CoCalc -- check

GitHub Repository: sudo-project/sudo
Path: blob/main/plugins/sudoers/check_aliases.c
¹⁵³² views
1
/*
2
 * SPDX-License-Identifier: ISC
3
 *
4
 * Copyright (c) 2004-2005, 2007-2018, 2021-2023
5
 *	Todd C. Miller <[email protected]>
6
 *
7
 * Permission to use, copy, modify, and distribute this software for any
8
 * purpose with or without fee is hereby granted, provided that the above
9
 * copyright notice and this permission notice appear in all copies.
10
 *
11
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
 */
19

20
#include <config.h>
21

22
#include <stdio.h>
23
#include <stdlib.h>
24
#include <string.h>
25
#include <errno.h>
26

27
#include <sudoers.h>
28
#include <gram.h>
29

30
struct alias_warned {
31
    SLIST_ENTRY(alias_warned) entries;
32
    const char *name;
33
};
34
SLIST_HEAD(alias_warned_list, alias_warned);
35

36
static bool
37
alias_warned(struct alias_warned_list *warned, char *name)
38
{
39
    struct alias_warned *w;
40
    debug_decl(alias_warned, SUDOERS_DEBUG_ALIAS);
41

42
    SLIST_FOREACH(w, warned, entries) {
43
	if (strcmp(w->name, name) == 0)
44
	    debug_return_bool(true);
45
    }
46

47
    debug_return_bool(false);
48
}
49

50
static void
51
alias_warned_add(struct alias_warned_list *warned, char *name)
52
{
53
    struct alias_warned *w;
54
    debug_decl(alias_warned_add, SUDOERS_DEBUG_ALIAS);
55

56
    w = malloc(sizeof(*w));
57
    if (w != NULL) {
58
	w->name = name;
59
	SLIST_INSERT_HEAD(warned, w, entries);
60
    }
61

62
    debug_return;
63
}
64

65
static int
66
check_alias(struct sudoers_parse_tree *parse_tree,
67
    struct alias_warned_list *warned, char *name, short type,
68
    char *file, int line, int column, bool strict, bool quiet)
69
{
70
    struct member *m;
71
    struct alias *a;
72
    int errors = 0;
73
    debug_decl(check_alias, SUDOERS_DEBUG_ALIAS);
74

75
    if ((a = alias_get(parse_tree, name, type)) != NULL) {
76
	/* check alias contents */
77
	TAILQ_FOREACH(m, &a->members, entries) {
78
	    if (m->type != ALIAS)
79
		continue;
80
	    errors += check_alias(parse_tree, warned, m->name, type,
81
		a->file, a->line, a->column, strict, quiet);
82
	}
83
	alias_put(a);
84
    } else {
85
	if (!alias_warned(warned, name)) {
86
	    if (errno == ELOOP) {
87
		parser_warnx(parse_tree->ctx, file, line, column, strict, quiet,
88
		    N_("cycle in %s \"%s\""), alias_type_to_string(type), name);
89
	    } else {
90
		parser_warnx(parse_tree->ctx, file, line, column, strict, quiet,
91
		    N_("%s \"%s\" referenced but not defined"),
92
		    alias_type_to_string(type), name);
93
	    }
94
	    alias_warned_add(warned, name);
95
	}
96
	errors++;
97
    }
98

99
    debug_return_int(errors);
100
}
101

102
/*
103
 * Iterate through the sudoers datastructures looking for undefined
104
 * aliases or unused aliases.
105
 * In strict mode, returns the number of errors, else 0.
106
 */
107
int
108
check_aliases(struct sudoers_parse_tree *parse_tree, bool strict, bool quiet,
109
    int (*cb_unused)(struct sudoers_parse_tree *, struct alias *, void *))
110
{
111
    struct alias_warned_list warned = SLIST_HEAD_INITIALIZER(warned);
112
    struct rbtree *used_aliases;
113
    struct alias_warned *w;
114
    struct cmndspec *cs;
115
    struct member *m;
116
    struct privilege *priv;
117
    struct userspec *us;
118
    int errors = 0;
119
    debug_decl(check_aliases, SUDOERS_DEBUG_ALIAS);
120

121
    used_aliases = alloc_aliases();
122
    if (used_aliases == NULL) {
123
	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
124
	debug_return_int(-1);
125
    }
126

127
    /* Forward check. */
128
    TAILQ_FOREACH(us, &parse_tree->userspecs, entries) {
129
	TAILQ_FOREACH(m, &us->users, entries) {
130
	    if (m->type == ALIAS) {
131
		errors += check_alias(parse_tree, &warned, m->name, USERALIAS,
132
		    us->file, us->line, us->column, strict, quiet);
133
	    }
134
	}
135
	TAILQ_FOREACH(priv, &us->privileges, entries) {
136
	    TAILQ_FOREACH(m, &priv->hostlist, entries) {
137
		if (m->type == ALIAS) {
138
		    errors += check_alias(parse_tree, &warned, m->name, HOSTALIAS,
139
			us->file, us->line, us->column, strict, quiet);
140
		}
141
	    }
142
	    TAILQ_FOREACH(cs, &priv->cmndlist, entries) {
143
		if (cs->runasuserlist != NULL) {
144
		    TAILQ_FOREACH(m, cs->runasuserlist, entries) {
145
			if (m->type == ALIAS) {
146
			    errors += check_alias(parse_tree, &warned, m->name, RUNASALIAS,
147
				us->file, us->line, us->column, strict, quiet);
148
			}
149
		    }
150
		}
151
		if (cs->runasgrouplist != NULL) {
152
		    TAILQ_FOREACH(m, cs->runasgrouplist, entries) {
153
			if (m->type == ALIAS) {
154
			    errors += check_alias(parse_tree, &warned, m->name, RUNASALIAS,
155
				us->file, us->line, us->column, strict, quiet);
156
			}
157
		    }
158
		}
159
		if ((m = cs->cmnd)->type == ALIAS) {
160
		    errors += check_alias(parse_tree, &warned, m->name, CMNDALIAS,
161
			us->file, us->line, us->column, strict, quiet);
162
		}
163
	    }
164
	}
165
    }
166
    while ((w = SLIST_FIRST(&warned)) != NULL) {
167
	SLIST_REMOVE_HEAD(&warned, entries);
168
	free(w);
169
    }
170

171
    /* Reverse check (destructive) */
172
    if (!alias_find_used(parse_tree, used_aliases))
173
	errors++;
174
    free_aliases(used_aliases);
175

176
    /* If all aliases were referenced we will have an empty tree. */
177
    if (!no_aliases(parse_tree)) {
178
	if (!alias_apply(parse_tree, cb_unused, &quiet))
179
	    errors++;
180
    }
181

182
    debug_return_int(strict ? errors : 0);
183
}
184

185
Product

Resources

Company
