From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 5 Feb 2015 18:16:06 +0000 (-0700)
Subject: Require POSIX regular expression support for sudoreplay.
X-Git-Tag: SUDO_1_8_12^2~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a3435e7d129d3d58792708fd2797ddd21e90f0b9;p=sudo

Require POSIX regular expression support for sudoreplay.
---

diff --git a/config.h.in b/config.h.in
index 809c34aa5..1a2bceb3d 100644
--- a/config.h.in
+++ b/config.h.in
@@ -557,9 +557,6 @@
 /* Define to 1 if you have the `random' function. */
 #undef HAVE_RANDOM
 
-/* Define to 1 if you have the `regcomp' function. */
-#undef HAVE_REGCOMP
-
 /* Define to 1 if you have the `revoke' function. */
 #undef HAVE_REVOKE
 
diff --git a/configure b/configure
index fd1c53844..944029fee 100755
--- a/configure
+++ b/configure
@@ -2828,7 +2828,6 @@ as_fn_append ac_header_list " sys/stropts.h"
 as_fn_append ac_header_list " sys/sysmacros.h"
 as_fn_append ac_func_list " killpg"
 as_fn_append ac_func_list " nl_langinfo"
-as_fn_append ac_func_list " regcomp"
 as_fn_append ac_func_list " strftime"
 as_fn_append ac_func_list " strrchr"
 as_fn_append ac_func_list " strtoll"
@@ -18052,8 +18051,6 @@ done
 
 
 
-
-
 for ac_func in getgrouplist
 do :
   ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist"
diff --git a/configure.ac b/configure.ac
index 1fedd0763..979cab51d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2339,7 +2339,7 @@ dnl
 dnl Function checks
 dnl
 AC_FUNC_GETGROUPS
-AC_CHECK_FUNCS_ONCE([killpg nl_langinfo regcomp strftime strrchr strtoll sysconf tzset])
+AC_CHECK_FUNCS_ONCE([killpg nl_langinfo strftime strrchr strtoll sysconf tzset])
 AC_CHECK_FUNCS([getgrouplist], [], [
     case "$host_os" in
     aix*)
diff --git a/doc/sudoreplay.cat b/doc/sudoreplay.cat
index dfc4e637c..dc41fbf80 100644
--- a/doc/sudoreplay.cat
+++ b/doc/sudoreplay.cat
@@ -58,11 +58,8 @@ DDEESSCCRRIIPPTTIIOONN
                  following predicates:
 
                  command _p_a_t_t_e_r_n
-                         Evaluates to true if the command run matches _p_a_t_t_e_r_n.
-                         On systems with POSIX regular expression support, the
-                         pattern may be an extended regular expression.  On
-                         systems without POSIX regular expression support, a
-                         simple sub-string match is performed instead.
+                         Evaluates to true if the command run matches the
+                         POSIX extended regular expression _p_a_t_t_e_r_n.
 
                  cwd _d_i_r_e_c_t_o_r_y
                          Evaluates to true if the command was run with the
@@ -274,4 +271,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or http://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.12                    December 4, 2014                    Sudo 1.8.12
+Sudo 1.8.12                    February 5, 2015                    Sudo 1.8.12
diff --git a/doc/sudoreplay.man.in b/doc/sudoreplay.man.in
index caf714984..8c84bf848 100644
--- a/doc/sudoreplay.man.in
+++ b/doc/sudoreplay.man.in
@@ -1,7 +1,7 @@
 .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
 .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
 .\"
-.\" Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2009-2015 Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.TH "SUDOREPLAY" "8" "December 4, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDOREPLAY" "8" "February 5, 2015" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -135,12 +135,9 @@ An expression is composed of the following predicates:
 .PD 0
 .TP 8n
 command \fIpattern\fR
-Evaluates to true if the command run matches
+Evaluates to true if the command run matches the POSIX extended
+regular expression
 \fIpattern\fR.
-On systems with POSIX regular expression support, the pattern may
-be an extended regular expression.
-On systems without POSIX regular expression support, a simple sub-string
-match is performed instead.
 .PD
 .TP 8n
 cwd \fIdirectory\fR
diff --git a/doc/sudoreplay.mdoc.in b/doc/sudoreplay.mdoc.in
index 00c735362..37be37004 100644
--- a/doc/sudoreplay.mdoc.in
+++ b/doc/sudoreplay.mdoc.in
@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2009-2015 Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 4, 2014
+.Dd February 5, 2015
 .Dt SUDOREPLAY @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -124,12 +124,9 @@ is specified, it will be used to restrict the IDs that are displayed.
 An expression is composed of the following predicates:
 .Bl -tag -width 6n
 .It command Ar pattern
-Evaluates to true if the command run matches
+Evaluates to true if the command run matches the POSIX extended
+regular expression
 .Ar pattern .
-On systems with POSIX regular expression support, the pattern may
-be an extended regular expression.
-On systems without POSIX regular expression support, a simple sub-string
-match is performed instead.
 .It cwd Ar directory
 Evaluates to true if the command was run with the specified current
 working directory.
diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c
index a0ab984d8..dbe44af04 100644
--- a/plugins/sudoers/sudoreplay.c
+++ b/plugins/sudoers/sudoreplay.c
@@ -69,18 +69,16 @@
 #  include <ndir.h>
 # endif
 #endif
-#ifdef HAVE_REGCOMP
-# include <regex.h>
-#endif
-#ifdef HAVE_ZLIB_H
-# include <zlib.h>
-#endif
-#include <signal.h>
 #ifdef HAVE_STDBOOL_H
 # include <stdbool.h>
 #else
 # include "compat/stdbool.h"
 #endif /* HAVE_STDBOOL_H */
+#include <regex.h>
+#include <signal.h>
+#ifdef HAVE_ZLIB_H
+# include <zlib.h>
+#endif
 
 #include <pathnames.h>
 
@@ -151,11 +149,7 @@ struct search_node {
     bool negated;
     bool or;
     union {
-#ifdef HAVE_REGCOMP
 	regex_t cmdre;
-#else
-	char *pattern;
-#endif
 	time_t tstamp;
 	char *cwd;
 	char *tty;
@@ -205,12 +199,6 @@ static void sudoreplay_handler(int);
 static void usage(int);
 static void write_output(int fd, int what, void *v);
 
-#ifdef HAVE_REGCOMP
-# define REGEX_T	regex_t
-#else
-# define REGEX_T	char
-#endif
-
 #define VALID_ID(s) (isalnum((unsigned char)(s)[0]) && \
     isalnum((unsigned char)(s)[1]) && isalnum((unsigned char)(s)[2]) && \
     isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \
@@ -715,13 +703,10 @@ parse_expr(struct search_node_list *head, char *argv[], bool sub_expr)
 	} else {
 	    if (*(++av) == NULL)
 		sudo_fatalx(U_("%s requires an argument"), av[-1]);
-#ifdef HAVE_REGCOMP
 	    if (type == ST_PATTERN) {
 		if (regcomp(&sn->u.cmdre, *av, REG_EXTENDED|REG_NOSUB) != 0)
 		    sudo_fatalx(U_("invalid regular expression: %s"), *av);
-	    } else
-#endif
-	    if (type == ST_TODATE || type == ST_FROMDATE) {
+	    } else if (type == ST_TODATE || type == ST_FROMDATE) {
 		sn->u.tstamp = get_date(*av);
 		if (sn->u.tstamp == -1)
 		    sudo_fatalx(U_("could not parse date \"%s\""), *av);
@@ -771,7 +756,6 @@ match_expr(struct search_node_list *head, struct log_info *log, bool last_match)
 	    res = strcmp(sn->u.user, log->user) == 0;
 	    break;
 	case ST_PATTERN:
-#ifdef HAVE_REGCOMP
 	    rc = regexec(&sn->u.cmdre, log->cmd, 0, NULL, 0);
 	    if (rc && rc != REG_NOMATCH) {
 		char buf[BUFSIZ];
@@ -779,9 +763,6 @@ match_expr(struct search_node_list *head, struct log_info *log, bool last_match)
 		sudo_fatalx("%s", buf);
 	    }
 	    res = rc == REG_NOMATCH ? 0 : 1;
-#else
-	    res = strstr(log.cmd, sn->u.pattern) != NULL;
-#endif
 	    break;
 	case ST_FROMDATE:
 	    res = log->tstamp >= sn->u.tstamp;
@@ -935,7 +916,7 @@ free_log_info(struct log_info *li)
 }
 
 static int
-list_session(char *logfile, REGEX_T *re, const char *user, const char *tty)
+list_session(char *logfile, regex_t *re, const char *user, const char *tty)
 {
     char idbuf[7], *idstr, *cp;
     const char *timestr;
@@ -992,7 +973,7 @@ session_compare(const void *v1, const void *v2)
 
 /* XXX - always returns 0, calls sudo_fatal() on failure */
 static int
-find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty)
+find_sessions(const char *dir, regex_t *re, const char *user, const char *tty)
 {
     DIR *d;
     struct dirent *dp;
@@ -1079,22 +1060,18 @@ static int
 list_sessions(int argc, char **argv, const char *pattern, const char *user,
     const char *tty)
 {
-    REGEX_T rebuf, *re = NULL;
+    regex_t rebuf, *re = NULL;
     debug_decl(list_sessions, SUDO_DEBUG_UTIL)
 
     /* Parse search expression if present */
     parse_expr(&search_expr, argv, false);
 
-#ifdef HAVE_REGCOMP
     /* optional regex */
     if (pattern) {
 	re = &rebuf;
 	if (regcomp(re, pattern, REG_EXTENDED|REG_NOSUB) != 0)
 	    sudo_fatalx(U_("invalid regular expression: %s"), pattern);
     }
-#else
-    re = (char *) pattern;
-#endif /* HAVE_REGCOMP */
 
     debug_return_int(find_sessions(session_dir, re, user, tty));
 }