isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix -Wshadow warnings.

Browse Source
This commit is contained in:
Todd C. Miller
2020-09-25 15:09:45 -06:00
parent 7eda22c729
commit 88dcdcd11d
24 changed files with 151 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/util/closefrom.c
View File

@@ -86,7 +86,7 @@ void
sudo_closefrom(int lowfd)
{
#if defined(HAVE_PSTAT_GETPROC)
struct pst_status pstat;
struct pst_status pst;
#elif defined(HAVE_DIRFD)
const char *path;
DIR *dirp;
@@ -102,11 +102,11 @@ sudo_closefrom(int lowfd)
* EOVERFLOW is not a fatal error for the fields we use.
* See the "EOVERFLOW Error" section of pstat_getvminfo(3).
*/
if (pstat_getproc(&pstat, sizeof(pstat), 0, getpid()) != -1 ||
if (pstat_getproc(&pst, sizeof(pst), 0, getpid()) != -1 ||
errno == EOVERFLOW) {
int fd;
for (fd = lowfd; fd <= pstat.pst_highestfd; fd++)
for (fd = lowfd; fd <= pst.pst_highestfd; fd++)
(void) close(fd);
return;
}

7
lib/util/getentropy.c
View File

@@ -399,7 +399,7 @@ getentropy_fallback(void *buf, size_t len)
struct timespec ts;
struct timeval tv;
struct rusage ru;
sigset_t sigset;
sigset_t set;
struct stat st;
struct sudo_digest *ctx;
static pid_t lastpid;
@@ -451,9 +451,8 @@ getentropy_fallback(void *buf, size_t len)
(void) nanosleep(&ts, NULL);
}
HX(sigpending(&sigset) == -1, sigset);
HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
sigset);
HX(sigpending(&set) == -1, set);
HX(sigprocmask(SIG_BLOCK, NULL, &set) == -1, set);
HF(sudo_getentropy); /* an addr in this library */
HF(printf); /* an addr in libc */

24
lib/util/pipe2.c
View File

@@ -36,24 +36,24 @@ sudo_pipe2(int fildes[2], int flags)
if (pipe(fildes) != 0)
return -1;
if (ISSET(flags, O_NONBLOCK)) {
int flags = fcntl(fildes[0], F_GETFL, 0);
if (flags == -1)
goto bad;
if (fcntl(fildes[0], F_SETFL, flags | O_NONBLOCK) == -1)
goto bad;
flags = fcntl(fildes[1], F_GETFL, 0);
if (flags == -1)
goto bad;
if (fcntl(fildes[1], F_SETFL, flags | O_NONBLOCK) == -1)
goto bad;
}
if (ISSET(flags, O_CLOEXEC)) {
if (fcntl(fildes[0], F_SETFD, FD_CLOEXEC) == -1)
goto bad;
if (fcntl(fildes[1], F_SETFD, FD_CLOEXEC) == -1)
goto bad;
}
if (ISSET(flags, O_NONBLOCK)) {
int oflags = fcntl(fildes[0], F_GETFL, 0);
if (oflags == -1)
goto bad;
if (fcntl(fildes[0], F_SETFL, oflags | O_NONBLOCK) == -1)
goto bad;
oflags = fcntl(fildes[1], F_GETFL, 0);
if (oflags == -1)
goto bad;
if (fcntl(fildes[1], F_SETFL, oflags | O_NONBLOCK) == -1)
goto bad;
}
return 0;
bad:
close(fildes[0]);

4
lib/util/term.c
View File

@@ -86,7 +86,7 @@
# define PENDIN 0
#endif
static struct termios term, oterm;
static struct termios oterm;
static int changed;
/* tgetpass() needs to know the erase and kill chars for cbreak mode. */
@@ -159,6 +159,7 @@ sudo_term_restore_v1(int fd, bool flush)
bool
sudo_term_noecho_v1(int fd)
{
struct termios term;
debug_decl(sudo_term_noecho, SUDO_DEBUG_UTIL);
if (!changed && tcgetattr(fd, &oterm) != 0)
@@ -206,6 +207,7 @@ sudo_term_raw_v1(int fd, int isig)
bool
sudo_term_cbreak_v1(int fd)
{
struct termios term;
debug_decl(sudo_term_cbreak, SUDO_DEBUG_UTIL);
if (!changed && tcgetattr(fd, &oterm) != 0)

2
lib/util/ttyname_dev.c
View File

@@ -158,8 +158,6 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, char *name, size_t namelen)
pathbuf[sdlen++] = '/';
while ((dp = readdir(d)) != NULL) {
struct stat sb;
/* Skip anything starting with "." */
if (dp->d_name[0] == '.')
continue;

12
plugins/sudoers/auth/pam.c
View File

@@ -190,7 +190,7 @@ static int
sudo_pam_init2(struct passwd *pw, sudo_auth *auth, bool quiet)
{
static int pam_status = PAM_SUCCESS;
const char *tty = user_ttypath;
const char *ttypath = user_ttypath;
const char *errstr, *pam_service;
int rc;
debug_decl(sudo_pam_init, SUDOERS_DEBUG_AUTH);
@@ -249,15 +249,15 @@ sudo_pam_init2(struct passwd *pw, sudo_auth *auth, bool quiet)
* Some PAM modules assume PAM_TTY is set and will misbehave (or crash)
* if it is not. Known offenders include pam_lastlog and pam_time.
*/
if (tty == NULL)
tty = "";
if (ttypath == NULL)
ttypath = "";
#endif
if (tty != NULL) {
rc = pam_set_item(pamh, PAM_TTY, tty);
if (ttypath != NULL) {
rc = pam_set_item(pamh, PAM_TTY, ttypath);
if (rc != PAM_SUCCESS) {
errstr = sudo_pam_strerror(pamh, rc);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"pam_set_item(pamh, PAM_TTY, %s): %s", tty, errstr);
"pam_set_item(pamh, PAM_TTY, %s): %s", ttypath, errstr);
}
}

4
plugins/sudoers/cvtsudoers.c
View File

@@ -652,9 +652,9 @@ parse_sudoers(const char *input_file, struct cvtsudoers_config *conf)
}
FILE *
open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
open_sudoers(const char *file, bool doedit, bool *keepopen)
{
return fopen(sudoers, "r");
return fopen(file, "r");
}
static bool

4
plugins/sudoers/env.c
View File

@@ -1327,9 +1327,9 @@ static struct sudoers_env_file env_file_system = {
void
register_env_file(void * (*ef_open)(const char *), void (*ef_close)(void *),
char * (*ef_next)(void *, int *), bool system)
char * (*ef_next)(void *, int *), bool sys)
{
struct sudoers_env_file *ef = system ? &env_file_system : &env_file_sudoers;
struct sudoers_env_file *ef = sys ? &env_file_system : &env_file_sudoers;
ef->open = ef_open;
ef->close = ef_close;

10
plugins/sudoers/getdate.c
View File

@@ -902,7 +902,7 @@ get_date(char *p)
time_t Start;
time_t tod;
time_t now;
time_t timezone;
time_t tz;
yyInput = p;
(void)time (&now);
@@ -922,22 +922,22 @@ get_date(char *p)
return -1;
if (gmt != NULL)
timezone = difftm (gmt, tm) / 60;
tz = difftm (gmt, tm) / 60;
else
/* We are on a system like VMS, where the system clock is
in local time and the system has no concept of timezones.
Hopefully we can fake this out (for the case in which the
user specifies no timezone) by just saying the timezone
is zero. */
timezone = 0;
tz = 0;
if(tm->tm_isdst)
timezone += 60;
tz += 60;
yyYear = tm->tm_year + 1900;
yyMonth = tm->tm_mon + 1;
yyDay = tm->tm_mday;
yyTimezone = timezone;
yyTimezone = tz;
yyDSTmode = DSTmaybe;
yyHour = 0;
yyMinutes = 0;

10
plugins/sudoers/getdate.y
View File

@@ -828,7 +828,7 @@ get_date(char *p)
time_t Start;
time_t tod;
time_t now;
time_t timezone;
time_t tz;
yyInput = p;
(void)time (&now);
@@ -848,22 +848,22 @@ get_date(char *p)
return -1;
if (gmt != NULL)
timezone = difftm (gmt, tm) / 60;
tz = difftm (gmt, tm) / 60;
else
/* We are on a system like VMS, where the system clock is
in local time and the system has no concept of timezones.
Hopefully we can fake this out (for the case in which the
user specifies no timezone) by just saying the timezone
is zero. */
timezone = 0;
tz = 0;
if(tm->tm_isdst)
timezone += 60;
tz += 60;
yyYear = tm->tm_year + 1900;
yyMonth = tm->tm_mon + 1;
yyDay = tm->tm_mday;
yyTimezone = timezone;
yyTimezone = tz;
yyDSTmode = DSTmaybe;
yyHour = 0;
yyMinutes = 0;

10
plugins/sudoers/gmtoff.c
View File

@@ -36,24 +36,24 @@
*/
#ifdef HAVE_STRUCT_TM_TM_GMTOFF
long
get_gmtoff(time_t *clock)
get_gmtoff(time_t *when)
{
struct tm *local;
local = localtime(clock);
local = localtime(when);
return local->tm_gmtoff;
}
#else
long
get_gmtoff(time_t *clock)
get_gmtoff(time_t *when)
{
struct tm *gm, gmt, *local;
long offset;
if ((gm = gmtime(clock)) == NULL)
if ((gm = gmtime(when)) == NULL)
return 0;
gmt = *gm;
if ((local = localtime(clock)) == NULL)
if ((local = localtime(when)) == NULL)
return 0;
offset = (local->tm_sec - gmt.tm_sec) +

14
plugins/sudoers/locale.c
View File

@@ -76,19 +76,19 @@ sudoers_initlocale(const char *ulocale, const char *slocale)
/*
* Set locale to user or sudoers value.
* Returns true on success and false on failure,
* If prevlocale is non-NULL it will be filled in with the
* If prev_locale is non-NULL it will be filled in with the
* old SUDOERS_LOCALE_* value.
*/
bool
sudoers_setlocale(int newlocale, int *prevlocale)
sudoers_setlocale(int locale_type, int *prev_locale)
{
char *res = NULL;
debug_decl(sudoers_setlocale, SUDOERS_DEBUG_UTIL);
switch (newlocale) {
switch (locale_type) {
case SUDOERS_LOCALE_USER:
if (prevlocale)
*prevlocale = current_locale;
if (prev_locale)
*prev_locale = current_locale;
if (current_locale != SUDOERS_LOCALE_USER) {
current_locale = SUDOERS_LOCALE_USER;
sudo_debug_printf(SUDO_DEBUG_DEBUG,
@@ -105,8 +105,8 @@ sudoers_setlocale(int newlocale, int *prevlocale)
}
break;
case SUDOERS_LOCALE_SUDOERS:
if (prevlocale)
*prevlocale = current_locale;
if (prev_locale)
*prev_locale = current_locale;
if (current_locale != SUDOERS_LOCALE_SUDOERS) {
current_locale = SUDOERS_LOCALE_SUDOERS;
sudo_debug_printf(SUDO_DEBUG_DEBUG,

2
plugins/sudoers/logging.h
View File

@@ -72,7 +72,7 @@ bool do_logfile(const char *msg);
bool do_syslog(int pri, const char *msg);
char *new_logline(const char *, const char *);
bool sudoers_warn_setlocale(bool restore, int *cookie);
bool sudoers_setlocale(int newlocale, int *prevlocale);
bool sudoers_setlocale(int locale_type, int *prev_locale);
int sudoers_getlocale(void);
int audit_failure(char *const argv[], char const *const fmt, ...) __printflike(2, 3);
int vaudit_failure(char *const argv[], char const *const fmt, va_list ap) __printflike(2, 0);

4
plugins/sudoers/policy.c
View File

@@ -1053,13 +1053,13 @@ sudoers_policy_validate(const char **errstr)
}
static void
sudoers_policy_invalidate(int remove)
sudoers_policy_invalidate(int unlinkit)
{
debug_decl(sudoers_policy_invalidate, SUDOERS_DEBUG_PLUGIN);
user_cmnd = "kill";
/* XXX - plugin API should support a return value for fatal errors. */
timestamp_remove(remove);
timestamp_remove(unlinkit);
sudoers_cleanup();
debug_return;

6
plugins/sudoers/starttime.c
View File

@@ -268,7 +268,7 @@ done:
int
get_starttime(pid_t pid, struct timespec *starttime)
{
struct pst_status pstat;
struct pst_status pst;
int rc;
debug_decl(get_starttime, SUDOERS_DEBUG_UTIL);
@@ -277,9 +277,9 @@ get_starttime(pid_t pid, struct timespec *starttime)
* EOVERFLOW is not a fatal error for the fields we use.
* See the "EOVERFLOW Error" section of pstat_getvminfo(3).
*/
rc = pstat_getproc(&pstat, sizeof(pstat), 0, pid);
rc = pstat_getproc(&pst, sizeof(pst), 0, pid);
if (rc != -1 || errno == EOVERFLOW) {
starttime->tv_sec = pstat.pst_start;
starttime->tv_sec = pst.pst_start;
starttime->tv_nsec = 0;
sudo_debug_printf(SUDO_DEBUG_INFO,

24
plugins/sudoers/sudoers.c
View File

@@ -1049,11 +1049,11 @@ set_cmnd(void)
}
/*
* Open sudoers and sanity check mode/owner/type.
* Open sudoers file and sanity check mode/owner/type.
* Returns a handle to the sudoers file or NULL on error.
*/
FILE *
open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
open_sudoers(const char *file, bool doedit, bool *keepopen)
{
struct stat sb;
FILE *fp = NULL;
@@ -1064,7 +1064,7 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
debug_return_ptr(NULL);
again:
switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
switch (sudo_secure_file(file, sudoers_uid, sudoers_gid, &sb)) {
case SUDO_PATH_SECURE:
/*
* If we are expecting sudoers to be group readable by
@@ -1080,15 +1080,15 @@ again:
}
}
/*
* Open sudoers and make sure we can read it so we can present
* Open file and make sure we can read it so we can present
* the user with a reasonable error message (unlike the lexer).
*/
if ((fp = fopen(sudoers, "r")) == NULL) {
log_warning(SLOG_SEND_MAIL, N_("unable to open %s"), sudoers);
if ((fp = fopen(file, "r")) == NULL) {
log_warning(SLOG_SEND_MAIL, N_("unable to open %s"), file);
} else {
if (sb.st_size != 0 && fgetc(fp) == EOF) {
log_warning(SLOG_SEND_MAIL,
N_("unable to read %s"), sudoers);
N_("unable to read %s"), file);
fclose(fp);
fp = NULL;
} else {
@@ -1113,23 +1113,23 @@ again:
}
errno = serrno;
}
log_warning(SLOG_SEND_MAIL, N_("unable to stat %s"), sudoers);
log_warning(SLOG_SEND_MAIL, N_("unable to stat %s"), file);
break;
case SUDO_PATH_BAD_TYPE:
log_warningx(SLOG_SEND_MAIL,
N_("%s is not a regular file"), sudoers);
N_("%s is not a regular file"), file);
break;
case SUDO_PATH_WRONG_OWNER:
log_warningx(SLOG_SEND_MAIL,
N_("%s is owned by uid %u, should be %u"), sudoers,
N_("%s is owned by uid %u, should be %u"), file,
(unsigned int) sb.st_uid, (unsigned int) sudoers_uid);
break;
case SUDO_PATH_WORLD_WRITABLE:
log_warningx(SLOG_SEND_MAIL, N_("%s is world writable"), sudoers);
log_warningx(SLOG_SEND_MAIL, N_("%s is world writable"), file);
break;
case SUDO_PATH_GROUP_WRITABLE:
log_warningx(SLOG_SEND_MAIL,
N_("%s is owned by gid %u, should be %u"), sudoers,
N_("%s is owned by gid %u, should be %u"), file,
(unsigned int) sb.st_gid, (unsigned int) sudoers_gid);
break;
default:

26
plugins/sudoers/testsudoers.c
View File

@@ -440,39 +440,39 @@ sudo_endspent(void)
}
FILE *
open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
open_sudoers(const char *file, bool doedit, bool *keepopen)
{
struct stat sb;
FILE *fp = NULL;
const char *sudoers_base;
const char *base;
debug_decl(open_sudoers, SUDOERS_DEBUG_UTIL);
sudoers_base = strrchr(sudoers, '/');
if (sudoers_base != NULL)
sudoers_base++;
base = strrchr(file, '/');
if (base != NULL)
base++;
else
sudoers_base = sudoers;
base = file;
switch (sudo_secure_file(sudoers, sudoers_uid, sudoers_gid, &sb)) {
switch (sudo_secure_file(file, sudoers_uid, sudoers_gid, &sb)) {
case SUDO_PATH_SECURE:
fp = fopen(sudoers, "r");
fp = fopen(file, "r");
break;
case SUDO_PATH_MISSING:
sudo_warn("unable to stat %s", sudoers_base);
sudo_warn("unable to stat %s", base);
break;
case SUDO_PATH_BAD_TYPE:
sudo_warnx("%s is not a regular file", sudoers_base);
sudo_warnx("%s is not a regular file", base);
break;
case SUDO_PATH_WRONG_OWNER:
sudo_warnx("%s should be owned by uid %u",
sudoers_base, (unsigned int) sudoers_uid);
base, (unsigned int) sudoers_uid);
break;
case SUDO_PATH_WORLD_WRITABLE:
sudo_warnx("%s is world writable", sudoers_base);
sudo_warnx("%s is world writable", base);
break;
case SUDO_PATH_GROUP_WRITABLE:
sudo_warnx("%s should be owned by gid %u",
sudoers_base, (unsigned int) sudoers_gid);
base, (unsigned int) sudoers_gid);
break;
default:
/* NOTREACHED */

20
plugins/sudoers/visudo.c
View File

@@ -908,30 +908,30 @@ check_owner(const char *path, bool quiet)
}
static bool
check_syntax(const char *sudoers_file, bool quiet, bool strict, bool oldperms)
check_syntax(const char *file, bool quiet, bool strict, bool oldperms)
{
bool ok = false;
int oldlocale;
debug_decl(check_syntax, SUDOERS_DEBUG_UTIL);
if (strcmp(sudoers_file, "-") == 0) {
if (strcmp(file, "-") == 0) {
sudoersin = stdin;
sudoers_file = "stdin";
} else if ((sudoersin = fopen(sudoers_file, "r")) == NULL) {
file = "stdin";
} else if ((sudoersin = fopen(file, "r")) == NULL) {
if (!quiet)
sudo_warn(U_("unable to open %s"), sudoers_file);
sudo_warn(U_("unable to open %s"), file);
goto done;
}
if (!init_defaults())
sudo_fatalx("%s", U_("unable to initialize sudoers default values"));
init_parser(sudoers_file, quiet, true);
init_parser(file, quiet, true);
sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
if (sudoersparse() && !parse_error) {
if (!quiet)
sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_file);
sudo_warnx(U_("failed to parse %s file, unknown error"), file);
parse_error = true;
rcstr_delref(errorfile);
if ((errorfile = rcstr_dup(sudoers_file)) == NULL)
if ((errorfile = rcstr_dup(file)) == NULL)
sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
}
if (!parse_error) {
@@ -946,9 +946,9 @@ check_syntax(const char *sudoers_file, bool quiet, bool strict, bool oldperms)
struct sudoersfile *sp;
/* Parsed OK, check mode and owner. */
if (oldperms || check_owner(sudoers_file, quiet)) {
if (oldperms || check_owner(file, quiet)) {
if (!quiet)
(void) printf(_("%s: parsed OK\n"), sudoers_file);
(void) printf(_("%s: parsed OK\n"), file);
} else {
ok = false;
}

8
plugins/system_group/system_group.c
View File

@@ -47,8 +47,6 @@
* This can be used on systems where lookups by group ID are problematic.
*/
static sudo_printf_t sudo_log;
typedef struct group * (*sysgroup_getgrnam_t)(const char *);
typedef struct group * (*sysgroup_getgrgid_t)(gid_t);
typedef void (*sysgroup_gr_delref_t)(struct group *);
@@ -59,14 +57,12 @@ static sysgroup_gr_delref_t sysgroup_gr_delref;
static bool need_setent;
static int
sysgroup_init(int version, sudo_printf_t sudo_printf, char *const argv[])
sysgroup_init(int version, sudo_printf_t plugin_printf, char *const argv[])
{
void *handle;
sudo_log = sudo_printf;
if (SUDO_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) {
sudo_log(SUDO_CONV_ERROR_MSG,
plugin_printf(SUDO_CONV_ERROR_MSG,
"sysgroup_group: incompatible major version %d, expected %d\n",
SUDO_API_VERSION_GET_MAJOR(version),
GROUP_API_VERSION_MAJOR);

97
src/load_plugins.c
View File

@@ -263,11 +263,7 @@ done:
* Load the plugin specified by "info".
*/
static bool
sudo_load_plugin(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins,
struct plugin_container_list *approval_plugins,
struct plugin_info *info, bool quiet)
sudo_load_plugin(struct plugin_info *info, bool quiet)
{
struct generic_plugin *plugin;
char path[PATH_MAX];
@@ -315,9 +311,9 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
switch (plugin->type) {
case SUDO_POLICY_PLUGIN:
if (policy_plugin->handle != NULL) {
if (policy_plugin.handle != NULL) {
/* Ignore duplicate entries. */
if (strcmp(policy_plugin->name, info->symbol_name) == 0) {
if (strcmp(policy_plugin.name, info->symbol_name) == 0) {
if (!quiet) {
sudo_warnx(U_("ignoring duplicate plugin \"%s\" in %s, line %d"),
info->symbol_name, _PATH_SUDO_CONF, info->lineno);
@@ -334,19 +330,19 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
ret = true;
goto done;
}
if (!fill_container(policy_plugin, handle, path, plugin, info))
if (!fill_container(&policy_plugin, handle, path, plugin, info))
goto done;
break;
case SUDO_IO_PLUGIN:
if (!sudo_insert_plugin(io_plugins, handle, path, plugin, info))
if (!sudo_insert_plugin(&io_plugins, handle, path, plugin, info))
goto done;
break;
case SUDO_AUDIT_PLUGIN:
if (!sudo_insert_plugin(audit_plugins, handle, path, plugin, info))
if (!sudo_insert_plugin(&audit_plugins, handle, path, plugin, info))
goto done;
break;
case SUDO_APPROVAL_PLUGIN:
if (!sudo_insert_plugin(approval_plugins, handle, path, plugin, info))
if (!sudo_insert_plugin(&approval_plugins, handle, path, plugin, info))
goto done;
break;
default:
@@ -384,23 +380,21 @@ free_plugin_info(struct plugin_info *info)
}
static void
sudo_register_hooks(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins)
sudo_register_hooks(void)
{
struct plugin_container *container;
debug_decl(sudo_register_hooks, SUDO_DEBUG_PLUGIN);
if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 2)) {
if (policy_plugin->u.policy->register_hooks != NULL) {
sudo_debug_set_active_instance(policy_plugin->debug_instance);
policy_plugin->u.policy->register_hooks(SUDO_HOOK_VERSION,
if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 2)) {
if (policy_plugin.u.policy->register_hooks != NULL) {
sudo_debug_set_active_instance(policy_plugin.debug_instance);
policy_plugin.u.policy->register_hooks(SUDO_HOOK_VERSION,
register_hook);
sudo_debug_set_active_instance(sudo_debug_instance);
}
}
TAILQ_FOREACH(container, io_plugins, entries) {
TAILQ_FOREACH(container, &io_plugins, entries) {
if (container->u.io->version >= SUDO_API_MKVERSION(1, 2)) {
if (container->u.io->register_hooks != NULL) {
sudo_debug_set_active_instance(container->debug_instance);
@@ -411,7 +405,7 @@ sudo_register_hooks(struct plugin_container *policy_plugin,
}
}
TAILQ_FOREACH(container, audit_plugins, entries) {
TAILQ_FOREACH(container, &audit_plugins, entries) {
if (container->u.audit->register_hooks != NULL) {
sudo_debug_set_active_instance(container->debug_instance);
container->u.audit->register_hooks(SUDO_HOOK_VERSION,
@@ -424,16 +418,15 @@ sudo_register_hooks(struct plugin_container *policy_plugin,
}
static void
sudo_init_event_alloc(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins)
sudo_init_event_alloc(void)
{
struct plugin_container *container;
debug_decl(sudo_init_event_alloc, SUDO_DEBUG_PLUGIN);
if (policy_plugin->u.policy->version >= SUDO_API_MKVERSION(1, 15))
policy_plugin->u.policy->event_alloc = sudo_plugin_event_alloc;
if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15))
policy_plugin.u.policy->event_alloc = sudo_plugin_event_alloc;
TAILQ_FOREACH(container, io_plugins, entries) {
TAILQ_FOREACH(container, &io_plugins, entries) {
if (container->u.io->version >= SUDO_API_MKVERSION(1, 15))
container->u.io->event_alloc = sudo_plugin_event_alloc;
}
@@ -446,12 +439,7 @@ sudo_init_event_alloc(struct plugin_container *policy_plugin,
* Used to provide a default plugin when none are specified in sudo.conf.
*/
bool
sudo_load_sudoers_plugin(const char *symbol_name,
struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins,
struct plugin_container_list *approval_plugins,
bool optional)
sudo_load_sudoers_plugin(const char *symbol_name, bool optional)
{
struct plugin_info *info;
bool ret = false;
@@ -471,8 +459,7 @@ sudo_load_sudoers_plugin(const char *symbol_name,
goto done;
}
/* info->options = NULL; */
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins,
approval_plugins, info, optional);
ret = sudo_load_plugin(info, optional);
free_plugin_info(info);
done:
@@ -483,10 +470,7 @@ done:
* Load the plugins listed in sudo.conf.
*/
bool
sudo_load_plugins(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins,
struct plugin_container_list *approval_plugins)
sudo_load_plugins(void)
{
struct plugin_info_list *plugins;
struct plugin_info *info, *next;
@@ -496,8 +480,7 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
/* Walk the plugin list from sudo.conf, if any and free it. */
plugins = sudo_conf_plugins();
TAILQ_FOREACH_SAFE(info, plugins, entries, next) {
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins,
approval_plugins, info, false);
ret = sudo_load_plugin(info, false);
if (!ret)
goto done;
free_plugin_info(info);
@@ -508,58 +491,54 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
* If no policy plugin, fall back to the default (sudoers).
* If there is also no I/O log plugin, use sudoers for that too.
*/
if (policy_plugin->handle == NULL) {
if (policy_plugin.handle == NULL) {
/* Default policy plugin */
ret = sudo_load_sudoers_plugin("sudoers_policy", policy_plugin,
io_plugins, audit_plugins, approval_plugins, false);
ret = sudo_load_sudoers_plugin("sudoers_policy", false);
if (!ret)
goto done;
/* Default audit plugin, optional (sudoers < 1.9.1 lack this) */
(void)sudo_load_sudoers_plugin("sudoers_audit", policy_plugin,
io_plugins, audit_plugins, approval_plugins, true);
(void)sudo_load_sudoers_plugin("sudoers_audit", true);
/* Default I/O plugin */
if (TAILQ_EMPTY(io_plugins)) {
ret = sudo_load_sudoers_plugin("sudoers_io", policy_plugin,
io_plugins, audit_plugins, approval_plugins, false);
if (TAILQ_EMPTY(&io_plugins)) {
ret = sudo_load_sudoers_plugin("sudoers_io", false);
if (!ret)
goto done;
}
} else if (strcmp(policy_plugin->name, "sudoers_policy") == 0) {
} else if (strcmp(policy_plugin.name, "sudoers_policy") == 0) {
/*
* If policy plugin is sudoers_policy but there is no sudoers_audit
* loaded, load it too, if possible.
*/
if (!plugin_exists(audit_plugins, "sudoers_audit")) {
if (sudo_load_sudoers_plugin("sudoers_audit", policy_plugin,
io_plugins, audit_plugins, approval_plugins, true)) {
if (!plugin_exists(&audit_plugins, "sudoers_audit")) {
if (sudo_load_sudoers_plugin("sudoers_audit", true)) {
/*
* Move the plugin options from sudoers_policy to sudoers_audit
* since the audit module is now what actually opens sudoers.
*/
if (policy_plugin->options != NULL) {
TAILQ_LAST(audit_plugins, plugin_container_list)->options =
policy_plugin->options;
policy_plugin->options = NULL;
if (policy_plugin.options != NULL) {
TAILQ_LAST(&audit_plugins, plugin_container_list)->options =
policy_plugin.options;
policy_plugin.options = NULL;
}
}
}
}
/* TODO: check all plugins for open function too */
if (policy_plugin->u.policy->check_policy == NULL) {
if (policy_plugin.u.policy->check_policy == NULL) {
sudo_warnx(U_("policy plugin %s does not include a check_policy method"),
policy_plugin->name);
policy_plugin.name);
ret = false;
goto done;
}
/* Set event_alloc() in plugins. */
sudo_init_event_alloc(policy_plugin, io_plugins);
sudo_init_event_alloc();
/* Install hooks (XXX - later, after open). */
sudo_register_hooks(policy_plugin, io_plugins, audit_plugins);
sudo_register_hooks();
done:
debug_return_bool(ret);

15
src/sudo.c
View File

@@ -111,9 +111,9 @@ static int policy_show_version(int verbose);
static void policy_check(int argc, char * const argv[], char *env_add[],
char **command_info[], char **argv_out[], char **user_env_out[]);
static void policy_list(int argc, char * const argv[],
int verbose, const char *list_user, char * const envp[]);
int verbose, const char *user, char * const envp[]);
static void policy_validate(char * const argv[], char * const envp[]);
static void policy_invalidate(int remove);
static void policy_invalidate(int unlinkit);
/* I/O log plugin convenience functions. */
static void iolog_open(struct sudo_settings *settings, char * const user_info[],
@@ -226,8 +226,7 @@ main(int argc, char *argv[], char *envp[])
sudo_warn_set_conversation(sudo_conversation);
/* Load plugins. */
if (!sudo_load_plugins(&policy_plugin, &io_plugins, &audit_plugins,
&approval_plugins))
if (!sudo_load_plugins())
sudo_fatalx("%s", U_("fatal error, unable to load plugins"));
/* Allocate event base so plugin can use it. */
@@ -1205,7 +1204,7 @@ policy_check(int argc, char * const argv[],
static void
policy_list(int argc, char * const argv[], int verbose,
const char *list_user, char * const envp[])
const char *user, char * const envp[])
{
const char *errstr = NULL;
/* TODO: add list_user */
@@ -1221,7 +1220,7 @@ policy_list(int argc, char * const argv[], int verbose,
policy_plugin.name);
}
sudo_debug_set_active_instance(policy_plugin.debug_instance);
ok = policy_plugin.u.policy->list(argc, argv, verbose, list_user, &errstr);
ok = policy_plugin.u.policy->list(argc, argv, verbose, user, &errstr);
sudo_debug_set_active_instance(sudo_debug_instance);
switch (ok) {
@@ -1294,7 +1293,7 @@ policy_validate(char * const argv[], char * const envp[])
}
static void
policy_invalidate(int remove)
policy_invalidate(int unlinkit)
{
debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM);
@@ -1303,7 +1302,7 @@ policy_invalidate(int remove)
policy_plugin.name);
}
sudo_debug_set_active_instance(policy_plugin.debug_instance);
policy_plugin.u.policy->invalidate(remove);
policy_plugin.u.policy->invalidate(unlinkit);
if (policy_plugin.u.policy->version >= SUDO_API_MKVERSION(1, 15)) {
if (policy_plugin.u.policy->close != NULL)
policy_plugin.u.policy->close(0, 0);

5
src/sudo_plugin_int.h
View File

@@ -128,9 +128,6 @@ int sudo_conversation_1_7(int num_msgs, const struct sudo_conv_message msgs[],
struct sudo_conv_reply replies[]);
int sudo_conversation_printf(int msg_type, const char *fmt, ...);
bool sudo_load_plugins(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins,
struct plugin_container_list *approval_plugins);
bool sudo_load_plugins(void);
#endif /* SUDO_PLUGIN_INT_H */

8
src/tgetpass.c
View File

@@ -58,7 +58,7 @@ static char *getln(int, char *, size_t, bool, enum tgetpass_errval *);
static char *sudo_askpass(const char *, const char *);
static int
suspend(int signo, struct sudo_conv_callback *callback)
suspend(int sig, struct sudo_conv_callback *callback)
{
int ret = 0;
debug_decl(suspend, SUDO_DEBUG_CONV);
@@ -72,12 +72,12 @@ suspend(int signo, struct sudo_conv_callback *callback)
}
if (callback != NULL && callback->on_suspend != NULL) {
if (callback->on_suspend(signo, callback->closure) == -1)
if (callback->on_suspend(sig, callback->closure) == -1)
ret = -1;
}
kill(getpid(), signo);
kill(getpid(), sig);
if (callback != NULL && callback->on_resume != NULL) {
if (callback->on_resume(signo, callback->closure) == -1)
if (callback->on_resume(sig, callback->closure) == -1)
ret = -1;
}
debug_return_int(ret);

10
src/ttyname.c
View File

@@ -276,7 +276,7 @@ done:
char *
get_process_ttyname(char *name, size_t namelen)
{
struct pst_status pstat;
struct pst_status pst;
char *ret = NULL;
int rc, serrno = errno;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL);
@@ -286,12 +286,12 @@ get_process_ttyname(char *name, size_t namelen)
* EOVERFLOW is not a fatal error for the fields we use.
* See the "EOVERFLOW Error" section of pstat_getvminfo(3).
*/
rc = pstat_getproc(&pstat, sizeof(pstat), 0, getpid());
rc = pstat_getproc(&pst, sizeof(pst), 0, getpid());
if (rc != -1 || errno == EOVERFLOW) {
if (pstat.pst_term.psd_major != -1 && pstat.pst_term.psd_minor != -1) {
if (pst.pst_term.psd_major != -1 && pst.pst_term.psd_minor != -1) {
errno = serrno;
ret = sudo_ttyname_dev(makedev(pstat.pst_term.psd_major,
pstat.pst_term.psd_minor), name, namelen);
ret = sudo_ttyname_dev(makedev(pst.pst_term.psd_major,
pst.pst_term.psd_minor), name, namelen);
goto done;
}
}