Add sudoerserrorf(), a printf-style yyerror() function.

Use this to display a better error message when using a reserved
work in an alias definition.

plugins/sudoers/alias.c

@@ -122,6 +122,7 @@ alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type,
 
     if (parse_tree->aliases == NULL) {
 	if ((parse_tree->aliases = alloc_aliases()) == NULL) {
+	    /* XXX - return error code instead */
 	    strlcpy(errbuf, N_("unable to allocate memory"), sizeof(errbuf));
 	    debug_return_str(errbuf);
 	}
@@ -129,6 +130,7 @@ alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type,
 
     a = calloc(1, sizeof(*a));
     if (a == NULL) {
+	/* XXX - return error code instead */
 	strlcpy(errbuf, N_("unable to allocate memory"), sizeof(errbuf));
 	debug_return_str(errbuf);
     }
@@ -141,11 +143,13 @@ alias_add(struct sudoers_parse_tree *parse_tree, char *name, int type,
     HLTQ_TO_TAILQ(&a->members, members, entries);
     switch (rbinsert(parse_tree->aliases, a, NULL)) {
     case 1:
+	/* XXX - return error code instead, this is not translatable. */
 	(void)snprintf(errbuf, sizeof(errbuf),
 	    N_("Alias \"%s\" already defined"), name);
 	alias_free(a);
 	debug_return_str(errbuf);
     case -1:
+	/* XXX - return error code instead */
 	(void)strlcpy(errbuf, N_("unable to allocate memory"), sizeof(errbuf));
 	alias_free(a);
 	debug_return_str(errbuf);

plugins/sudoers/gram.y

@@ -181,6 +181,7 @@ static struct command_digest *new_digest(int, char *);
 %type <string>	  includedir
 %type <digest>	  digestspec
 %type <digest>	  digestlist
+%type <string>	  reserved_word
 
 %%
 
@@ -698,20 +699,20 @@ runaslist	:	/* empty */ {
 			}
 		;
 
-reserved_word	:	ALL
-		|	CHROOT
-		|	CWD
-		|	CMND_TIMEOUT
-		|	NOTBEFORE
-		|	NOTAFTER
-		|	ROLE
-		|	TYPE
-		|	PRIVS
-		|	LIMITPRIVS
+reserved_word	:	ALL		{ $$ = "ALL"; }
+		|	CHROOT		{ $$ = "CHROOT"; }
+		|	CWD		{ $$ = "CWD"; }
+		|	CMND_TIMEOUT	{ $$ = "CMND_TIMEOUT"; }
+		|	NOTBEFORE	{ $$ = "NOTBEFORE"; }
+		|	NOTAFTER	{ $$ = "NOTAFTER"; }
+		|	ROLE		{ $$ = "ROLE"; }
+		|	TYPE		{ $$ = "TYPE"; }
+		|	PRIVS		{ $$ = "PRIVS"; }
+		|	LIMITPRIVS	{ $$ = "LIMITPRIVS"; }
 		;
 
 reserved_alias	:	reserved_word {
-			    sudoerserror(N_("syntax error, reserved word used as an alias name"));
+			    sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), $1);
 			    YYERROR;
 			}
 		;
@@ -1041,10 +1042,11 @@ group		:	ALIAS {
 			}
 		;
 %%
+/* Like yyerror() but takes a printf-style format string. */
 void
-sudoerserror(const char *s)
+sudoerserrorf(const char *fmt, ...)
 {
-    debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER);
+    debug_decl(sudoerserrorf, SUDOERS_DEBUG_PARSER);
 
     /* The lexer displays more detailed messages for ERROR tokens. */
     if (sudoerschar == ERROR)
@@ -1056,16 +1058,28 @@ sudoerserror(const char *s)
 	rcstr_delref(errorfile);
 	errorfile = rcstr_addref(sudoers);
     }
-    if (sudoers_warnings && s != NULL) {
+    if (sudoers_warnings && fmt != NULL) {
 	LEXTRACE("<*> ");
 #ifndef TRACELEXER
 	if (trace_print == NULL || trace_print == sudoers_trace_print) {
+	    char *s, *tofree = NULL;
 	    int oldlocale;
+	    va_list ap;
 
 	    /* Warnings are displayed in the user's locale. */
 	    sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
+	    va_start(ap, fmt);
+	    if (strcmp(fmt, "%s") == 0) {
+		/* Optimize common case, a single string. */
+		s = _(va_arg(ap, char *));
+	    } else {
+		if (vasprintf(&s, fmt, ap) == -1)
+		    s = _("syntax error");
+	    }
 	    sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%d: %s\n"), sudoers,
-		this_lineno, (int)sudolinebuf.toke_start + 1, _(s));
+		this_lineno, (int)sudolinebuf.toke_start + 1, s);
+	    free(tofree);
+	    va_end(ap);
 	    sudoers_setlocale(oldlocale, NULL);
 
 	    /* Display the offending line and token if possible. */
@@ -1092,6 +1106,15 @@ sudoerserror(const char *s)
     debug_return;
 }
 
+void
+sudoerserror(const char *s)
+{
+    if (s == NULL)
+	sudoerserrorf(NULL);
+    else
+	sudoerserrorf("%s", s);
+}
+
 static struct defaults *
 new_default(char *var, char *val, short op)
 {

plugins/sudoers/logging.h

@@ -20,11 +20,7 @@
 #ifndef SUDOERS_LOGGING_H
 #define SUDOERS_LOGGING_H
 
-#ifdef __STDC__
-# include <stdarg.h>
-#else
-# include <varargs.h>
-#endif
+#include <stdarg.h>
 
 /*
  * Values for sudoers_setlocale()

plugins/sudoers/regress/testsudoers/test13.out.ok

@@ -1,21 +1,21 @@
 Testing alias definitions using reserved words
 
-sudoers:1:12: syntax error, reserved word used as an alias name
+sudoers:1:12: syntax error, reserved word ALL used as an alias name
 Cmnd_Alias ALL=ALL
            ^~~
-sudoers:2:12: syntax error, reserved word used as an alias name
+sudoers:2:12: syntax error, reserved word CHROOT used as an alias name
 Cmnd_Alias CHROOT=foo
            ^~~~~~
-sudoers:3:12: syntax error, reserved word used as an alias name
+sudoers:3:12: syntax error, reserved word CMND_TIMEOUT used as an alias name
 User_Alias TIMEOUT=foo
            ^~~~~~~
-sudoers:4:13: syntax error, reserved word used as an alias name
+sudoers:4:13: syntax error, reserved word CWD used as an alias name
 Runas_Alias CWD=bar
             ^~~
-sudoers:5:12: syntax error, reserved word used as an alias name
+sudoers:5:12: syntax error, reserved word NOTBEFORE used as an alias name
 Host_Alias NOTBEFORE=baz
            ^~~~~~~~~
-sudoers:6:12: syntax error, reserved word used as an alias name
+sudoers:6:12: syntax error, reserved word NOTAFTER used as an alias name
 Host_Alias NOTAFTER=biff
            ^~~~~~~~
 

plugins/sudoers/toke.h

@@ -35,6 +35,7 @@ bool fill_cmnd(const char *, size_t);
 bool fill_txt(const char *, size_t, size_t);
 bool ipv6_valid(const char *s);
 int sudoers_trace_print(const char *);
+void sudoerserrorf(const char *, ...) __printf0like(1, 2);
 void sudoerserror(const char *);
 bool push_include(const char *, bool);