From: Todd C. Miller Date: Wed, 9 Apr 2014 22:31:13 +0000 (-0600) Subject: Move the sha2 code into libreplace and add configure checks for X-Git-Tag: SUDO_1_8_11^2~227 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=218aa1e598115f0746a0bbef4b74543c90bb1859;p=sudo Move the sha2 code into libreplace and add configure checks for SHA224Update in libc and libmd. Solaris uses "void *" where we use "unsigned char *" so we need a check for that too. Solaris sha2.h defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens. Adapted from changes from Vladimir Marek in bug #641. --- diff --git a/MANIFEST b/MANIFEST index 3c36b2714..3b85ebd20 100644 --- a/MANIFEST +++ b/MANIFEST @@ -92,6 +92,8 @@ compat/regress/fnmatch/fnm_test.in compat/regress/glob/files compat/regress/glob/globtest.c compat/regress/glob/globtest.in +compat/sha2.c +compat/sha2.h compat/sig2str.c compat/siglist.in compat/snprintf.c @@ -381,8 +383,6 @@ plugins/sudoers/regress/visudo/test4.sh plugins/sudoers/regress/visudo/test5.out.ok plugins/sudoers/regress/visudo/test5.sh plugins/sudoers/set_perms.c -plugins/sudoers/sha2.c -plugins/sudoers/sha2.h plugins/sudoers/sssd.c plugins/sudoers/sudo_nss.c plugins/sudoers/sudo_nss.h diff --git a/common/Makefile.in b/common/Makefile.in index 6ff286769..471f96509 100644 --- a/common/Makefile.in +++ b/common/Makefile.in @@ -222,8 +222,8 @@ atomode.lo: $(srcdir)/atomode.c $(incdir)/gettext.h $(incdir)/missing.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atomode.c conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(incdir)/missing.h \ - $(incdir)/queue.h $(incdir)/sudo_conf.h $(top_builddir)/config.h \ - $(top_srcdir)/compat/stdbool.h + $(incdir)/queue.h $(incdir)/sudo_conf.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c event.lo: $(srcdir)/event.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ @@ -259,8 +259,8 @@ gidlist.lo: $(srcdir)/gidlist.c $(incdir)/alloc.h $(incdir)/fatal.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/gidlist.c hltq_test.lo: $(srcdir)/regress/tailq/hltq_test.c $(incdir)/fatal.h \ - $(incdir)/missing.h $(incdir)/queue.h $(top_builddir)/config.h \ - $(top_srcdir)/compat/stdbool.h + $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_util.h \ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/tailq/hltq_test.c lbuf.lo: $(srcdir)/lbuf.c $(incdir)/alloc.h $(incdir)/fatal.h $(incdir)/lbuf.h \ $(incdir)/missing.h $(incdir)/sudo_debug.h $(top_builddir)/config.h @@ -269,7 +269,7 @@ locale_stub.lo: $(top_srcdir)/src/locale_stub.c $(incdir)/fatal.h \ $(incdir)/gettext.h $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/locale_stub.c parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \ - $(incdir)/fileops.h $(incdir)/missing.h \ + $(incdir)/fileops.h $(incdir)/missing.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c progname.lo: $(srcdir)/progname.c $(incdir)/missing.h $(incdir)/sudo_util.h \ diff --git a/compat/Makefile.in b/compat/Makefile.in index 034daedaf..59ea19f6a 100644 --- a/compat/Makefile.in +++ b/compat/Makefile.in @@ -187,7 +187,9 @@ getaddrinfo.lo: $(srcdir)/getaddrinfo.c $(incdir)/missing.h \ getcwd.lo: $(srcdir)/getcwd.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c getgrouplist.lo: $(srcdir)/getgrouplist.c $(incdir)/missing.h \ - $(top_builddir)/config.h $(top_srcdir)/compat/nss_dbdefs.h + $(incdir)/sudo_util.h $(top_builddir)/config.h \ + $(top_srcdir)/compat/nss_dbdefs.h \ + $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c getline.lo: $(srcdir)/getline.c $(incdir)/missing.h $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c diff --git a/plugins/sudoers/sha2.c b/compat/sha2.c similarity index 100% rename from plugins/sudoers/sha2.c rename to compat/sha2.c diff --git a/plugins/sudoers/sha2.h b/compat/sha2.h similarity index 100% rename from plugins/sudoers/sha2.h rename to compat/sha2.h diff --git a/config.h.in b/config.h.in index 611a3f5a9..61b48b8c1 100644 --- a/config.h.in +++ b/config.h.in @@ -527,6 +527,9 @@ /* Define to 1 if you have the `set_auth_parameters' function. */ #undef HAVE_SET_AUTH_PARAMETERS +/* Define to 1 if you have the `SHA224Update' function. */ +#undef HAVE_SHA224UPDATE + /* Define to 1 if you have the `shl_load' function. */ #undef HAVE_SHL_LOAD @@ -986,6 +989,10 @@ /* Define to 1 to send mail when the user is not in the sudoers file. */ #undef SEND_MAIL_WHEN_NO_USER +/* Define to 1 if the sha2 functions use `const void *' instead of `const + unsigned char'. */ +#undef SHA2_VOID_PTR + /* Define to 1 if you want sudo to start a shell if given no arguments. */ #undef SHELL_IF_NO_ARGS diff --git a/configure b/configure index c72ac8b4f..e807be081 100755 --- a/configure +++ b/configure @@ -731,6 +731,7 @@ CROSS_COMPILING COMPAT_TEST_PROGS LOCALEDIR_SUFFIX SUDO_NLS +LIBMD LIBINTL LT_STATIC LIBDL @@ -2974,6 +2975,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + # @@ -3039,6 +3041,7 @@ LCMAN=0 PSMAN=0 SEMAN=0 LIBINTL= +LIBMD= ZLIB= ZLIB_SRC= AUTH_OBJS= @@ -18279,6 +18282,153 @@ fi fi fi +ac_fn_c_check_header_mongrel "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" +if test "x$ac_cv_header_sha2_h" = xyes; then : + + for ac_func in SHA224Update +do : + ac_fn_c_check_func "$LINENO" "SHA224Update" "ac_cv_func_SHA224Update" +if test "x$ac_cv_func_SHA224Update" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SHA224UPDATE 1 +_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 +$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } +if ${sudo_cv_func_sha2_void_ptr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +#include +void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + sudo_cv_func_sha2_void_ptr=yes +else + sudo_cv_func_sha2_void_ptr=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 +$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } + if test $sudo_cv_func_sha2_void_ptr = yes; then + +$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h + + fi + +else + + # On some systems, SHA224Update is in libmd + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 +$as_echo_n "checking for SHA224Update in -lmd... " >&6; } +if ${ac_cv_lib_md_SHA224Update+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lmd $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SHA224Update (); +int +main () +{ +return SHA224Update (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_md_SHA224Update=yes +else + ac_cv_lib_md_SHA224Update=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_md_SHA224Update" >&5 +$as_echo "$ac_cv_lib_md_SHA224Update" >&6; } +if test "x$ac_cv_lib_md_SHA224Update" = xyes; then : + + $as_echo "#define HAVE_SHA224UPDATE 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 +$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } +if ${sudo_cv_func_sha2_void_ptr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +#include +void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + sudo_cv_func_sha2_void_ptr=yes +else + sudo_cv_func_sha2_void_ptr=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 +$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } + if test $sudo_cv_func_sha2_void_ptr = yes; then + +$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h + + fi + + LIBMD="-lmd" + +else + case " $LIBOBJS " in + *" sha2.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS sha2.$ac_objext" + ;; +esac + +fi + + +fi +done + + +else + case " $LIBOBJS " in + *" sha2.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS sha2.$ac_objext" + ;; +esac + +fi + + if test X"$with_noexec" != X"no"; then # Check for underscore versions of standard exec functions # unless we are using dyld symbole interposition diff --git a/configure.ac b/configure.ac index 88af32eb0..812004e67 100644 --- a/configure.ac +++ b/configure.ac @@ -77,6 +77,7 @@ AC_SUBST([CONFIGURE_ARGS]) AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) +AC_SUBST([LIBMD]) AC_SUBST([SUDO_NLS]) AC_SUBST([LOCALEDIR_SUFFIX]) AC_SUBST([COMPAT_TEST_PROGS]) @@ -199,6 +200,7 @@ LCMAN=0 PSMAN=0 SEMAN=0 LIBINTL= +LIBMD= ZLIB= ZLIB_SRC= AUTH_OBJS= @@ -2471,6 +2473,16 @@ if test X"$ac_cv_type_struct_timespec" != X"no"; then [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) fi +AC_CHECK_HEADER([sha2.h], [ + AC_CHECK_FUNCS(SHA224Update, [SUDO_FUNC_SHA2_VOID_PTR], [ + # On some systems, SHA224Update is in libmd + AC_CHECK_LIB(md, SHA224Update, [ + AC_DEFINE(HAVE_SHA224UPDATE) + SUDO_FUNC_SHA2_VOID_PTR + LIBMD="-lmd" + ], [AC_LIBOBJ(sha2)]) + ]) +], [AC_LIBOBJ(sha2)]) dnl dnl Function checks for sudo_noexec dnl diff --git a/m4/sudo.m4 b/m4/sudo.m4 index 2673a1a97..d9d97fffa 100644 --- a/m4/sudo.m4 +++ b/m4/sudo.m4 @@ -280,6 +280,24 @@ int putenv(const char *string) {return 0;}], [])], fi ]) +dnl +dnl Check if the data argument for the sha2 functions is void * or u_char * +dnl +AC_DEFUN([SUDO_FUNC_SHA2_VOID_PTR], +[AC_CACHE_CHECK([whether the data argument of SHA224Update() is void *], +sudo_cv_func_sha2_void_ptr, +[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT +#include +void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;}], [])], + [sudo_cv_func_sha2_void_ptr=yes], + [sudo_cv_func_sha2_void_ptr=no]) + ]) + if test $sudo_cv_func_sha2_void_ptr = yes; then + AC_DEFINE(SHA2_VOID_PTR, 1, + [Define to 1 if the sha2 functions use `const void *' instead of `const unsigned char'.]) + fi +]) + dnl dnl check for sa_len field in struct sockaddr dnl diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 40a2bd688..f53f2a012 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -50,8 +50,10 @@ INSTALL = $(SHELL) $(top_srcdir)/install-sh -c LT_LIBS = $(top_builddir)/common/libsudo_util.la $(LIBOBJDIR)libreplace.la LIBS = $(LT_LIBS) @LIBINTL@ NET_LIBS = @NET_LIBS@ -SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBDL@ +SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ @LIBDL@ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ +VISUDO_LIBS = $(NET_LIBS) @LIBMD@ +TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ @LIBDL@ # C preprocessor flags CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) -DLIBDIR=\"$(libdir)\" @CPPFLAGS@ @@ -134,7 +136,7 @@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ - timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo + timestr.lo toke.lo toke_util.lo redblack.lo SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ @@ -153,7 +155,7 @@ CHECK_ADDR_OBJS = check_addr.o interfaces.o locale.o match_addr.o CHECK_BASE64_OBJS = check_base64.o base64.o locale.o -CHECK_DIGEST_OBJS = check_digest.o sha2.o +CHECK_DIGEST_OBJS = check_digest.o CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o @@ -200,13 +202,13 @@ sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@ $(LIBTOOL) @LT_STATIC@ --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(SUDOERS_OBJS) libparsesudoers.la $(SUDOERS_LIBS) -module -avoid-version -rpath $(plugindir) visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(VISUDO_LIBS) $(LIBS) sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(REPLAY_LIBS) $(LIBS) testsudoers: libparsesudoers.la $(TEST_OBJS) $(LT_LIBS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(NET_LIBS) @LIBDL@ + $(LIBTOOL) --mode=link $(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(TESTSUDOERS_LIBS) $(LIBS) check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS) @@ -215,7 +217,7 @@ check_base64: $(CHECK_BASE64_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) - $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) + $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @LIBMD@ check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS) $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @@ -509,12 +511,12 @@ check_base64.o: $(srcdir)/regress/parser/check_base64.c $(incdir)/missing.h \ $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c check_digest.o: $(srcdir)/regress/parser/check_digest.c $(incdir)/missing.h \ - $(srcdir)/sha2.h $(top_builddir)/config.h + $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_plugin.h \ - $(srcdir)/parse.h $(srcdir)/toke.h $(top_builddir)/config.h \ - $(top_srcdir)/compat/stdbool.h + $(incdir)/sudo_util.h $(srcdir)/parse.h $(srcdir)/toke.h \ + $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ $(devdir)/def_data.c $(devdir)/def_data.h \ @@ -615,8 +617,8 @@ group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c group_plugin.o: group_plugin.lo -hexchar.lo: $(srcdir)/hexchar.c $(incdir)/fatal.h $(incdir)/missing.h \ - $(incdir)/sudo_debug.h $(top_builddir)/config.h +hexchar.lo: $(srcdir)/hexchar.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ + $(top_builddir)/config.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c hexchar.o: hexchar.lo interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h $(incdir)/alloc.h \ @@ -694,9 +696,9 @@ match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/queue.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sha2.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h \ - $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/fnmatch.h \ + $(top_srcdir)/compat/glob.h $(top_srcdir)/compat/sha2.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h $(incdir)/alloc.h \ @@ -812,10 +814,6 @@ set_perms.lo: $(srcdir)/set_perms.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c -sha2.lo: $(srcdir)/sha2.c $(incdir)/missing.h $(srcdir)/sha2.h \ - $(top_builddir)/config.h $(top_srcdir)/compat/endian.h - $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c -sha2.o: sha2.lo sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/alloc.h \ $(incdir)/fatal.h $(incdir)/fileops.h $(incdir)/gettext.h \ $(incdir)/missing.h $(incdir)/queue.h $(incdir)/sudo_debug.h \ @@ -898,9 +896,9 @@ toke.lo: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/gettext.h $(incdir)/lbuf.h $(incdir)/missing.h \ $(incdir)/queue.h $(incdir)/secure_path.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sha2.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/toke.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/toke.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(top_srcdir)/compat/sha2.h \ $(top_srcdir)/compat/stdbool.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c toke_util.lo: $(srcdir)/toke_util.c $(devdir)/def_data.h $(devdir)/gram.h \ diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 020a86f38..74c2a9468 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -179,10 +179,10 @@ typedef union { #define PRIVS 289 #define LIMITPRIVS 290 #define MYSELF 291 -#define SHA224 292 -#define SHA256 293 -#define SHA384 294 -#define SHA512 295 +#define SHA224_TOK 292 +#define SHA256_TOK 293 +#define SHA384_TOK 294 +#define SHA512_TOK 295 #define YYERRCODE 256 #if defined(__cplusplus) || defined(__STDC__) const short sudoerslhs[] = @@ -550,7 +550,7 @@ char *sudoersname[] = "NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT", "NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS", "CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS", -"MYSELF","SHA224","SHA256","SHA384","SHA512", +"MYSELF","SHA224_TOK","SHA256_TOK","SHA384_TOK","SHA512_TOK", }; #if defined(__cplusplus) || defined(__STDC__) const char * const sudoersrule[] = @@ -594,10 +594,10 @@ char *sudoersrule[] = "cmndspeclist : cmndspec", "cmndspeclist : cmndspeclist ',' cmndspec", "cmndspec : runasspec selinux solarisprivs cmndtag digcmnd", -"digest : SHA224 ':' DIGEST", -"digest : SHA256 ':' DIGEST", -"digest : SHA384 ':' DIGEST", -"digest : SHA512 ':' DIGEST", +"digest : SHA224_TOK ':' DIGEST", +"digest : SHA256_TOK ':' DIGEST", +"digest : SHA384_TOK ':' DIGEST", +"digest : SHA512_TOK ':' DIGEST", "digcmnd : opcmnd", "digcmnd : digest opcmnd", "opcmnd : cmnd", @@ -1089,12 +1089,12 @@ yyloop: goto yyreduce; } if (yyerrflag) goto yyinrecovery; -#if defined(lint) || defined(__GNUC__) +#if defined(__GNUC__) goto yynewerror; #endif yynewerror: yyerror("syntax error"); -#if defined(lint) || defined(__GNUC__) +#if defined(__GNUC__) goto yyerrlab; #endif yyerrlab: diff --git a/plugins/sudoers/gram.h b/plugins/sudoers/gram.h index e11062dc3..6f55cf6e5 100644 --- a/plugins/sudoers/gram.h +++ b/plugins/sudoers/gram.h @@ -33,10 +33,10 @@ #define PRIVS 289 #define LIMITPRIVS 290 #define MYSELF 291 -#define SHA224 292 -#define SHA256 293 -#define SHA384 294 -#define SHA512 295 +#define SHA224_TOK 292 +#define SHA256_TOK 293 +#define SHA384_TOK 294 +#define SHA512_TOK 295 #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 1b1d40f50..fca6bb965 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -142,10 +142,10 @@ static struct sudo_digest *new_digest(int, const char *); %token PRIVS /* Solaris privileges */ %token LIMITPRIVS /* Solaris limit privileges */ %token MYSELF /* run as myself, not another user */ -%token SHA224 /* sha224 digest */ -%token SHA256 /* sha256 digest */ -%token SHA384 /* sha384 digest */ -%token SHA512 /* sha512 digest */ +%token SHA224_TOK /* sha224 token */ +%token SHA256_TOK /* sha256 token */ +%token SHA384_TOK /* sha384 token */ +%token SHA512_TOK /* sha512 token */ %type cmndspec %type cmndspeclist @@ -370,16 +370,16 @@ cmndspec : runasspec selinux solarisprivs cmndtag digcmnd { } ; -digest : SHA224 ':' DIGEST { +digest : SHA224_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA224, $3); } - | SHA256 ':' DIGEST { + | SHA256_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA256, $3); } - | SHA384 ':' DIGEST { + | SHA384_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA384, $3); } - | SHA512 ':' DIGEST { + | SHA512_TOK ':' DIGEST { $$ = new_digest(SUDO_DIGEST_SHA512, $3); } ; diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index 1ce8e2d66..eb7cedabf 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -81,13 +81,17 @@ # include # endif #endif +#ifdef HAVE_SHA224UPDATE +# include +#else +# include "compat/sha2.h" +#endif #include #include #include #include "sudoers.h" #include "parse.h" -#include "sha2.h" #include static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty); @@ -561,8 +565,13 @@ static struct digest_function { const char *digest_name; const unsigned int digest_len; void (*init)(SHA2_CTX *); +#ifdef SHA2_VOID_PTR + void (*update)(SHA2_CTX *, const void *, size_t); + void (*final)(void *, SHA2_CTX *); +#else void (*update)(SHA2_CTX *, const unsigned char *, size_t); void (*final)(unsigned char *, SHA2_CTX *); +#endif } digest_functions[] = { { "SHA224", diff --git a/plugins/sudoers/regress/parser/check_digest.c b/plugins/sudoers/regress/parser/check_digest.c index a0e40fbd8..3bcf35903 100644 --- a/plugins/sudoers/regress/parser/check_digest.c +++ b/plugins/sudoers/regress/parser/check_digest.c @@ -39,9 +39,13 @@ #elif defined(HAVE_INTTYPES_H) # include #endif +#ifdef HAVE_SHA224UPDATE +# include +#else +# include "compat/sha2.h" +#endif #include "missing.h" -#include "sha2.h" __dso_public int main(int argc, char *argv[]); @@ -49,8 +53,13 @@ static struct digest_function { const char *digest_name; const int digest_len; void (*init)(SHA2_CTX *); +#ifdef SHA2_VOID_PTR + void (*update)(SHA2_CTX *, const void *, size_t); + void (*final)(void *, SHA2_CTX *); +#else void (*update)(SHA2_CTX *, const unsigned char *, size_t); void (*final)(unsigned char *, SHA2_CTX *); +#endif } digest_functions[] = { { "SHA224", diff --git a/plugins/sudoers/regress/sudoers/test14.toke.ok b/plugins/sudoers/regress/sudoers/test14.toke.ok index 016c031a9..7cb5aeafb 100644 --- a/plugins/sudoers/regress/sudoers/test14.toke.ok +++ b/plugins/sudoers/regress/sudoers/test14.toke.ok @@ -1,4 +1,4 @@ -CMNDALIAS ALIAS = SHA224 : DIGEST COMMAND -CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND +CMNDALIAS ALIAS = SHA224_TOK : DIGEST COMMAND +CMNDALIAS ALIAS = SHA256_TOK : DIGEST COMMAND -WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND +WORD(5) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 074e54a99..800dad5e9 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -1997,6 +1997,11 @@ char *yytext; # include # endif #endif +#ifdef HAVE_SHA224UPDATE +# include +#else +# include "compat/sha2.h" +#endif #include #include #include "sudoers.h" @@ -2004,7 +2009,6 @@ char *yytext; #include "toke.h" #include #include "lbuf.h" -#include "sha2.h" #include "secure_path.h" int sudolineno; /* current sudoers line number. */ @@ -2050,7 +2054,7 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; #define WANTDIGEST 6 -#line 2053 "lex.sudoers.c" +#line 2057 "lex.sudoers.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -2204,9 +2208,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 137 "toke.l" +#line 141 "toke.l" -#line 2209 "lex.sudoers.c" +#line 2213 "lex.sudoers.c" if ( yy_init ) { @@ -2292,7 +2296,7 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 138 "toke.l" +#line 142 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -2300,12 +2304,12 @@ YY_RULE_SETUP YY_BREAK case 2: YY_RULE_SETUP -#line 143 "toke.l" +#line 147 "toke.l" BEGIN STARTDEFS; YY_BREAK case 3: YY_RULE_SETUP -#line 145 "toke.l" +#line 149 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); @@ -2317,7 +2321,7 @@ YY_RULE_SETUP case 4: YY_RULE_SETUP -#line 154 "toke.l" +#line 158 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -2326,7 +2330,7 @@ YY_RULE_SETUP YY_BREAK case 5: YY_RULE_SETUP -#line 160 "toke.l" +#line 164 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -2334,7 +2338,7 @@ YY_RULE_SETUP YY_BREAK case 6: YY_RULE_SETUP -#line 165 "toke.l" +#line 169 "toke.l" { LEXTRACE("+= "); LEXRETURN('+'); @@ -2342,7 +2346,7 @@ YY_RULE_SETUP YY_BREAK case 7: YY_RULE_SETUP -#line 170 "toke.l" +#line 174 "toke.l" { LEXTRACE("-= "); LEXRETURN('-'); @@ -2350,7 +2354,7 @@ YY_RULE_SETUP YY_BREAK case 8: YY_RULE_SETUP -#line 175 "toke.l" +#line 179 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -2360,7 +2364,7 @@ YY_RULE_SETUP YY_BREAK case 9: YY_RULE_SETUP -#line 182 "toke.l" +#line 186 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(sudoerstext, sudoersleng)) @@ -2372,7 +2376,7 @@ YY_RULE_SETUP case 10: YY_RULE_SETUP -#line 191 "toke.l" +#line 195 "toke.l" { /* Line continuation char followed by newline. */ sudolineno++; @@ -2381,7 +2385,7 @@ YY_RULE_SETUP YY_BREAK case 11: YY_RULE_SETUP -#line 197 "toke.l" +#line 201 "toke.l" { LEXTRACE("ENDSTR "); BEGIN prev_state; @@ -2416,7 +2420,7 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 229 "toke.l" +#line 233 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(sudoerstext, sudoersleng)) @@ -2425,7 +2429,7 @@ YY_RULE_SETUP YY_BREAK case 13: YY_RULE_SETUP -#line 235 "toke.l" +#line 239 "toke.l" { LEXTRACE("STRBODY "); if (!append(sudoerstext, sudoersleng)) @@ -2436,7 +2440,7 @@ YY_RULE_SETUP case 14: YY_RULE_SETUP -#line 243 "toke.l" +#line 247 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -2447,7 +2451,7 @@ YY_RULE_SETUP YY_BREAK case 15: YY_RULE_SETUP -#line 251 "toke.l" +#line 255 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -2458,7 +2462,7 @@ YY_RULE_SETUP YY_BREAK case 16: YY_RULE_SETUP -#line 259 "toke.l" +#line 263 "toke.l" { BEGIN INITIAL; yyless(0); @@ -2467,7 +2471,7 @@ YY_RULE_SETUP YY_BREAK case 17: YY_RULE_SETUP -#line 265 "toke.l" +#line 269 "toke.l" { LEXTRACE("ARG "); if (!fill_args(sudoerstext, sudoersleng, sawspace)) @@ -2478,7 +2482,7 @@ YY_RULE_SETUP case 18: YY_RULE_SETUP -#line 273 "toke.l" +#line 277 "toke.l" { /* Only return DIGEST if the length is correct. */ if (sudoersleng == digest_len * 2) { @@ -2494,7 +2498,7 @@ YY_RULE_SETUP YY_BREAK case 19: YY_RULE_SETUP -#line 286 "toke.l" +#line 290 "toke.l" { /* Only return DIGEST if the length is correct. */ int len; @@ -2518,7 +2522,7 @@ YY_RULE_SETUP YY_BREAK case 20: YY_RULE_SETUP -#line 307 "toke.l" +#line 311 "toke.l" { char *path; @@ -2539,7 +2543,7 @@ YY_RULE_SETUP YY_BREAK case 21: YY_RULE_SETUP -#line 325 "toke.l" +#line 329 "toke.l" { char *path; @@ -2563,7 +2567,7 @@ YY_RULE_SETUP YY_BREAK case 22: YY_RULE_SETUP -#line 346 "toke.l" +#line 350 "toke.l" { char deftype; int n; @@ -2606,7 +2610,7 @@ YY_RULE_SETUP YY_BREAK case 23: YY_RULE_SETUP -#line 386 "toke.l" +#line 390 "toke.l" { int n; @@ -2635,7 +2639,7 @@ YY_RULE_SETUP YY_BREAK case 24: YY_RULE_SETUP -#line 412 "toke.l" +#line 416 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); @@ -2644,7 +2648,7 @@ YY_RULE_SETUP YY_BREAK case 25: YY_RULE_SETUP -#line 418 "toke.l" +#line 422 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); @@ -2653,7 +2657,7 @@ YY_RULE_SETUP YY_BREAK case 26: YY_RULE_SETUP -#line 424 "toke.l" +#line 428 "toke.l" { LEXTRACE("NOEXEC "); LEXRETURN(NOEXEC); @@ -2661,7 +2665,7 @@ YY_RULE_SETUP YY_BREAK case 27: YY_RULE_SETUP -#line 429 "toke.l" +#line 433 "toke.l" { LEXTRACE("EXEC "); LEXRETURN(EXEC); @@ -2669,7 +2673,7 @@ YY_RULE_SETUP YY_BREAK case 28: YY_RULE_SETUP -#line 434 "toke.l" +#line 438 "toke.l" { LEXTRACE("SETENV "); LEXRETURN(SETENV); @@ -2677,7 +2681,7 @@ YY_RULE_SETUP YY_BREAK case 29: YY_RULE_SETUP -#line 439 "toke.l" +#line 443 "toke.l" { LEXTRACE("NOSETENV "); LEXRETURN(NOSETENV); @@ -2685,7 +2689,7 @@ YY_RULE_SETUP YY_BREAK case 30: YY_RULE_SETUP -#line 444 "toke.l" +#line 448 "toke.l" { LEXTRACE("LOG_OUTPUT "); LEXRETURN(LOG_OUTPUT); @@ -2693,7 +2697,7 @@ YY_RULE_SETUP YY_BREAK case 31: YY_RULE_SETUP -#line 449 "toke.l" +#line 453 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); LEXRETURN(NOLOG_OUTPUT); @@ -2701,7 +2705,7 @@ YY_RULE_SETUP YY_BREAK case 32: YY_RULE_SETUP -#line 454 "toke.l" +#line 458 "toke.l" { LEXTRACE("LOG_INPUT "); LEXRETURN(LOG_INPUT); @@ -2709,7 +2713,7 @@ YY_RULE_SETUP YY_BREAK case 33: YY_RULE_SETUP -#line 459 "toke.l" +#line 463 "toke.l" { LEXTRACE("NOLOG_INPUT "); LEXRETURN(NOLOG_INPUT); @@ -2717,7 +2721,7 @@ YY_RULE_SETUP YY_BREAK case 34: YY_RULE_SETUP -#line 464 "toke.l" +#line 468 "toke.l" { /* empty group or netgroup */ LEXTRACE("ERROR "); @@ -2726,7 +2730,7 @@ YY_RULE_SETUP YY_BREAK case 35: YY_RULE_SETUP -#line 470 "toke.l" +#line 474 "toke.l" { /* netgroup */ if (!fill(sudoerstext, sudoersleng)) @@ -2737,7 +2741,7 @@ YY_RULE_SETUP YY_BREAK case 36: YY_RULE_SETUP -#line 478 "toke.l" +#line 482 "toke.l" { /* group */ if (!fill(sudoerstext, sudoersleng)) @@ -2748,7 +2752,7 @@ YY_RULE_SETUP YY_BREAK case 37: YY_RULE_SETUP -#line 486 "toke.l" +#line 490 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -2758,7 +2762,7 @@ YY_RULE_SETUP YY_BREAK case 38: YY_RULE_SETUP -#line 493 "toke.l" +#line 497 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -2768,7 +2772,7 @@ YY_RULE_SETUP YY_BREAK case 39: YY_RULE_SETUP -#line 500 "toke.l" +#line 504 "toke.l" { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); @@ -2782,7 +2786,7 @@ YY_RULE_SETUP YY_BREAK case 40: YY_RULE_SETUP -#line 511 "toke.l" +#line 515 "toke.l" { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); @@ -2796,7 +2800,7 @@ YY_RULE_SETUP YY_BREAK case 41: YY_RULE_SETUP -#line 522 "toke.l" +#line 526 "toke.l" { LEXTRACE("ALL "); LEXRETURN(ALL); @@ -2805,7 +2809,7 @@ YY_RULE_SETUP YY_BREAK case 42: YY_RULE_SETUP -#line 528 "toke.l" +#line 532 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); @@ -2817,7 +2821,7 @@ YY_RULE_SETUP YY_BREAK case 43: YY_RULE_SETUP -#line 537 "toke.l" +#line 541 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); @@ -2829,7 +2833,7 @@ YY_RULE_SETUP YY_BREAK case 44: YY_RULE_SETUP -#line 545 "toke.l" +#line 549 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("PRIVS "); @@ -2841,7 +2845,7 @@ YY_RULE_SETUP YY_BREAK case 45: YY_RULE_SETUP -#line 554 "toke.l" +#line 558 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("LIMITPRIVS "); @@ -2853,7 +2857,7 @@ YY_RULE_SETUP YY_BREAK case 46: YY_RULE_SETUP -#line 563 "toke.l" +#line 567 "toke.l" { got_alias: if (!fill(sudoerstext, sudoersleng)) @@ -2864,7 +2868,7 @@ YY_RULE_SETUP YY_BREAK case 47: YY_RULE_SETUP -#line 571 "toke.l" +#line 575 "toke.l" { /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ @@ -2876,47 +2880,47 @@ YY_RULE_SETUP YY_BREAK case 48: YY_RULE_SETUP -#line 580 "toke.l" +#line 584 "toke.l" { digest_len = SHA224_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA224 "); - LEXRETURN(SHA224); + LEXTRACE("SHA224_TOK "); + LEXRETURN(SHA224_TOK); } YY_BREAK case 49: YY_RULE_SETUP -#line 587 "toke.l" +#line 591 "toke.l" { digest_len = SHA256_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA256 "); - LEXRETURN(SHA256); + LEXTRACE("SHA256_TOK "); + LEXRETURN(SHA256_TOK); } YY_BREAK case 50: YY_RULE_SETUP -#line 594 "toke.l" +#line 598 "toke.l" { digest_len = SHA384_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA384 "); - LEXRETURN(SHA384); + LEXTRACE("SHA384_TOK "); + LEXRETURN(SHA384_TOK); } YY_BREAK case 51: YY_RULE_SETUP -#line 601 "toke.l" +#line 605 "toke.l" { digest_len = SHA512_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA512 "); - LEXRETURN(SHA512); + LEXTRACE("SHA512_TOK "); + LEXRETURN(SHA512_TOK); } YY_BREAK case 52: YY_RULE_SETUP -#line 608 "toke.l" +#line 612 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); @@ -2926,7 +2930,7 @@ YY_RULE_SETUP YY_BREAK case 53: YY_RULE_SETUP -#line 615 "toke.l" +#line 619 "toke.l" { /* directories can't have args... */ if (sudoerstext[sudoersleng - 1] == '/') { @@ -2944,7 +2948,7 @@ YY_RULE_SETUP YY_BREAK case 54: YY_RULE_SETUP -#line 630 "toke.l" +#line 634 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -2954,7 +2958,7 @@ YY_RULE_SETUP YY_BREAK case 55: YY_RULE_SETUP -#line 637 "toke.l" +#line 641 "toke.l" { /* a word */ if (!fill(sudoerstext, sudoersleng)) @@ -2965,7 +2969,7 @@ YY_RULE_SETUP YY_BREAK case 56: YY_RULE_SETUP -#line 645 "toke.l" +#line 649 "toke.l" { LEXTRACE("( "); LEXRETURN('('); @@ -2973,7 +2977,7 @@ YY_RULE_SETUP YY_BREAK case 57: YY_RULE_SETUP -#line 650 "toke.l" +#line 654 "toke.l" { LEXTRACE(") "); LEXRETURN(')'); @@ -2981,7 +2985,7 @@ YY_RULE_SETUP YY_BREAK case 58: YY_RULE_SETUP -#line 655 "toke.l" +#line 659 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -2989,7 +2993,7 @@ YY_RULE_SETUP YY_BREAK case 59: YY_RULE_SETUP -#line 660 "toke.l" +#line 664 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -2997,7 +3001,7 @@ YY_RULE_SETUP YY_BREAK case 60: YY_RULE_SETUP -#line 665 "toke.l" +#line 669 "toke.l" { LEXTRACE(": "); LEXRETURN(':'); @@ -3005,7 +3009,7 @@ YY_RULE_SETUP YY_BREAK case 61: YY_RULE_SETUP -#line 670 "toke.l" +#line 674 "toke.l" { if (sudoersleng & 1) { LEXTRACE("!"); @@ -3015,7 +3019,7 @@ YY_RULE_SETUP YY_BREAK case 62: YY_RULE_SETUP -#line 677 "toke.l" +#line 681 "toke.l" { if (YY_START == INSTR) { LEXTRACE("ERROR "); @@ -3030,14 +3034,14 @@ YY_RULE_SETUP YY_BREAK case 63: YY_RULE_SETUP -#line 689 "toke.l" +#line 693 "toke.l" { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } YY_BREAK case 64: YY_RULE_SETUP -#line 693 "toke.l" +#line 697 "toke.l" { sawspace = true; /* remember for fill_args */ sudolineno++; @@ -3046,7 +3050,7 @@ YY_RULE_SETUP YY_BREAK case 65: YY_RULE_SETUP -#line 699 "toke.l" +#line 703 "toke.l" { if (sudoerstext[sudoersleng - 1] == '\n') { /* comment ending in a newline */ @@ -3063,7 +3067,7 @@ YY_RULE_SETUP YY_BREAK case 66: YY_RULE_SETUP -#line 713 "toke.l" +#line 717 "toke.l" { LEXTRACE("ERROR "); LEXRETURN(ERROR); @@ -3076,7 +3080,7 @@ case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): case YY_STATE_EOF(WANTDIGEST): -#line 718 "toke.l" +#line 722 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; @@ -3089,10 +3093,10 @@ case YY_STATE_EOF(WANTDIGEST): YY_BREAK case 67: YY_RULE_SETUP -#line 728 "toke.l" +#line 732 "toke.l" ECHO; YY_BREAK -#line 3095 "lex.sudoers.c" +#line 3099 "lex.sudoers.c" case YY_END_OF_BUFFER: { @@ -3983,7 +3987,7 @@ int main() return 0; } #endif -#line 728 "toke.l" +#line 732 "toke.l" struct path_list { SLIST_ENTRY(path_list) entries; diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index 438bb12a7..cfaf3311c 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -69,6 +69,11 @@ # include # endif #endif +#ifdef HAVE_SHA224UPDATE +# include +#else +# include "compat/sha2.h" +#endif #include #include #include "sudoers.h" @@ -76,7 +81,6 @@ #include "toke.h" #include #include "lbuf.h" -#include "sha2.h" #include "secure_path.h" int sudolineno; /* current sudoers line number. */ @@ -580,29 +584,29 @@ ALL { sha224 { digest_len = SHA224_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA224 "); - LEXRETURN(SHA224); + LEXTRACE("SHA224_TOK "); + LEXRETURN(SHA224_TOK); } sha256 { digest_len = SHA256_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA256 "); - LEXRETURN(SHA256); + LEXTRACE("SHA256_TOK "); + LEXRETURN(SHA256_TOK); } sha384 { digest_len = SHA384_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA384 "); - LEXRETURN(SHA384); + LEXTRACE("SHA384_TOK "); + LEXRETURN(SHA384_TOK); } sha512 { digest_len = SHA512_DIGEST_LENGTH; BEGIN WANTDIGEST; - LEXTRACE("SHA512 "); - LEXRETURN(SHA512); + LEXTRACE("SHA512_TOK "); + LEXRETURN(SHA512_TOK); } sudoedit {