From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 17 Aug 1999 15:29:47 +0000 (+0000)
Subject: o NewArgv and NewArgc don't need to be externally visible.
X-Git-Tag: SUDO_1_6_0~126
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=804e168d90347e41f017981ffaf8d5a2eb4e6457;p=sudo

o NewArgv and NewArgc don't need to be externally visible.
o If pedantic > 1, it is a parse error.
o Add -s (strict) option to visudo which sets pedantic to 2.
---

diff --git a/parse.yacc b/parse.yacc
index 759a9770d..f5c2398d9 100644
--- a/parse.yacc
+++ b/parse.yacc
@@ -196,12 +196,14 @@ yyerror(s)
     /* Save the line the first error occured on. */
     if (errorlineno == -1)
 	errorlineno = sudolineno ? sudolineno - 1 : 0;
+    if (s) {
 #ifndef TRACELEXER
-    (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
-	sudolineno ? sudolineno - 1 : 0);
+	(void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
+	    sudolineno ? sudolineno - 1 : 0);
 #else
-    (void) fprintf(stderr, "<*> ");
+	(void) fprintf(stderr, "<*> ");
 #endif
+    }
     parse_error = TRUE;
 }
 %}
@@ -334,9 +336,15 @@ host		:	ALL {
 			    else if (strcasecmp(user_shost, $1) == 0)
 				$$ = TRUE;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared Host_Alias `%s' referenced near line %d\n", $1, sudolineno);
+					"%s: undeclared Host_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+				    if (pedantic > 1) {
+					yyerror(NULL);
+					YYERROR;
+				    }
+				}
 				$$ = -1;
 			    }
 			    free($1);
@@ -484,9 +492,15 @@ runasuser	:	NAME {
 			    else if (strcmp($1, user_runas) == 0)
 				$$ = TRUE;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared Runas_Alias `%s' referenced near line %d\n", $1, sudolineno);
+					"%s: undeclared Runas_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+				    if (pedantic > 1) {
+					yyerror(NULL);
+					YYERROR;
+				    }
+				}
 				$$ = -1;
 			    }
 			    free($1);
@@ -560,9 +574,15 @@ cmnd		:	ALL {
 			    if ((aip = find_alias($1, CMND_ALIAS)))
 				$$ = aip->val;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared Cmnd_Alias `%s' referenced near line %d\n", $1, sudolineno);
+					"%s: undeclared Cmnd_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+				    if (pedantic > 1) {
+					yyerror(NULL);
+					YYERROR;
+				    }
+				}
 				$$ = -1;
 			    }
 			    free($1);
@@ -719,9 +739,13 @@ user		:	NAME {
 			    else if (strcmp($1, user_name) == 0)
 				$$ = TRUE;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared User_Alias `%s' referenced near line %d\n", $1, sudolineno);
+					"%s: undeclared User_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", $1, sudolineno);
+				    if (pedantic > 1)
+					YYERROR;
+				}
 				$$ = -1;
 			    }
 			    free($1);
@@ -857,6 +881,9 @@ dumpaliases()
     size_t n;
 
     for (n = 0; n < naliases; n++) {
+	if (aliases[n].val == -1)
+	    continue;
+
 	switch (aliases[n].type) {
 	case HOST_ALIAS:
 	    (void) puts("HOST_ALIAS");
diff --git a/sudo.h b/sudo.h
index 6a366039b..3533499fe 100644
--- a/sudo.h
+++ b/sudo.h
@@ -193,8 +193,6 @@ extern struct sudo_user sudo_user;
 
 extern int Argc;
 extern char **Argv;
-extern int NewArgc;
-extern char **NewArgv;
 extern FILE *sudoers_fp;
 #endif
 extern int errno;
diff --git a/sudo.tab.c b/sudo.tab.c
index b02f7efec..b90584da7 100644
--- a/sudo.tab.c
+++ b/sudo.tab.c
@@ -16,7 +16,7 @@ static char yyrcsid[]
 #define yyerrok (yyerrflag=0)
 #define YYRECOVERING() (yyerrflag!=0)
 #define YYPREFIX "yy"
-#line 2 "parse.yacc"
+#line 2 "./parse.yacc"
 /*
  * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
@@ -214,22 +214,24 @@ yyerror(s)
     /* Save the line the first error occured on. */
     if (errorlineno == -1)
 	errorlineno = sudolineno ? sudolineno - 1 : 0;
+    if (s) {
 #ifndef TRACELEXER
-    (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
-	sudolineno ? sudolineno - 1 : 0);
+	(void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
+	    sudolineno ? sudolineno - 1 : 0);
 #else
-    (void) fprintf(stderr, "<*> ");
+	(void) fprintf(stderr, "<*> ");
 #endif
+    }
     parse_error = TRUE;
 }
-#line 209 "parse.yacc"
+#line 211 "./parse.yacc"
 typedef union {
     char *string;
     int BOOLEAN;
     struct sudo_command command;
     int tok;
 } YYSTYPE;
-#line 233 "sudo.tab.c"
+#line 235 "sudo.tab.c"
 #define COMMAND 257
 #define ALIAS 258
 #define NTWKADDR 259
@@ -534,7 +536,7 @@ short *yyss;
 short *yysslim;
 YYSTYPE *yyvs;
 int yystacksize;
-#line 735 "parse.yacc"
+#line 759 "./parse.yacc"
 
 #define MOREALIASES (32)
 aliasinfo *aliases = NULL;
@@ -660,6 +662,9 @@ dumpaliases()
     size_t n;
 
     for (n = 0; n < naliases; n++) {
+	if (aliases[n].val == -1)
+	    continue;
+
 	switch (aliases[n].type) {
 	case HOST_ALIAS:
 	    (void) puts("HOST_ALIAS");
@@ -875,7 +880,7 @@ init_parser()
     if (printmatches == TRUE)
 	expand_match_list();
 }
-#line 879 "sudo.tab.c"
+#line 884 "sudo.tab.c"
 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
 #if defined(__cplusplus) || __STDC__
 static int yygrowstack(void)
@@ -1056,42 +1061,42 @@ yyreduce:
     switch (yyn)
     {
 case 3:
-#line 254 "parse.yacc"
+#line 256 "./parse.yacc"
 { ; }
 break;
 case 4:
-#line 256 "parse.yacc"
+#line 258 "./parse.yacc"
 { yyerrok; }
 break;
 case 5:
-#line 257 "parse.yacc"
+#line 259 "./parse.yacc"
 { push; }
 break;
 case 6:
-#line 257 "parse.yacc"
+#line 259 "./parse.yacc"
 {
 			    while (top && user_matches != TRUE)
 				pop;
 			}
 break;
 case 7:
-#line 262 "parse.yacc"
+#line 264 "./parse.yacc"
 { ; }
 break;
 case 8:
-#line 264 "parse.yacc"
+#line 266 "./parse.yacc"
 { ; }
 break;
 case 9:
-#line 266 "parse.yacc"
+#line 268 "./parse.yacc"
 { ; }
 break;
 case 10:
-#line 268 "parse.yacc"
+#line 270 "./parse.yacc"
 { ; }
 break;
 case 13:
-#line 276 "parse.yacc"
+#line 278 "./parse.yacc"
 {
 			    /*
 			     * We already did a push if necessary in
@@ -1104,27 +1109,27 @@ case 13:
 			}
 break;
 case 14:
-#line 288 "parse.yacc"
+#line 290 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				host_matches = yyvsp[0].BOOLEAN;
 			}
 break;
 case 15:
-#line 292 "parse.yacc"
+#line 294 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				host_matches = ! yyvsp[0].BOOLEAN;
 			}
 break;
 case 16:
-#line 297 "parse.yacc"
+#line 299 "./parse.yacc"
 {
 			    yyval.BOOLEAN = TRUE;
 			}
 break;
 case 17:
-#line 300 "parse.yacc"
+#line 302 "./parse.yacc"
 {
 			    if (addr_matches(yyvsp[0].string))
 				yyval.BOOLEAN = TRUE;
@@ -1134,7 +1139,7 @@ case 17:
 			}
 break;
 case 18:
-#line 307 "parse.yacc"
+#line 309 "./parse.yacc"
 {
 			    if (netgr_matches(yyvsp[0].string, user_host, NULL))
 				yyval.BOOLEAN = TRUE;
@@ -1144,7 +1149,7 @@ case 18:
 			}
 break;
 case 19:
-#line 314 "parse.yacc"
+#line 316 "./parse.yacc"
 {
 			    if (strcasecmp(user_shost, yyvsp[0].string) == 0)
 				yyval.BOOLEAN = TRUE;
@@ -1154,7 +1159,7 @@ case 19:
 			}
 break;
 case 20:
-#line 321 "parse.yacc"
+#line 323 "./parse.yacc"
 {
 			    if (strcasecmp(user_host, yyvsp[0].string) == 0)
 				yyval.BOOLEAN = TRUE;
@@ -1164,7 +1169,7 @@ case 20:
 			}
 break;
 case 21:
-#line 328 "parse.yacc"
+#line 330 "./parse.yacc"
 {
 			    aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
 
@@ -1174,16 +1179,22 @@ case 21:
 			    else if (strcasecmp(user_shost, yyvsp[0].string) == 0)
 				yyval.BOOLEAN = TRUE;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared Host_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+					"%s: undeclared Host_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+				    if (pedantic > 1) {
+					yyerror(NULL);
+					YYERROR;
+				    }
+				}
 				yyval.BOOLEAN = -1;
 			    }
 			    free(yyvsp[0].string);
 			}
 break;
 case 24:
-#line 350 "parse.yacc"
+#line 358 "./parse.yacc"
 {
 			    /*
 			     * Push the entry onto the stack if it is worth
@@ -1198,14 +1209,14 @@ case 24:
 			}
 break;
 case 25:
-#line 364 "parse.yacc"
+#line 372 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				cmnd_matches = yyvsp[0].BOOLEAN;
 			}
 break;
 case 26:
-#line 368 "parse.yacc"
+#line 376 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1217,14 +1228,14 @@ case 26:
 			}
 break;
 case 27:
-#line 376 "parse.yacc"
+#line 384 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				cmnd_matches = ! yyvsp[0].BOOLEAN;
 			}
 break;
 case 28:
-#line 382 "parse.yacc"
+#line 390 "./parse.yacc"
 {
 			    if (printmatches == TRUE && host_matches == TRUE &&
 				user_matches == TRUE) {
@@ -1250,18 +1261,18 @@ case 28:
 			}
 break;
 case 29:
-#line 405 "parse.yacc"
+#line 413 "./parse.yacc"
 { ; }
 break;
 case 32:
-#line 412 "parse.yacc"
+#line 420 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				runas_matches = yyvsp[0].BOOLEAN;
 			}
 break;
 case 33:
-#line 416 "parse.yacc"
+#line 424 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1273,14 +1284,14 @@ case 33:
 			}
 break;
 case 34:
-#line 424 "parse.yacc"
+#line 432 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				runas_matches = ! yyvsp[0].BOOLEAN;
 			}
 break;
 case 35:
-#line 429 "parse.yacc"
+#line 437 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1297,7 +1308,7 @@ case 35:
 			}
 break;
 case 36:
-#line 443 "parse.yacc"
+#line 451 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1314,7 +1325,7 @@ case 36:
 			}
 break;
 case 37:
-#line 457 "parse.yacc"
+#line 465 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1331,7 +1342,7 @@ case 37:
 			}
 break;
 case 38:
-#line 471 "parse.yacc"
+#line 479 "./parse.yacc"
 {
 			    aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
 
@@ -1348,16 +1359,22 @@ case 38:
 			    else if (strcmp(yyvsp[0].string, user_runas) == 0)
 				yyval.BOOLEAN = TRUE;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared Runas_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+					"%s: undeclared Runas_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+				    if (pedantic > 1) {
+					yyerror(NULL);
+					YYERROR;
+				    }
+				}
 				yyval.BOOLEAN = -1;
 			    }
 			    free(yyvsp[0].string);
 			}
 break;
 case 39:
-#line 494 "parse.yacc"
+#line 508 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1370,7 +1387,7 @@ case 39:
 			}
 break;
 case 40:
-#line 506 "parse.yacc"
+#line 520 "./parse.yacc"
 {
 			    /* Inherit NOPASSWD/PASSWD status. */
 			    if (printmatches == TRUE && host_matches == TRUE &&
@@ -1383,7 +1400,7 @@ case 40:
 			}
 break;
 case 41:
-#line 516 "parse.yacc"
+#line 530 "./parse.yacc"
 {
 			    no_passwd = TRUE;
 			    if (printmatches == TRUE && host_matches == TRUE &&
@@ -1392,7 +1409,7 @@ case 41:
 			}
 break;
 case 42:
-#line 522 "parse.yacc"
+#line 536 "./parse.yacc"
 {
 			    no_passwd = FALSE;
 			    if (printmatches == TRUE && host_matches == TRUE &&
@@ -1401,7 +1418,7 @@ case 42:
 			}
 break;
 case 43:
-#line 530 "parse.yacc"
+#line 544 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE)
@@ -1421,7 +1438,7 @@ case 43:
 			}
 break;
 case 44:
-#line 547 "parse.yacc"
+#line 561 "./parse.yacc"
 {
 			    aliasinfo *aip;
 
@@ -1438,16 +1455,22 @@ case 44:
 			    if ((aip = find_alias(yyvsp[0].string, CMND_ALIAS)))
 				yyval.BOOLEAN = aip->val;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared Cmnd_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+					"%s: undeclared Cmnd_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+				    if (pedantic > 1) {
+					yyerror(NULL);
+					YYERROR;
+				    }
+				}
 				yyval.BOOLEAN = -1;
 			    }
 			    free(yyvsp[0].string);
 			}
 break;
 case 45:
-#line 570 "parse.yacc"
+#line 590 "./parse.yacc"
 {
 			    if (printmatches == TRUE) {
 				if (in_alias == TRUE) {
@@ -1476,11 +1499,11 @@ case 45:
 			}
 break;
 case 48:
-#line 602 "parse.yacc"
+#line 622 "./parse.yacc"
 { push; }
 break;
 case 49:
-#line 602 "parse.yacc"
+#line 622 "./parse.yacc"
 {
 			    if ((host_matches != -1 || pedantic) &&
 				!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches))
@@ -1489,7 +1512,7 @@ case 49:
 			}
 break;
 case 54:
-#line 618 "parse.yacc"
+#line 638 "./parse.yacc"
 {
 			    push;
 			    if (printmatches == TRUE) {
@@ -1501,7 +1524,7 @@ case 54:
 			}
 break;
 case 55:
-#line 626 "parse.yacc"
+#line 646 "./parse.yacc"
 {
 			    if ((cmnd_matches != -1 || pedantic) &&
 				!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches))
@@ -1514,11 +1537,11 @@ case 55:
 			}
 break;
 case 56:
-#line 638 "parse.yacc"
+#line 658 "./parse.yacc"
 { ; }
 break;
 case 60:
-#line 646 "parse.yacc"
+#line 666 "./parse.yacc"
 {
 			    push;
 			    if (printmatches == TRUE) {
@@ -1530,7 +1553,7 @@ case 60:
 			}
 break;
 case 61:
-#line 654 "parse.yacc"
+#line 674 "./parse.yacc"
 {
 			    if ((runas_matches != -1 || pedantic) &&
 				!add_alias(yyvsp[-3].string, RUNAS_ALIAS, runas_matches))
@@ -1543,11 +1566,11 @@ case 61:
 			}
 break;
 case 64:
-#line 670 "parse.yacc"
+#line 690 "./parse.yacc"
 { push; }
 break;
 case 65:
-#line 670 "parse.yacc"
+#line 690 "./parse.yacc"
 {
 			    if ((user_matches != -1 || pedantic) &&
 				!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches))
@@ -1557,25 +1580,25 @@ case 65:
 			}
 break;
 case 66:
-#line 679 "parse.yacc"
+#line 699 "./parse.yacc"
 { ; }
 break;
 case 68:
-#line 683 "parse.yacc"
+#line 703 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				user_matches = yyvsp[0].BOOLEAN;
 			}
 break;
 case 69:
-#line 687 "parse.yacc"
+#line 707 "./parse.yacc"
 {
 			    if (yyvsp[0].BOOLEAN != -1)
 				user_matches = ! yyvsp[0].BOOLEAN;
 			}
 break;
 case 70:
-#line 692 "parse.yacc"
+#line 712 "./parse.yacc"
 {
 			    if (strcmp(yyvsp[0].string, user_name) == 0)
 				yyval.BOOLEAN = TRUE;
@@ -1585,7 +1608,7 @@ case 70:
 			}
 break;
 case 71:
-#line 699 "parse.yacc"
+#line 719 "./parse.yacc"
 {
 			    if (usergr_matches(yyvsp[0].string, user_name))
 				yyval.BOOLEAN = TRUE;
@@ -1595,7 +1618,7 @@ case 71:
 			}
 break;
 case 72:
-#line 706 "parse.yacc"
+#line 726 "./parse.yacc"
 {
 			    if (netgr_matches(yyvsp[0].string, NULL, user_name))
 				yyval.BOOLEAN = TRUE;
@@ -1605,7 +1628,7 @@ case 72:
 			}
 break;
 case 73:
-#line 713 "parse.yacc"
+#line 733 "./parse.yacc"
 {
 			    aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
 
@@ -1615,21 +1638,25 @@ case 73:
 			    else if (strcmp(yyvsp[0].string, user_name) == 0)
 				yyval.BOOLEAN = TRUE;
 			    else {
-				if (pedantic)
+				if (pedantic) {
 				    (void) fprintf(stderr,
-					"Warning: undeclared User_Alias `%s' referenced near line %d\n", yyvsp[0].string, sudolineno);
+					"%s: undeclared User_Alias `%s' referenced near line %d\n",
+					(pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
+				    if (pedantic > 1)
+					YYERROR;
+				}
 				yyval.BOOLEAN = -1;
 			    }
 			    free(yyvsp[0].string);
 			}
 break;
 case 74:
-#line 729 "parse.yacc"
+#line 753 "./parse.yacc"
 {
 			    yyval.BOOLEAN = TRUE;
 			}
 break;
-#line 1633 "sudo.tab.c"
+#line 1660 "sudo.tab.c"
     }
     yyssp -= yym;
     yystate = *yyssp;
diff --git a/visudo.c b/visudo.c
index 8884fafe9..4cc16fbbd 100644
--- a/visudo.c
+++ b/visudo.c
@@ -108,8 +108,6 @@ extern int pedantic;
  * Globals
  */
 char **Argv;
-char **NewArgv = NULL;
-int NewArgc = 0;
 char *sudoers = _PATH_SUDOERS;
 char *stmp = _PATH_SUDOERS_TMP;
 struct sudo_user sudo_user;
@@ -129,23 +127,26 @@ main(argc, argv)
     time_t now;				/* time now */
     struct stat stmp_sb, sudoers_sb;	/* to check for changes */
 
+    /* Warn about aliases that are used before being defined. */
+    pedantic = 1;
+
     /*
      * Parse command line options
      */
     Argv = argv;
 
     /*
-     * Arg handling.  For -V print version, else usage...
+     * Arg handling.
      */
-    if (argc == 2) {
-	if (!strcmp(Argv[1], "-V")) {
+    while (--argc) {
+	if (!strcmp(argv[argc], "-V")) {
 	    (void) printf("visudo version %s\n", version);
 	    exit(0);
+	} else if (!strcmp(argv[argc], "-s")) {
+	    pedantic++;			/* strict mode */
 	} else {
 	    usage();
 	}
-    } else if (argc != 1) {
-	usage();
     }
 
     /* Mock up a fake sudo_user struct. */
@@ -157,9 +158,6 @@ main(argc, argv)
 	exit(1);
     }
 
-    /* Warn about aliases that are used before being defined. */
-    pedantic = TRUE;
-
 #ifdef ENV_EDITOR
     /*
      * If we are allowing EDITOR and VISUAL envariables set Editor
@@ -496,6 +494,6 @@ Exit(sig)
 static void
 usage()
 {
-    (void) fprintf(stderr, "usage: %s [-V]\n", Argv[0]);
+    (void) fprintf(stderr, "usage: %s [-s] [-V]\n", Argv[0]);
     exit(1);
 }
diff --git a/visudo.cat b/visudo.cat
index 662fafafa..b8d034ba2 100644
--- a/visudo.cat
+++ b/visudo.cat
@@ -8,7 +8,7 @@ NNNNAAAAMMMMEEEE
        visudo - edit the sudoers file
 
 SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
-       vvvviiiissssuuuuddddoooo [ ----VVVV ]
+       vvvviiiissssuuuuddddoooo [ ----ssss ] [ ----VVVV ]
 
 DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
        vvvviiiissssuuuuddddoooo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous
@@ -40,28 +40,28 @@ DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
 OOOOPPPPTTTTIIIIOOOONNNNSSSS
        vvvviiiissssuuuuddddoooo accepts the following command line option:
 
+       -s  Enable ssssttttrrrriiiicccctttt checking of the _s_u_d_o_e_r_s file.  If an
+           alias is used before it is defined, vvvviiiissssuuuuddddoooo will
+           consider this a parse error.  Note that it is not
+           possible to differentiate between an alias and a
+           hostname or username that consists solely of upper
+           case letters, digits, and the underscore ('_')
+           character.
+
        -V  The -V (version) option causes vvvviiiissssuuuuddddoooo to print the
            version number and exit.
 
 EEEERRRRRRRROOOORRRRSSSS
        sudoers file busy, try again later.
-           Either someone is currently editing the _s_u_d_o_e_r_s file
-           or there is a stale sudoers lock file
-           (/etc/sudoers.tmp by default) that you need to delete.
+           Someone else is currently editing the _s_u_d_o_e_r_s file.
 
        /etc/sudoers.tmp: Permission denied
            You didn't run vvvviiiissssuuuuddddoooo as root.
 
-       Can't find you in the passwd database
-           Your userid does not appear in the passwd file.
-
-FFFFIIIILLLLEEEESSSS
-        /etc/sudoers           List of who can run what
-        /etc/sudoers.tmp       Lock file for visudo
 
 
 
-6/Aug/1999                     1.6                              1
+17/Aug/1999                    1.6                              1
 
 
 
@@ -70,6 +70,23 @@ FFFFIIIILLLLEEEESSSS
 VISUDO(8)              MAINTENANCE COMMANDS             VISUDO(8)
 
 
+       Can't find you in the passwd database
+           Your userid does not appear in the system passwd file.
+
+       Warning: undeclared Alias referenced near ...
+           Either you are using a {User,Runas,Host,Cmnd}_Alias
+           before defining it or you have a user or hostname
+           listed that consists solely of upper case letters,
+           digits, and the underscore ('_') character.  If the
+           latter, you can ignore the warnings (ssssuuuuddddoooo will not
+           complain).  In ----ssss (strict) mode these are errors not
+           warnings.
+
+FFFFIIIILLLLEEEESSSS
+        /etc/sudoers           List of who can run what
+        /etc/sudoers.tmp       Lock file for visudo
+
+
 EEEENNNNVVVVIIIIRRRROOOONNNNMMMMEEEENNNNTTTT VVVVAAAARRRRIIIIAAAABBBBLLLLEEEESSSS
        The following are used only if vvvviiiissssuuuuddddoooo was configured with
        the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option:
@@ -87,6 +104,7 @@ AAAAUUUUTTTTHHHHOOOORRRR
        See the HISTORY file in the sudo distribution for more
        details.
 
+BBBBUUUUGGGGSSSS
        Please send all bugs, comments, and changes to sudo-
        bugs@courtesan.com.  Be sure to include the version of
        ssssuuuuddddoooo you are using and the platform you are running it on.
@@ -99,17 +117,9 @@ DDDDIIIISSSSCCCCLLLLAAAAIIIIMMMMEEEERRRR
        with ssssuuuuddddoooo for complete details.
 
 CCCCAAAAVVVVEEEEAAAATTTTSSSS
-       Due to the syntax of the _s_u_d_o_e_r_s file, there is no way for
-       vvvviiiissssuuuuddddoooo to tell the difference between a mistyped
-       {Host,User,Cmnd}_Alias and a user or host name.
-
        There is no easy way to prevent a user from gaining a root
        shell if the editor used by vvvviiiissssuuuuddddoooo allows shell escapes.
 
-BBBBUUUUGGGGSSSS
-       The _-_V flag gives the version of the _s_u_d_o package rather
-       than the individual vvvviiiissssuuuuddddoooo program.
-
 SSSSEEEEEEEE AAAALLLLSSSSOOOO
        _s_u_d_o(8), _v_i_p_w(8).
 
@@ -117,17 +127,7 @@ SSSSEEEEEEEE AAAALLLLSSSSOOOO
 
 
 
-
-
-
-
-
-
-
-
-
-
-6/Aug/1999                     1.6                              2
+17/Aug/1999                    1.6                              2
 
 
 
@@ -193,6 +193,6 @@ VISUDO(8)              MAINTENANCE COMMANDS             VISUDO(8)
 
 
 
-6/Aug/1999                     1.6                              3
+17/Aug/1999                    1.6                              3
 
 
diff --git a/visudo.html b/visudo.html
index f8673ae7f..4c0e4f427 100644
--- a/visudo.html
+++ b/visudo.html
@@ -18,9 +18,9 @@
 	<LI><A HREF="#FILES">FILES</A>
 	<LI><A HREF="#ENVIRONMENT_VARIABLES">ENVIRONMENT VARIABLES</A>
 	<LI><A HREF="#AUTHOR">AUTHOR</A>
+	<LI><A HREF="#BUGS">BUGS</A>
 	<LI><A HREF="#DISCLAIMER">DISCLAIMER</A>
 	<LI><A HREF="#CAVEATS">CAVEATS</A>
-	<LI><A HREF="#BUGS">BUGS</A>
 	<LI><A HREF="#SEE_ALSO">SEE ALSO</A>
 </UL>
 <!-- INDEX END -->
@@ -36,7 +36,7 @@ visudo - edit the sudoers file
 <HR>
 <H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
 <P>
-<STRONG>visudo</STRONG> [ <STRONG>-V</STRONG> ]
+<STRONG>visudo</STRONG> [ <STRONG>-s</STRONG> ] [ <STRONG>-V</STRONG> ]
 
 <P>
 <HR>
@@ -66,6 +66,12 @@ line where the error occurred (if the editor supports this feature).
 <STRONG>visudo</STRONG> accepts the following command line option:
 
 <DL>
+<DT><STRONG><A NAME="item__s">-s</A></STRONG><DD>
+<P>
+Enable <STRONG>strict</STRONG> checking of the <EM>sudoers</EM> file. If an alias is used before it is defined, <STRONG>visudo</STRONG> will consider this a parse error. Note that it is not possible to
+differentiate between an alias and a hostname or username that consists
+solely of upper case letters, digits, and the underscore ('_') character.
+
 <DT><STRONG><A NAME="item__V">-V</A></STRONG><DD>
 <P>
 The <CODE>-V</CODE> (version) option causes <STRONG>visudo</STRONG> to print the version number and exit.
@@ -77,8 +83,7 @@ The <CODE>-V</CODE> (version) option causes <STRONG>visudo</STRONG> to print the
 <DL>
 <DT><STRONG><A NAME="item_sudoers">sudoers file busy, try again later.</A></STRONG><DD>
 <P>
-Either someone is currently editing the <EM>sudoers</EM> file or there is a stale sudoers lock file (/etc/sudoers.tmp by default)
-that you need to delete.
+Someone else is currently editing the <EM>sudoers</EM> file.
 
 <DT><STRONG><A NAME="item__etc_sudoers_tmp_">/etc/sudoers.tmp: Permission denied</A></STRONG><DD>
 <P>
@@ -86,7 +91,14 @@ You didn't run <STRONG>visudo</STRONG> as root.
 
 <DT><STRONG><A NAME="item_Can">Can't find you in the passwd database</A></STRONG><DD>
 <P>
-Your userid does not appear in the passwd file.
+Your userid does not appear in the system passwd file.
+
+<DT><STRONG><A NAME="item_Warning">Warning: undeclared Alias referenced near ...</A></STRONG><DD>
+<P>
+Either you are using a {User,Runas,Host,Cmnd}_Alias before defining it or
+you have a user or hostname listed that consists solely of upper case
+letters, digits, and the underscore ('_') character. If the latter, you can
+ignore the warnings (<STRONG>sudo</STRONG> will not complain). In <STRONG>-s</STRONG> (strict) mode these are errors not warnings.
 
 <H1><A NAME="FILES">FILES</A></H1>
 <P>
@@ -113,6 +125,7 @@ Many people have worked on <EM>sudo</EM> over the years, this version of
 <P>
 See the HISTORY file in the sudo distribution for more details.
 
+<H1><A NAME="BUGS">BUGS</A></H1>
 <P>
 Please send all bugs, comments, and changes to <A
 HREF="mailto:sudo-bugs@courtesan.com.">sudo-bugs@courtesan.com.</A> Be sure
@@ -125,19 +138,10 @@ not limited to, the implied warranties of merchantability and fitness for a
 particular purpose are disclaimed. See the LICENSE file distributed with <STRONG>sudo</STRONG> for complete details.
 
 <H1><A NAME="CAVEATS">CAVEATS</A></H1>
-<P>
-Due to the syntax of the <EM>sudoers</EM> file, there is no way for
-<STRONG>visudo</STRONG> to tell the difference between a mistyped {Host,User,Cmnd}_Alias and a user
-or host name.
-
 <P>
 There is no easy way to prevent a user from gaining a root shell if the
 editor used by <STRONG>visudo</STRONG> allows shell escapes.
 
-<H1><A NAME="BUGS">BUGS</A></H1>
-<P>
-The <EM>-V</EM> flag gives the version of the <EM>sudo</EM> package rather than the individual <STRONG>visudo</STRONG> program.
-
 <H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
 <P>
 <CODE><A HREF="sudo.html">sudo(8)</A>, <CODE>vipw(8).</CODE>
diff --git a/visudo.man b/visudo.man
index ba1542b13..07a4a8949 100644
--- a/visudo.man
+++ b/visudo.man
@@ -2,9 +2,10 @@
 ''' $RCSfile$$Revision$$Date$
 '''
 ''' $Log$
-''' Revision 1.9  1999/08/06 09:37:02  millert
-''' o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow temp file
-''' o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP -> _PATH_SUDOERS_TMP
+''' Revision 1.10  1999/08/17 15:29:47  millert
+''' o NewArgv and NewArgc don't need to be externally visible.
+''' o If pedantic > 1, it is a parse error.
+''' o Add -s (strict) option to visudo which sets pedantic to 2.
 '''
 '''
 .de Sh
@@ -97,7 +98,7 @@
 .nr % 0
 .rr F
 .\}
-.TH VISUDO 8 "1.6" "6/Aug/1999" "MAINTENANCE COMMANDS"
+.TH VISUDO 8 "1.6" "17/Aug/1999" "MAINTENANCE COMMANDS"
 .UC
 .if n .hy 0
 .if n .na
@@ -194,7 +195,7 @@
 .SH "NAME"
 visudo \- edit the sudoers file
 .SH "SYNOPSIS"
-\fBvisudo\fR [ \fB\-V\fR ]
+\fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
 .SH "DESCRIPTION"
 \fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
 \fIvipw\fR\|(8).  \fBvisudo\fR locks the \fIsudoers\fR file against multiple
@@ -221,18 +222,29 @@ detected the cursor will be placed on the line where the error
 occurred (if the editor supports this feature).
 .SH "OPTIONS"
 \fBvisudo\fR accepts the following command line option:
+.Ip "-s" 4
+Enable \fBstrict\fR checking of the \fIsudoers\fR file.  If an alias is
+used before it is defined, \fBvisudo\fR will consider this a parse
+error.  Note that it is not possible to differentiate between an
+alias and a hostname or username that consists solely of upper case
+letters, digits, and the underscore ('_') character.
 .Ip "-V" 4
 The \f(CW-V\fR (version) option causes \fBvisudo\fR to print the version number
 and exit.
 .SH "ERRORS"
 .Ip "sudoers file busy, try again later." 4
-Either someone is currently editing the \fIsudoers\fR file
-or there is a stale sudoers lock file (/etc/sudoers.tmp by default)
-that you need to delete.
+Someone else is currently editing the \fIsudoers\fR file.
 .Ip "/etc/sudoers.tmp: Permission denied" 4
 You didn't run \fBvisudo\fR as root.
 .Ip "Can't find you in the passwd database" 4
-Your userid does not appear in the passwd file.
+Your userid does not appear in the system passwd file.
+.Ip "Warning: undeclared Alias referenced near ..." 4
+Either you are using a {User,Runas,Host,Cmnd}_Alias before
+defining it or you have a user or hostname listed that
+consists solely of upper case letters, digits, and the
+underscore ('_') character.  If the latter, you can ignore
+the warnings (\fBsudo\fR will not complain).  In \fB\-s\fR (strict)
+mode these are errors not warnings.
 .SH "FILES"
 .Sp
 .Vb 2
@@ -255,7 +267,7 @@ Many people have worked on \fIsudo\fR over the years, this version of
 \& Todd Miller            <Todd.Miller@courtesan.com>
 .Ve
 See the HISTORY file in the sudo distribution for more details.
-.Sp
+.SH "BUGS"
 Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
 Be sure to include the version of \fBsudo\fR you are using and the platform     
 you are running it on.
@@ -265,15 +277,8 @@ including, but not limited to, the implied warranties of merchantability
 and fitness for a particular purpose are disclaimed.
 See the LICENSE file distributed with \fBsudo\fR for complete details.
 .SH "CAVEATS"
-Due to the syntax of the \fIsudoers\fR file, there is no way for
-\fBvisudo\fR to tell the difference between a mistyped {Host,User,Cmnd}_Alias
-and a user or host name.
-.Sp
 There is no easy way to prevent a user from gaining a root shell if 
 the editor used by \fBvisudo\fR allows shell escapes.
-.SH "BUGS"
-The \fI\-V\fR flag gives the version of the \fIsudo\fR package rather than
-the individual \fBvisudo\fR program.
 .SH "SEE ALSO"
 \fIsudo\fR\|(8), \fIvipw\fR\|(8).
 
@@ -289,6 +294,8 @@ the individual \fBvisudo\fR program.
 
 .IX Header "OPTIONS"
 
+.IX Item "-s"
+
 .IX Item "-V"
 
 .IX Header "ERRORS"
@@ -299,17 +306,19 @@ the individual \fBvisudo\fR program.
 
 .IX Item "Can't find you in the passwd database"
 
+.IX Item "Warning: undeclared Alias referenced near ..."
+
 .IX Header "FILES"
 
 .IX Header "ENVIRONMENT VARIABLES"
 
 .IX Header "AUTHOR"
 
+.IX Header "BUGS"
+
 .IX Header "DISCLAIMER"
 
 .IX Header "CAVEATS"
 
-.IX Header "BUGS"
-
 .IX Header "SEE ALSO"
 
diff --git a/visudo.pod b/visudo.pod
index 60fd0223a..4d22e2ef0 100644
--- a/visudo.pod
+++ b/visudo.pod
@@ -41,7 +41,7 @@ visudo - edit the sudoers file
 
 =head1 SYNOPSIS
 
-B<visudo> [ B<-V> ]
+B<visudo> [ B<-s> ] [ B<-V> ]
 
 =head1 DESCRIPTION
 
@@ -75,6 +75,14 @@ B<visudo> accepts the following command line option:
 
 =over 4
 
+=item -s
+
+Enable B<strict> checking of the I<sudoers> file.  If an alias is
+used before it is defined, B<visudo> will consider this a parse
+error.  Note that it is not possible to differentiate between an
+alias and a hostname or username that consists solely of upper case
+letters, digits, and the underscore ('_') character.
+
 =item -V
 
 The C<-V> (version) option causes B<visudo> to print the version number
@@ -88,9 +96,7 @@ and exit.
 
 =item sudoers file busy, try again later.
 
-Either someone is currently editing the I<sudoers> file
-or there is a stale sudoers lock file (/etc/sudoers.tmp by default)
-that you need to delete.
+Someone else is currently editing the I<sudoers> file.
 
 =item /etc/sudoers.tmp: Permission denied
 
@@ -98,7 +104,16 @@ You didn't run B<visudo> as root.
 
 =item Can't find you in the passwd database
 
-Your userid does not appear in the passwd file.
+Your userid does not appear in the system passwd file.
+
+=item Warning: undeclared Alias referenced near ...
+
+Either you are using a {User,Runas,Host,Cmnd}_Alias before
+defining it or you have a user or hostname listed that
+consists solely of upper case letters, digits, and the
+underscore ('_') character.  If the latter, you can ignore
+the warnings (B<sudo> will not complain).  In B<-s> (strict)
+mode these are errors not warnings.
 
 =head1 FILES
 
@@ -122,6 +137,8 @@ B<visudo> was written by:
 
 See the HISTORY file in the sudo distribution for more details.
 
+=head1 BUGS
+
 Please send all bugs, comments, and changes to sudo-bugs@courtesan.com.
 Be sure to include the version of B<sudo> you are using and the platform     
 you are running it on.
@@ -135,18 +152,9 @@ See the LICENSE file distributed with B<sudo> for complete details.
 
 =head1 CAVEATS
 
-Due to the syntax of the I<sudoers> file, there is no way for
-B<visudo> to tell the difference between a mistyped {Host,User,Cmnd}_Alias
-and a user or host name.
-
 There is no easy way to prevent a user from gaining a root shell if 
 the editor used by B<visudo> allows shell escapes.
 
-=head1 BUGS
-
-The I<-V> flag gives the version of the I<sudo> package rather than
-the individual B<visudo> program.
-
 =head1 SEE ALSO
 
 sudo(8), vipw(8).