Previously, we checked that the previous entry's binding pointer
was not the same while freeing. However, to be able to merge
Defaults records we cannot rely on Defaults entries with the same
binding being immediately adjacent. This removes the prev_binding
checks in favor of a reference count which allows us to plug the
memory leak in cvtsudoers when merging Defaults.
This means that lhost and shost in struct sudoers_parse_tree
are no longer const and that free_parse_tree() will free lhost/shost.
The only consumer that passed in lho.st/shost was the SSSD back-end
which has been updated to avoid a double-free.
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell. Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
The parser will use that when reporting on an ERROR state. This
prevents the lexer from reporting errors about tokens that are not
actually consumed by the parser and we don't have to worry about
both the lexer and the parser reporting errors. It also means we
only get one error per sudoers line.
We need to be able to display it using alias_error().
Only free what we actually allocated in alias_add() on error and
let the caller handle cleanup. Note that we cannot completely fill
in the alias until it is inserted. Otherwise, we will have modified
the file and members parameters even if there was an error.
As a result, we have to remove those from the leak list after
alias_add(), not before.
We now need to remove the name and members from the leak list
*before* calling alias_add() since alias_add() will consume them
for both success and failure.
This is used to provided the column number along with the line
number in error messages. For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
A valid line in sudoers must end in a newline or EOF.
Previously, it was possible (though not documented) to have multiple
user specs on a single line. Now, each must be on its own line.
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error. This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
These are less confusing than #include and #includedir when the
hash character is also the comment character.
This commit also adds real parsing of include directives as opposed
to the pure lexer approach used previously. As a result, it is now
possible to include files with spaces by either using a double-quoted
string or escaping the space characters with a backslash.
