return_int(-1);
init_parser(sudoers_file, false, false); init_parser(sudoers_file, false);
sudoersin = nss->handle; sudoersin = nss->handle;
if (sudoersparse() != 0 || parse_error) { if (sudoersparse() != 0 || parse_error) {
if (errorlineno != -1) { if (errorlineno != -1) {

11
plugins/sudoers/parse.h
View File

@@ -221,10 +221,11 @@ struct defaults {
char *var; /* variable name */ char *var; /* variable name */
char *val; /* variable value */ char *val; /* variable value */
struct member_list *binding; /* user/host/runas binding */ struct member_list *binding; /* user/host/runas binding */
int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ char *file; /* file Defaults entry was in */
int op; /* true, false, '+', '-' */ short type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
int idx; /* index into sudo_defs_table */ char op; /* true, false, '+', '-' */
union sudo_defs_val sd_un; /* parsed value */ char error; /* parse error flag */
int lineno; /* line number of Defaults entry */
}; };
/* /*
@@ -245,7 +246,7 @@ void alias_put(struct alias *a);
bool init_aliases(void); bool init_aliases(void);
/* gram.c */ /* gram.c */
bool init_parser(const char *path, bool quiet, bool strict_defaults); bool init_parser(const char *path, bool quiet);
void free_members(struct member_list *members); void free_members(struct member_list *members);
/* match_addr.c */ /* match_addr.c */

1
plugins/sudoers/regress/parser/check_fill.c
View File

@@ -37,7 +37,6 @@
#include "sudo_compat.h" #include "sudo_compat.h"
#include "sudo_queue.h" #include "sudo_queue.h"
#include "defaults.h"
#include "parse.h" #include "parse.h"
#include "toke.h" #include "toke.h"
#include "sudo_plugin.h" #include "sudo_plugin.h"

4
plugins/sudoers/sssd.c
View File

@@ -1242,7 +1242,7 @@ sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rul
goto done; goto done;
} }
op = sudo_sss_parse_option(copy, &var, &val); op = sudo_sss_parse_option(copy, &var, &val);
early = is_early_default_byname(var); early = is_early_default(var);
if (early != NULL) { if (early != NULL) {
set_early_default(var, val, op, set_early_default(var, val, op,
source ? source : "sudoRole UNKNOWN", 0, false, early); source ? source : "sudoRole UNKNOWN", 0, false, early);
@@ -1258,7 +1258,7 @@ sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rul
goto done; goto done;
} }
op = sudo_sss_parse_option(copy, &var, &val); op = sudo_sss_parse_option(copy, &var, &val);
if (is_early_default_byname(var) == NULL) { if (is_early_default(var) == NULL) {
set_default(var, val, op, set_default(var, val, op,
source ? source : "sudoRole UNKNOWN", 0, false); source ? source : "sudoRole UNKNOWN", 0, false);
} }

2
plugins/sudoers/testsudoers.c
View File

@@ -261,7 +261,7 @@ main(int argc, char *argv[])
} }
/* Allocate space for data structures in the parser. */ /* Allocate space for data structures in the parser. */
init_parser("sudoers", false, true); init_parser("sudoers", false);
/* /*
* Set runas passwd/group entries based on command line or sudoers. * Set runas passwd/group entries based on command line or sudoers.

51
plugins/sudoers/visudo.c
View File

@@ -245,7 +245,7 @@ main(int argc, char *argv[])
*/ */
if ((sudoersin = open_sudoers(sudoers_file, true, NULL)) == NULL) if ((sudoersin = open_sudoers(sudoers_file, true, NULL)) == NULL)
exit(1); exit(1);
init_parser(sudoers_file, quiet, true); init_parser(sudoers_file, quiet);
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
(void) sudoersparse(); (void) sudoersparse();
(void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, quiet); (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, quiet);
@@ -551,6 +551,39 @@ done:
debug_return_bool(ret); debug_return_bool(ret);
} }
/*
* Check Defaults and Alias entries.
* Sets parse_error on error and errorfile/errorlineno if possible.
*/
static void
check_defaults_and_aliases(bool strict, bool quiet)
{
debug_decl(check_defaults_and_aliases, SUDOERS_DEBUG_UTIL)
if (!check_defaults(quiet)) {
struct defaults *d;
free(errorfile);
errorfile = NULL;
/* XXX - should edit all files with errors */
TAILQ_FOREACH(d, &defaults, entries) {
if (d->error) {
/* Defaults parse error, adopt the file name. */
errorfile = d->file;
errorlineno = d->lineno;
d->file = NULL;
d->error = false; /* paranoia */
break;
}
}
parse_error = true;
} else if (check_aliases(strict, quiet) != 0) {
free(errorfile);
errorfile = NULL; /* don't know which file */
parse_error = true;
}
debug_return;
}
/* /*
* Parse sudoers after editing and re-edit any ones that caused a parse error. * Parse sudoers after editing and re-edit any ones that caused a parse error.
*/ */
@@ -576,7 +609,7 @@ reparse_sudoers(char *editor, int editor_argc, char **editor_argv,
/* Clean slate for each parse */ /* Clean slate for each parse */
if (!init_defaults()) if (!init_defaults())
sudo_fatalx(U_("unable to initialize sudoers default values")); sudo_fatalx(U_("unable to initialize sudoers default values"));
init_parser(sp->path, quiet, true); init_parser(sp->path, quiet);
/* Parse the sudoers temp file(s) */ /* Parse the sudoers temp file(s) */
sudoersrestart(fp); sudoersrestart(fp);
@@ -592,11 +625,7 @@ reparse_sudoers(char *editor, int editor_argc, char **editor_argv,
fclose(sudoersin); fclose(sudoersin);
if (!parse_error) { if (!parse_error) {
(void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true); (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
if (check_aliases(strict, quiet) != 0) { check_defaults_and_aliases(strict, quiet);
parse_error = true;
free(errorfile);
errorfile = NULL; /* don't know which file */
}
} }
sudoers_setlocale(oldlocale, NULL); sudoers_setlocale(oldlocale, NULL);
@@ -924,7 +953,7 @@ check_syntax(const char *sudoers_file, bool quiet, bool strict, bool oldperms)
} }
if (!init_defaults()) if (!init_defaults())
sudo_fatalx(U_("unable to initialize sudoers default values")); sudo_fatalx(U_("unable to initialize sudoers default values"));
init_parser(sudoers_file, quiet, true); init_parser(sudoers_file, quiet);
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
if (sudoersparse() && !parse_error) { if (sudoersparse() && !parse_error) {
if (!quiet) if (!quiet)
@@ -936,11 +965,7 @@ check_syntax(const char *sudoers_file, bool quiet, bool strict, bool oldperms)
} }
if (!parse_error) { if (!parse_error) {
(void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true); (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER, true);
if (check_aliases(strict, quiet) != 0) { check_defaults_and_aliases(strict, quiet);
parse_error = true;
free(errorfile);
errorfile = NULL; /* don't know which file */
}
} }
sudoers_setlocale(oldlocale, NULL); sudoers_setlocale(oldlocale, NULL);
ok = !parse_error; ok = !parse_error;

2
plugins/sudoers/visudo_json.c
View File

@@ -1025,7 +1025,7 @@ export_sudoers(const char *sudoers_path, const char *export_path,
goto done; goto done;
} }
} }
init_parser(sudoers_path, quiet, true); init_parser(sudoers_path, quiet);
if (sudoersparse() && !parse_error) { if (sudoersparse() && !parse_error) {
if (!quiet) if (!quiet)
sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_path); sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_path);