From 154a5f59a923dc37fbc76c050a6b821fce2d8210 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 24 May 2018 21:04:07 -0600 Subject: [PATCH] Move digest code into libutil --- MANIFEST | 6 +- configure | 10 +- configure.ac | 10 +- include/sudo_digest.h | 44 + lib/util/Makefile.in | 23 +- lib/util/digest.c | 170 ++ lib/util/digest_gcrypt.c | 150 ++ .../util/digest_openssl.c | 118 +- lib/util/util.exp.in | 6 + mkdep.pl | 2 +- plugins/sudoers/Makefile.in | 353 ++-- plugins/sudoers/digestname.c | 1 + plugins/sudoers/filedigest.c | 76 +- plugins/sudoers/filedigest_gcrypt.c | 112 -- plugins/sudoers/gram.c | 229 +-- plugins/sudoers/gram.h | 2 +- plugins/sudoers/gram.y | 23 +- plugins/sudoers/ldap_util.c | 9 +- plugins/sudoers/match.c | 40 +- plugins/sudoers/parse.h | 12 +- plugins/sudoers/regress/parser/check_digest.c | 1 + plugins/sudoers/sudo_ldap.h | 2 +- plugins/sudoers/toke.c | 1738 +++++++++-------- plugins/sudoers/toke.l | 23 +- 24 files changed, 1806 insertions(+), 1354 deletions(-) create mode 100644 include/sudo_digest.h create mode 100644 lib/util/digest.c create mode 100644 lib/util/digest_gcrypt.c rename plugins/sudoers/filedigest_openssl.c => lib/util/digest_openssl.c (62%) delete mode 100644 plugins/sudoers/filedigest_gcrypt.c diff --git a/MANIFEST b/MANIFEST index b7919ee05..da994f947 100644 --- a/MANIFEST +++ b/MANIFEST @@ -70,6 +70,7 @@ include/compat/stdbool.h include/sudo_compat.h include/sudo_conf.h include/sudo_debug.h +include/sudo_digest.h include/sudo_dso.h include/sudo_event.h include/sudo_fatal.h @@ -86,6 +87,9 @@ install-sh lib/util/Makefile.in lib/util/aix.c lib/util/closefrom.c +lib/util/digest.c +lib/util/digest_gcrypt.c +lib/util/digest_openssl.c lib/util/event.c lib/util/event_poll.c lib/util/event_select.c @@ -280,8 +284,6 @@ plugins/sudoers/env.c plugins/sudoers/env_pattern.c plugins/sudoers/file.c plugins/sudoers/filedigest.c -plugins/sudoers/filedigest_gcrypt.c -plugins/sudoers/filedigest_openssl.c plugins/sudoers/find_path.c plugins/sudoers/fmtsudoers.c plugins/sudoers/gc.c diff --git a/configure b/configure index d600035c6..4bfee2f82 100755 --- a/configure +++ b/configure @@ -723,7 +723,7 @@ vardir rundir iolog_dir devsearch -FILEDIGEST +DIGEST exampledir TMPFILES_D COMPAT_EXP @@ -3116,7 +3116,7 @@ secure_path="not set" pam_session=on pam_login_service=sudo PLUGINDIR=/usr/local/libexec/sudo -FILEDIGEST=filedigest.lo +DIGEST=digest.lo devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev" # # End initial values for man page substitution @@ -6415,7 +6415,7 @@ if test "${enable_openssl+set}" = set; then : enableval=$enable_openssl; case $enableval in no) ;; *) LIBMD="-lcrypto" - FILEDIGEST=filedigest_openssl.lo + DIGEST=digest_openssl.lo if test "$enableval" != "yes"; then if ${CPPFLAGS+:} false; then : @@ -6529,7 +6529,7 @@ if test "${enable_gcrypt+set}" = set; then : enableval=$enable_gcrypt; case $enableval in no) ;; *) LIBMD="-lgcrypt" - FILEDIGEST=filedigest_gcrypt.lo + DIGEST=digest_gcrypt.lo if test "$enableval" != "yes"; then if ${CPPFLAGS+:} false; then : @@ -20752,7 +20752,7 @@ fi fi # Look for sha2 functions if not using openssl -if test "$FILEDIGEST" = "filedigest.lo"; then +if test "$DIGEST" = "digest.lo"; then FOUND_SHA2=no ac_fn_c_check_header_mongrel "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" if test "x$ac_cv_header_sha2_h" = xyes; then : diff --git a/configure.ac b/configure.ac index 562f51acb..b5f1ef34c 100644 --- a/configure.ac +++ b/configure.ac @@ -96,7 +96,7 @@ AC_SUBST([RC_LINK]) AC_SUBST([COMPAT_EXP]) AC_SUBST([TMPFILES_D]) AC_SUBST([exampledir]) -AC_SUBST([FILEDIGEST]) +AC_SUBST([DIGEST]) AC_SUBST([devsearch]) dnl dnl Variables that get substituted in docs (not overridden by environment) @@ -185,7 +185,7 @@ secure_path="not set" pam_session=on pam_login_service=sudo PLUGINDIR=/usr/local/libexec/sudo -FILEDIGEST=filedigest.lo +DIGEST=digest.lo devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev" # # End initial values for man page substitution @@ -1468,7 +1468,7 @@ AC_ARG_ENABLE(openssl, [ case $enableval in no) ;; *) LIBMD="-lcrypto" - FILEDIGEST=filedigest_openssl.lo + DIGEST=digest_openssl.lo if test "$enableval" != "yes"; then AX_APPEND_FLAG([-I${enableval}/include], [CPPFLAGS]) SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${enableval}/lib]) @@ -1482,7 +1482,7 @@ AC_ARG_ENABLE(gcrypt, [ case $enableval in no) ;; *) LIBMD="-lgcrypt" - FILEDIGEST=filedigest_gcrypt.lo + DIGEST=digest_gcrypt.lo if test "$enableval" != "yes"; then AX_APPEND_FLAG([-I${enableval}/include], [CPPFLAGS]) SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${enableval}/lib]) @@ -2773,7 +2773,7 @@ AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) # Look for sha2 functions if not using openssl -if test "$FILEDIGEST" = "filedigest.lo"; then +if test "$DIGEST" = "digest.lo"; then FOUND_SHA2=no AC_CHECK_HEADER([sha2.h], [ FOUND_SHA2=yes diff --git a/include/sudo_digest.h b/include/sudo_digest.h new file mode 100644 index 000000000..9fffa1b4d --- /dev/null +++ b/include/sudo_digest.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_DIGEST_H +#define SUDO_DIGEST_H + +/* Digest types. */ +#define SUDO_DIGEST_SHA224 0 +#define SUDO_DIGEST_SHA256 1 +#define SUDO_DIGEST_SHA384 2 +#define SUDO_DIGEST_SHA512 3 +#define SUDO_DIGEST_INVALID 4 + +struct sudo_digest; + +/* Public functions. */ +__dso_public struct sudo_digest *sudo_digest_alloc_v1(int digest_type); +__dso_public void sudo_digest_free_v1(struct sudo_digest *dig); +__dso_public void sudo_digest_reset_v1(struct sudo_digest *dig); +__dso_public int sudo_digest_getlen_v1(int digest_type); +__dso_public void sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len); +__dso_public void sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md); + +#define sudo_digest_alloc(_a) sudo_digest_alloc_v1((_a)) +#define sudo_digest_free(_a) sudo_digest_free_v1((_a)) +#define sudo_digest_reset(_a) sudo_digest_reset_v1((_a)) +#define sudo_digest_getlen(_a) sudo_digest_getlen_v1((_a)) +#define sudo_digest_update(_a, _b, _c) sudo_digest_update_v1((_a), (_b), (_c)) +#define sudo_digest_final(_a, _b) sudo_digest_final_v1((_a), (_b)) + +#endif /* SUDO_DIGEST_H */ diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in index 9f6bb747d..429f69964 100644 --- a/lib/util/Makefile.in +++ b/lib/util/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011-2017 Todd C. Miller +# Copyright (c) 2011-2018 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -108,7 +108,7 @@ DEVEL = @DEVEL@ SHELL = @SHELL@ -LTOBJS = event.lo fatal.lo key_val.lo gethostname.lo gettime.lo \ +LTOBJS = @DIGEST@ event.lo fatal.lo key_val.lo gethostname.lo gettime.lo \ gidlist.lo lbuf.lo locking.lo parseln.lo progname.lo secure_path.lo \ setgroups.lo strsplit.lo strtobool.lo strtoid.lo strtomode.lo \ sudo_conf.lo sudo_debug.lo sudo_dso.lo term.lo ttyname_dev.lo \ @@ -155,9 +155,9 @@ $(shlib_opt): $(shlib_exp) libsudo_util.la: $(LTOBJS) @LT_LDDEP@ case "$(LT_LDFLAGS)" in \ *-no-install*) \ - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) @LIBINTL@ @LIBDL@ @LIBRT@;; \ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) @LIBINTL@ @LIBMD@ @LIBDL@ @LIBRT@;; \ *) \ - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) -version-info $(SHLIB_VERSION) -rpath $(libexecdir)/sudo @LT_DEP_LIBS@ @LIBINTL@ @LIBDL@ @LIBRT@;; \ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LDFLAGS) $(ASAN_LDFLAGS) $(SSP_LDFLAGS) $(LT_LDFLAGS) $(LTOBJS) -version-info $(SHLIB_VERSION) -rpath $(libexecdir)/sudo @LT_DEP_LIBS@ @LIBINTL@ @LIBMD@ @LIBDL@ @LIBRT@;; \ esac siglist.c: mksiglist @@ -366,6 +366,21 @@ conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/sudo_conf/conf_test.c +digest.lo: $(srcdir)/digest.c $(incdir)/compat/sha2.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_digest.h \ + $(incdir)/sudo_queue.h $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/digest.c +digest_gcrypt.lo: $(srcdir)/digest_gcrypt.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_digest.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/digest_gcrypt.c +digest_openssl.lo: $(srcdir)/digest_openssl.c $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_digest.h $(incdir)/sudo_queue.h \ + $(top_builddir)/config.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/digest_openssl.c event.lo: $(srcdir)/event.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_event.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(top_builddir)/config.h diff --git a/lib/util/digest.c b/lib/util/digest.c new file mode 100644 index 000000000..dd2141412 --- /dev/null +++ b/lib/util/digest.c @@ -0,0 +1,170 @@ +/* + * Copyright (c) 2013-2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include + +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif +#include +#include +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_digest.h" + +#ifdef HAVE_SHA224UPDATE +# include +#else +# include "compat/sha2.h" +#endif + +static struct digest_function { + const unsigned int digest_len; + void (*init)(SHA2_CTX *); +#ifdef SHA2_VOID_PTR + void (*update)(SHA2_CTX *, const void *, size_t); + void (*final)(void *, SHA2_CTX *); +#else + void (*update)(SHA2_CTX *, const unsigned char *, size_t); + void (*final)(unsigned char *, SHA2_CTX *); +#endif +} digest_functions[] = { + { + SHA224_DIGEST_LENGTH, + SHA224Init, + SHA224Update, + SHA224Final + }, { + SHA256_DIGEST_LENGTH, + SHA256Init, + SHA256Update, + SHA256Final + }, { + SHA384_DIGEST_LENGTH, + SHA384Init, + SHA384Update, + SHA384Final + }, { + SHA512_DIGEST_LENGTH, + SHA512Init, + SHA512Update, + SHA512Final + }, { + 0 + } +}; + +struct sudo_digest { + struct digest_function *func; + SHA2_CTX ctx; +}; + +struct sudo_digest * +sudo_digest_alloc_v1(int digest_type) +{ + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL) + struct digest_function *func = NULL; + struct sudo_digest *dig; + int i; + + for (i = 0; digest_functions[i].digest_len != 0; i++) { + if (digest_type == i) { + func = &digest_functions[i]; + break; + } + } + if (func == NULL) { + errno = EINVAL; + debug_return_ptr(NULL); + } + + if ((dig = malloc(sizeof(*dig))) == NULL) + debug_return_ptr(NULL); + func->init(&dig->ctx); + dig->func = func; + + debug_return_ptr(dig); +} + +void +sudo_digest_free_v1(struct sudo_digest *dig) +{ + debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL) + + free(dig); + + debug_return; +} + +void +sudo_digest_reset_v1(struct sudo_digest *dig) +{ + debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL) + + dig->func->init(&dig->ctx); + + debug_return; +} + +int +sudo_digest_getlen_v1(int digest_type) +{ + debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL) + int i; + + for (i = 0; digest_functions[i].digest_len != 0; i++) { + if (digest_type == i) + debug_return_int(digest_functions[i].digest_len); + } + + debug_return_int(-1); +} + +void +sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len) +{ + debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL) + + dig->func->update(&dig->ctx, data, len); + + debug_return; +} + +void +sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md) +{ + debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL) + + dig->func->final(md, &dig->ctx); + + debug_return; +} diff --git a/lib/util/digest_gcrypt.c b/lib/util/digest_gcrypt.c new file mode 100644 index 000000000..c85b1f534 --- /dev/null +++ b/lib/util/digest_gcrypt.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2017-2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +#include + +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include + +#include + +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_digest.h" + +struct sudo_digest { + int gcry_digest_type; + unsigned int digest_len; + gcry_md_hd_t ctx; +}; + +/* Map sudo digest type to gcrypt digest type. */ +static int +sudo_digest_type_to_gcry(int digest_type) +{ + switch (digest_type) { + case SUDO_DIGEST_SHA224: + return GCRY_MD_SHA224; + break; + case SUDO_DIGEST_SHA256: + return GCRY_MD_SHA256; + break; + case SUDO_DIGEST_SHA384: + return GCRY_MD_SHA384; + break; + case SUDO_DIGEST_SHA512: + return GCRY_MD_SHA512; + break; + default: + return -1; + } +} + +struct sudo_digest * +sudo_digest_alloc_v1(int digest_type) +{ + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL) + struct sudo_digest *dig; + int gcry_digest_type; + + gcry_digest_type = sudo_digest_type_to_gcry(digest_type); + if (gcry_digest_type == -1) { + errno = EINVAL; + debug_return_ptr(NULL); + } + + if ((dig = malloc(sizeof(*dig))) == NULL) + debug_return_ptr(NULL); + dig->gcry_digest_type = gcry_digest_type; + dig->digest_len = gcry_md_get_algo_dlen(gcry_digest_type); + + if (gcry_md_open(&dig->ctx, gcry_digest_type, 0) != 0) { + free(dig); + debug_return_ptr(NULL); + } + + debug_return_ptr(dig); +} + +void +sudo_digest_free_v1(struct sudo_digest *dig) +{ + debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL) + + if (dig != NULL) { + gcry_md_close(dig->ctx); + free(dig); + } + + debug_return; +} + +void +sudo_digest_reset_v1(struct sudo_digest *dig) +{ + debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL) + + gcry_md_reset(dig->ctx); + + debug_return; +} + +int +sudo_digest_getlen_v1(int digest_type) +{ + debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL) + int gcry_digest_type; + + gcry_digest_type = sudo_digest_type_to_gcry(digest_type); + if (gcry_digest_type == -1) + debug_return_int(-1); + + debug_return_int(gcry_md_get_algo_dlen(gcry_digest_type)); +} + +void +sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len) +{ + debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL) + + gcry_md_write(dig->ctx, data, len); + + debug_return; +} + +void +sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md) +{ + debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL) + + gcry_md_final(dig->ctx); + memcpy(md, gcry_md_read(dig->ctx, 0), dig->digest_len); + + debug_return; +} diff --git a/plugins/sudoers/filedigest_openssl.c b/lib/util/digest_openssl.c similarity index 62% rename from plugins/sudoers/filedigest_openssl.c rename to lib/util/digest_openssl.c index 3d0fc2220..d229d073b 100644 --- a/plugins/sudoers/filedigest_openssl.c +++ b/lib/util/digest_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2017 Todd C. Miller + * Copyright (c) 2013-2018 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -34,7 +34,9 @@ #include -#include "sudoers.h" +#include "sudo_compat.h" +#include "sudo_debug.h" +#include "sudo_digest.h" union ANY_CTX { SHA256_CTX sha256; @@ -72,17 +74,18 @@ static struct digest_function { } }; -unsigned char * -sudo_filedigest(int fd, const char *file, int digest_type, size_t *digest_len) +struct sudo_digest { + struct digest_function *func; + union ANY_CTX ctx; +}; + +struct sudo_digest * +sudo_digest_alloc_v1(int digest_type) { + debug_decl(sudo_digest_alloc, SUDO_DEBUG_UTIL) struct digest_function *func = NULL; - unsigned char *file_digest = NULL; - unsigned char buf[32 * 1024]; - size_t nread; - union ANY_CTX ctx; - int i, fd2; - FILE *fp = NULL; - debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL) + struct sudo_digest *dig; + int i; for (i = 0; digest_functions[i].digest_len != 0; i++) { if (digest_type == i) { @@ -91,42 +94,67 @@ sudo_filedigest(int fd, const char *file, int digest_type, size_t *digest_len) } } if (func == NULL) { - sudo_warnx(U_("unsupported digest type %d for %s"), digest_type, file); - goto bad; + errno = EINVAL; + debug_return_ptr(NULL); } - if ((fd2 = dup(fd)) == -1) { - sudo_debug_printf(SUDO_DEBUG_INFO, "unable to dup %s: %s", - file, strerror(errno)); - goto bad; - } - if ((fp = fdopen(fd2, "r")) == NULL) { - sudo_debug_printf(SUDO_DEBUG_INFO, "unable to fdopen %s: %s", - file, strerror(errno)); - close(fd2); - goto bad; - } - if ((file_digest = malloc(func->digest_len)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto bad; - } + if ((dig = malloc(sizeof(*dig))) == NULL) + debug_return_ptr(NULL); + func->init(&dig->ctx); + dig->func = func; - func->init(&ctx); - while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { - func->update(&ctx, buf, nread); - } - if (ferror(fp)) { - sudo_warnx(U_("%s: read error"), file); - goto bad; + debug_return_ptr(dig); +} + +void +sudo_digest_free_v1(struct sudo_digest *dig) +{ + debug_decl(sudo_digest_free, SUDO_DEBUG_UTIL) + + free(dig); + + debug_return; +} + +void +sudo_digest_reset_v1(struct sudo_digest *dig) +{ + debug_decl(sudo_digest_reset, SUDO_DEBUG_UTIL) + + dig->func->init(&dig->ctx); + + debug_return; +} +int +sudo_digest_getlen_v1(int digest_type) +{ + debug_decl(sudo_digest_getlen, SUDO_DEBUG_UTIL) + int i; + + for (i = 0; digest_functions[i].digest_len != 0; i++) { + if (digest_type == i) + debug_return_int(digest_functions[i].digest_len); } - func->final(file_digest, &ctx); - fclose(fp); - - *digest_len = func->digest_len; - debug_return_ptr(file_digest); -bad: - free(file_digest); - if (fp != NULL) - fclose(fp); - debug_return_ptr(NULL); + + debug_return_int(-1); +} + +void +sudo_digest_update_v1(struct sudo_digest *dig, const void *data, size_t len) +{ + debug_decl(sudo_digest_update, SUDO_DEBUG_UTIL) + + dig->func->update(&dig->ctx, data, len); + + debug_return; +} + +void +sudo_digest_final_v1(struct sudo_digest *dig, unsigned char *md) +{ + debug_decl(sudo_digest_final, SUDO_DEBUG_UTIL) + + dig->func->final(md, &dig->ctx); + + debug_return; } diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in index acc4bd2ad..e0e433683 100644 --- a/lib/util/util.exp.in +++ b/lib/util/util.exp.in @@ -37,6 +37,12 @@ sudo_debug_set_active_instance_v1 sudo_debug_update_fd_v1 sudo_debug_vprintf2_v1 sudo_debug_write2_v1 +sudo_digest_alloc_v1 +sudo_digest_final_v1 +sudo_digest_free_v1 +sudo_digest_getlen_v1 +sudo_digest_reset_v1 +sudo_digest_update_v1 sudo_dso_findsym_v1 sudo_dso_load_v1 sudo_dso_preload_table_v1 diff --git a/mkdep.pl b/mkdep.pl index 96606f469..fdbf9ec5e 100755 --- a/mkdep.pl +++ b/mkdep.pl @@ -82,7 +82,7 @@ sub mkdep { $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo ldap_util.lo ldap_conf.lo solaris_audit.lo sssd.lo:; # XXX - fill in AUTH_OBJS from contents of the auth dir instead $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; - $makefile =~ s:\@FILEDIGEST\@:filedigest.lo filedigest_openssl.lo filedigest_gcrypt.lo:; + $makefile =~ s:\@DIGEST\@:digest.lo digest_openssl.lo digest_gcrypt.lo:; $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo inet_ntop_lo inet_pton.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo reallocarray.lo sha2.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strndup.lo strnlen.lo strsignal.lo strtonum.lo utimens.lo vsyslog.lo pipe2.lo:; # Parse OBJS lines diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 030e3cb81..352c3aff7 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -54,11 +54,11 @@ INSTALL_BACKUP = @INSTALL_BACKUP@ LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la LIBS = $(LT_LIBS) NET_LIBS = @NET_LIBS@ -SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ +SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ -VISUDO_LIBS = $(NET_LIBS) @LIBMD@ -CVTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ -TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ +VISUDO_LIBS = $(NET_LIBS) +CVTSUDOERS_LIBS = $(NET_LIBS) +TESTSUDOERS_LIBS = $(NET_LIBS) # C preprocessor defines CPPDEFS = -DLIBDIR=\"$(libdir)\" -DLOCALEDIR=\"$(localedir)\" \ @@ -148,7 +148,7 @@ TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo digestname.lo \ - @FILEDIGEST@ gentime.lo gmtoff.lo gram.lo hexchar.lo \ + filedigest.lo gentime.lo gmtoff.lo gram.lo hexchar.lo \ match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ rcstr.lo redblack.lo sudoers_debug.lo timeout.lo \ timestr.lo toke.lo toke_util.lo @@ -178,7 +178,7 @@ CHECK_ADDR_OBJS = check_addr.o interfaces.o match_addr.o sudoers_debug.o \ CHECK_BASE64_OBJS = check_base64.o base64.o sudoers_debug.o -CHECK_DIGEST_OBJS = check_digest.o @FILEDIGEST@ digestname.o sudoers_debug.o +CHECK_DIGEST_OBJS = check_digest.o filedigest.o digestname.o sudoers_debug.o CHECK_ENV_MATCH_OBJS = check_env_pattern.o env_pattern.o sudoers_debug.o @@ -259,7 +259,7 @@ check_base64: $(CHECK_BASE64_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS) - $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @LIBMD@ + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) check_env_pattern: $(CHECK_ENV_MATCH_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_ENV_MATCH_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @@ -569,9 +569,9 @@ afs.lo: $(authdir)/afs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/afs.c aix_auth.lo: $(authdir)/aix_auth.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -579,7 +579,7 @@ aix_auth.lo: $(authdir)/aix_auth.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/aix_auth.c @@ -597,8 +597,8 @@ audit.lo: $(srcdir)/audit.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/bsm_audit.h $(srcdir)/defaults.h $(srcdir)/linux_audit.h \ - $(srcdir)/logging.h $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/solaris_audit.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/audit.c base64.lo: $(srcdir)/base64.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -606,9 +606,9 @@ base64.lo: $(srcdir)/base64.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/base64.c base64.o: base64.lo boottime.lo: $(srcdir)/boottime.c $(devdir)/def_data.h \ @@ -617,7 +617,7 @@ boottime.lo: $(srcdir)/boottime.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/boottime.c @@ -627,8 +627,9 @@ bsdauth.lo: $(authdir)/bsdauth.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/bsdauth.c bsm_audit.lo: $(srcdir)/bsm_audit.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -636,17 +637,18 @@ bsm_audit.lo: $(srcdir)/bsm_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/bsm_audit.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/bsm_audit.c check.lo: $(srcdir)/check.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/check.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/check.c check_addr.o: $(srcdir)/regress/parser/check_addr.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -665,8 +667,9 @@ check_base64.o: $(srcdir)/regress/parser/check_base64.c \ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/parser/check_base64.c check_digest.o: $(srcdir)/regress/parser/check_digest.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/parse.h $(top_builddir)/config.h + $(incdir)/sudo_digest.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/parse.h \ + $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/parser/check_digest.c check_env_pattern.o: $(srcdir)/regress/env_match/check_env_pattern.c \ $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -675,9 +678,9 @@ check_env_pattern.o: $(srcdir)/regress/env_match/check_env_pattern.c \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/env_match/check_env_pattern.c check_fill.o: $(srcdir)/regress/parser/check_fill.c $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -702,7 +705,7 @@ check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/iolog_path/check_iolog_path.c @@ -764,7 +767,7 @@ cvtsudoers_pwutil.o: $(srcdir)/cvtsudoers_pwutil.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/cvtsudoers.h \ $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h \ + $(srcdir)/parse.h $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h \ $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers_pwutil.c @@ -772,9 +775,9 @@ dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/dce.c defaults.lo: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \ $(devdir)/gram.h $(incdir)/compat/stdbool.h \ @@ -788,8 +791,9 @@ defaults.lo: $(srcdir)/defaults.c $(devdir)/def_data.c $(devdir)/def_data.h \ $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/defaults.c digestname.lo: $(srcdir)/digestname.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(srcdir)/parse.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h + $(incdir)/sudo_digest.h $(incdir)/sudo_queue.h \ + $(srcdir)/parse.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/digestname.c digestname.o: digestname.lo editor.lo: $(srcdir)/editor.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -797,18 +801,18 @@ editor.lo: $(srcdir)/editor.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/editor.c editor.o: editor.lo env.lo: $(srcdir)/env.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/env.c env_pattern.lo: $(srcdir)/env_pattern.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -816,15 +820,24 @@ env_pattern.lo: $(srcdir)/env_pattern.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/env_pattern.c env_pattern.o: env_pattern.lo +file.lo: $(srcdir)/file.c $(devdir)/def_data.h $(devdir)/gram.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/file.c filedigest.lo: $(srcdir)/filedigest.c $(devdir)/def_data.h \ - $(incdir)/compat/sha2.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_digest.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ @@ -832,35 +845,14 @@ filedigest.lo: $(srcdir)/filedigest.c $(devdir)/def_data.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/filedigest.c -filedigest_gcrypt.lo: $(srcdir)/filedigest_gcrypt.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/filedigest_gcrypt.c -filedigest_openssl.lo: $(srcdir)/filedigest_openssl.c $(devdir)/def_data.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/filedigest_openssl.c +filedigest.o: filedigest.lo find_path.lo: $(srcdir)/find_path.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/find_path.c @@ -881,16 +873,16 @@ fwtk.lo: $(authdir)/fwtk.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/fwtk.c gc.lo: $(srcdir)/gc.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/gc.c gentime.lo: $(srcdir)/gentime.c $(incdir)/compat/stdbool.h \ @@ -907,7 +899,7 @@ getspwuid.lo: $(srcdir)/getspwuid.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/getspwuid.c @@ -923,18 +915,19 @@ goodpath.lo: $(srcdir)/goodpath.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/goodpath.c goodpath.o: goodpath.lo gram.lo: $(devdir)/gram.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(srcdir)/toke.h $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_digest.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(srcdir)/toke.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(devdir)/gram.c group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -942,9 +935,10 @@ group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(incdir)/sudo_dso.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/group_plugin.c group_plugin.o: group_plugin.lo hexchar.lo: $(srcdir)/hexchar.c $(devdir)/def_data.h \ @@ -953,8 +947,9 @@ hexchar.lo: $(srcdir)/hexchar.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/hexchar.c hexchar.o: hexchar.lo interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h \ @@ -963,9 +958,10 @@ interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/interfaces.c interfaces.o: interfaces.lo iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -973,8 +969,9 @@ iolog.lo: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/iolog.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog.c iolog_path.lo: $(srcdir)/iolog_path.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -982,7 +979,7 @@ iolog_path.lo: $(srcdir)/iolog_path.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_path.c @@ -991,8 +988,8 @@ kerb5.lo: $(authdir)/kerb5.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/kerb5.c ldap.lo: $(srcdir)/ldap.c $(devdir)/def_data.h $(devdir)/gram.h \ @@ -1020,13 +1017,14 @@ ldap_conf.lo: $(srcdir)/ldap_conf.c $(devdir)/def_data.h \ ldap_util.lo: $(srcdir)/ldap_util.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_digest.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ + $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ + $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_ldap.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/ldap_util.c ldap_util.o: ldap_util.lo linux_audit.lo: $(srcdir)/linux_audit.c $(devdir)/def_data.h \ @@ -1035,7 +1033,7 @@ linux_audit.lo: $(srcdir)/linux_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/linux_audit.h $(srcdir)/logging.h \ + $(srcdir)/linux_audit.h $(srcdir)/logging.h $(srcdir)/parse.h \ $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h @@ -1053,8 +1051,9 @@ logging.lo: $(srcdir)/logging.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logging.c logwrap.lo: $(srcdir)/logwrap.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1062,8 +1061,9 @@ logwrap.lo: $(srcdir)/logwrap.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logwrap.c logwrap.o: logwrap.lo match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ @@ -1082,9 +1082,10 @@ match_addr.lo: $(srcdir)/match_addr.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/interfaces.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/match_addr.c match_addr.o: match_addr.lo mkdir_parents.lo: $(srcdir)/mkdir_parents.c $(devdir)/def_data.h \ @@ -1093,9 +1094,9 @@ mkdir_parents.lo: $(srcdir)/mkdir_parents.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mkdir_parents.c net_ifs.o: $(top_srcdir)/src/net_ifs.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -1107,19 +1108,10 @@ pam.lo: $(authdir)/pam.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/pam.c -file.lo: $(srcdir)/file.c $(devdir)/def_data.h $(devdir)/gram.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ - $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/file.c parse.lo: $(srcdir)/parse.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ @@ -1134,9 +1126,9 @@ passwd.lo: $(authdir)/passwd.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/passwd.c policy.lo: $(srcdir)/policy.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ @@ -1153,18 +1145,19 @@ prompt.lo: $(srcdir)/prompt.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/prompt.c pwutil.lo: $(srcdir)/pwutil.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/pwutil.h $(srcdir)/redblack.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/pwutil.h \ + $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/pwutil.c pwutil.o: pwutil.lo pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \ @@ -1173,17 +1166,17 @@ pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/pwutil.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/pwutil_impl.c pwutil_impl.o: pwutil_impl.lo rcstr.lo: $(srcdir)/rcstr.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/rcstr.c redblack.lo: $(srcdir)/redblack.c $(devdir)/def_data.h \ @@ -1192,9 +1185,9 @@ redblack.lo: $(srcdir)/redblack.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/redblack.c redblack.o: redblack.lo rfc1938.lo: $(authdir)/rfc1938.c $(devdir)/def_data.h \ @@ -1203,8 +1196,9 @@ rfc1938.lo: $(authdir)/rfc1938.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/rfc1938.c secureware.lo: $(authdir)/secureware.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1212,7 +1206,7 @@ secureware.lo: $(authdir)/secureware.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/secureware.c @@ -1222,7 +1216,7 @@ securid5.lo: $(authdir)/securid5.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/securid5.c @@ -1232,7 +1226,7 @@ set_perms.lo: $(srcdir)/set_perms.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/set_perms.c @@ -1240,9 +1234,9 @@ sia.lo: $(authdir)/sia.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/sia.c solaris_audit.lo: $(srcdir)/solaris_audit.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1250,10 +1244,10 @@ solaris_audit.lo: $(srcdir)/solaris_audit.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/solaris_audit.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/solaris_audit.c sssd.lo: $(srcdir)/sssd.c $(devdir)/def_data.h $(devdir)/gram.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1271,9 +1265,9 @@ starttime.lo: $(srcdir)/starttime.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/check.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/starttime.c starttime.o: starttime.lo stubs.o: $(srcdir)/stubs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ @@ -1281,8 +1275,9 @@ stubs.o: $(srcdir)/stubs.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/stubs.c sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1291,11 +1286,10 @@ sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/ins_2001.h \ $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \ - $(srcdir)/ins_goons.h $(srcdir)/insults.h $(srcdir)/logging.h \ - $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/ins_goons.h $(srcdir)/ins_python.h $(srcdir)/insults.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/sudo_auth.c sudo_nss.lo: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1303,9 +1297,9 @@ sudo_nss.lo: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudo_nss.c sudo_printf.o: $(srcdir)/sudo_printf.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ @@ -1319,9 +1313,9 @@ sudoers.lo: $(srcdir)/sudoers.c $(devdir)/def_data.h \ $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/auth/sudo_auth.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudoers.c sudoers_debug.lo: $(srcdir)/sudoers_debug.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1329,9 +1323,9 @@ sudoers_debug.lo: $(srcdir)/sudoers_debug.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/sudoers_debug.c sudoers_debug.o: sudoers_debug.lo sudoreplay.o: $(srcdir)/sudoreplay.c $(incdir)/compat/getopt.h \ @@ -1365,17 +1359,17 @@ timestamp.lo: $(srcdir)/timestamp.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/check.h $(srcdir)/defaults.h \ - $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/timestamp.c timestr.lo: $(srcdir)/timestr.c $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_queue.h $(srcdir)/parse.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/timestr.c toke.lo: $(devdir)/toke.c $(devdir)/def_data.h $(devdir)/gram.h \ - $(incdir)/compat/sha2.h $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_digest.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h $(incdir)/sudo_lbuf.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ @@ -1398,8 +1392,9 @@ tsdump.o: $(srcdir)/tsdump.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ $(srcdir)/check.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tsdump.c tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ @@ -1407,7 +1402,7 @@ tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(devdir)/def_data.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(srcdir)/sudoers_debug.h $(srcdir)/tsgetgrpw.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/tsgetgrpw.c diff --git a/plugins/sudoers/digestname.c b/plugins/sudoers/digestname.c index 575d523fc..1b4b3f809 100644 --- a/plugins/sudoers/digestname.c +++ b/plugins/sudoers/digestname.c @@ -20,6 +20,7 @@ #include #include "sudo_compat.h" +#include "sudo_digest.h" #include "sudoers_debug.h" #include "parse.h" diff --git a/plugins/sudoers/filedigest.c b/plugins/sudoers/filedigest.c index 117c3ce5a..c4ad8a369 100644 --- a/plugins/sudoers/filedigest.c +++ b/plugins/sudoers/filedigest.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2017 Todd C. Miller + * Copyright (c) 2013-2018 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -38,72 +38,30 @@ #include #include "sudoers.h" - -#ifdef HAVE_SHA224UPDATE -# include -#else -# include "compat/sha2.h" -#endif - -static struct digest_function { - const unsigned int digest_len; - void (*init)(SHA2_CTX *); -#ifdef SHA2_VOID_PTR - void (*update)(SHA2_CTX *, const void *, size_t); - void (*final)(void *, SHA2_CTX *); -#else - void (*update)(SHA2_CTX *, const unsigned char *, size_t); - void (*final)(unsigned char *, SHA2_CTX *); -#endif -} digest_functions[] = { - { - SHA224_DIGEST_LENGTH, - SHA224Init, - SHA224Update, - SHA224Final - }, { - SHA256_DIGEST_LENGTH, - SHA256Init, - SHA256Update, - SHA256Final - }, { - SHA384_DIGEST_LENGTH, - SHA384Init, - SHA384Update, - SHA384Final - }, { - SHA512_DIGEST_LENGTH, - SHA512Init, - SHA512Update, - SHA512Final - }, { - 0 - } -}; +#include "sudo_digest.h" unsigned char * sudo_filedigest(int fd, const char *file, int digest_type, size_t *digest_len) { - struct digest_function *func = NULL; unsigned char *file_digest = NULL; unsigned char buf[32 * 1024]; - size_t nread; - SHA2_CTX ctx; - int i, fd2; + struct sudo_digest *dig = NULL; FILE *fp = NULL; + size_t nread; + int fd2; debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL) - for (i = 0; digest_functions[i].digest_len != 0; i++) { - if (digest_type == i) { - func = &digest_functions[i]; - break; - } - } - if (func == NULL) { + *digest_len = sudo_digest_getlen(digest_type); + if (*digest_len == (size_t)-1) { sudo_warnx(U_("unsupported digest type %d for %s"), digest_type, file); goto bad; } + if ((dig = sudo_digest_alloc(digest_type)) == NULL) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto bad; + } + if ((fd2 = dup(fd)) == -1) { sudo_debug_printf(SUDO_DEBUG_INFO, "unable to dup %s: %s", file, strerror(errno)); @@ -115,25 +73,25 @@ sudo_filedigest(int fd, const char *file, int digest_type, size_t *digest_len) close(fd2); goto bad; } - if ((file_digest = malloc(func->digest_len)) == NULL) { + if ((file_digest = malloc(*digest_len)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto bad; } - func->init(&ctx); while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { - func->update(&ctx, buf, nread); + sudo_digest_update(dig, buf, nread); } if (ferror(fp)) { sudo_warnx(U_("%s: read error"), file); goto bad; } - func->final(file_digest, &ctx); + sudo_digest_final(dig, file_digest); + sudo_digest_free(dig); fclose(fp); - *digest_len = func->digest_len; debug_return_ptr(file_digest); bad: + sudo_digest_free(dig); free(file_digest); if (fp != NULL) fclose(fp); diff --git a/plugins/sudoers/filedigest_gcrypt.c b/plugins/sudoers/filedigest_gcrypt.c deleted file mode 100644 index 4721cf548..000000000 --- a/plugins/sudoers/filedigest_gcrypt.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2017 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include - -#include - -#include -#include -#ifdef HAVE_STRING_H -# include -#endif /* HAVE_STRING_H */ -#ifdef HAVE_STRINGS_H -# include -#endif /* HAVE_STRINGS_H */ -#include -#include -#include - -#include - -#include "sudoers.h" - -unsigned char * -sudo_filedigest(int fd, const char *file, int digest_type, size_t *digest_lenp) -{ - unsigned char *file_digest = NULL; - unsigned char buf[32 * 1024]; - int fd2, gcry_digest_type; - size_t digest_len, nread; - gcry_error_t error; - gcry_md_hd_t ctx; - FILE *fp = NULL; - debug_decl(sudo_filedigest, SUDOERS_DEBUG_UTIL) - - switch (digest_type) { - case SUDO_DIGEST_SHA224: - gcry_digest_type = GCRY_MD_SHA224; - break; - case SUDO_DIGEST_SHA256: - gcry_digest_type = GCRY_MD_SHA256; - break; - case SUDO_DIGEST_SHA384: - gcry_digest_type = GCRY_MD_SHA384; - break; - case SUDO_DIGEST_SHA512: - gcry_digest_type = GCRY_MD_SHA512; - break; - default: - sudo_warnx(U_("unsupported digest type %d for %s"), digest_type, file); - debug_return_ptr(NULL); - } - - error = gcry_md_open(&ctx, gcry_digest_type, 0); - if (error != 0) { - sudo_warnx(U_("%s: %s"), digest_type_to_name(digest_type), - gcry_strerror(error)); - goto bad; - } - digest_len = gcry_md_get_algo_dlen(gcry_digest_type); - - if ((fd2 = dup(fd)) == -1) { - sudo_debug_printf(SUDO_DEBUG_INFO, "unable to dup %s: %s", - file, strerror(errno)); - goto bad; - } - if ((fp = fdopen(fd2, "r")) == NULL) { - sudo_debug_printf(SUDO_DEBUG_INFO, "unable to fdopen %s: %s", - file, strerror(errno)); - close(fd2); - goto bad; - } - if ((file_digest = malloc(digest_len)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto bad; - } - - while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) { - gcry_md_write(ctx, buf, nread); - } - if (ferror(fp)) { - sudo_warnx(U_("%s: read error"), file); - goto bad; - } - gcry_md_final(ctx); - fclose(fp); - - memcpy(file_digest, gcry_md_read(ctx, 0), digest_len); - *digest_lenp = digest_len; - debug_return_ptr(file_digest); -bad: - free(file_digest); - gcry_md_close(ctx); - if (fp != NULL) - fclose(fp); - debug_return_ptr(NULL); -} diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 12155f5ba..52df29a75 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -84,6 +84,7 @@ #include #include "sudoers.h" +#include "sudo_digest.h" #include "toke.h" /* If we last saw a newline the entry is on the preceding line. */ @@ -108,8 +109,8 @@ static bool add_defaults(int, struct member *, struct defaults *); static bool add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, short); static struct member *new_member(char *, int); -static struct sudo_digest *new_digest(int, char *); -#line 76 "gram.y" +static struct command_digest *new_digest(int, char *); +#line 77 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -118,7 +119,7 @@ typedef union { struct member *member; struct runascontainer *runas; struct privilege *privilege; - struct sudo_digest *digest; + struct command_digest *digest; struct sudo_command command; struct command_options options; struct cmndtag tag; @@ -126,7 +127,7 @@ typedef union { int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -#line 129 "gram.c" +#line 130 "gram.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 @@ -666,7 +667,7 @@ short *yysslim; YYSTYPE *yyvs; unsigned int yystacksize; int yyparse(void); -#line 898 "gram.y" +#line 899 "gram.y" void sudoerserror(const char *s) { @@ -739,28 +740,28 @@ new_member(char *name, int type) debug_return_ptr(m); } -static struct sudo_digest * +static struct command_digest * new_digest(int digest_type, char *digest_str) { - struct sudo_digest *dig; + struct command_digest *digest; debug_decl(new_digest, SUDOERS_DEBUG_PARSER) - if ((dig = malloc(sizeof(*dig))) == NULL) { + if ((digest = malloc(sizeof(*digest))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); debug_return_ptr(NULL); } - dig->digest_type = digest_type; - dig->digest_str = digest_str; - if (dig->digest_str == NULL) { + digest->digest_type = digest_type; + digest->digest_str = digest_str; + if (digest->digest_str == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); - free(dig); - dig = NULL; + free(digest); + digest = NULL; } - debug_return_ptr(dig); + debug_return_ptr(digest); } /* @@ -1062,7 +1063,7 @@ init_options(struct command_options *opts) opts->limitprivs = NULL; #endif } -#line 1013 "gram.c" +#line 1014 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1271,23 +1272,23 @@ yyreduce: switch (yyn) { case 1: -#line 174 "gram.y" +#line 175 "gram.y" { ; } break; case 5: -#line 182 "gram.y" +#line 183 "gram.y" { ; } break; case 6: -#line 185 "gram.y" +#line 186 "gram.y" { yyerrok; } break; case 7: -#line 188 "gram.y" +#line 189 "gram.y" { if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) { sudoerserror(N_("unable to allocate memory")); @@ -1296,73 +1297,73 @@ case 7: } break; case 8: -#line 194 "gram.y" +#line 195 "gram.y" { ; } break; case 9: -#line 197 "gram.y" +#line 198 "gram.y" { ; } break; case 10: -#line 200 "gram.y" +#line 201 "gram.y" { ; } break; case 11: -#line 203 "gram.y" +#line 204 "gram.y" { ; } break; case 12: -#line 206 "gram.y" +#line 207 "gram.y" { if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults)) YYERROR; } break; case 13: -#line 210 "gram.y" +#line 211 "gram.y" { if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 14: -#line 214 "gram.y" +#line 215 "gram.y" { if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 15: -#line 218 "gram.y" +#line 219 "gram.y" { if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 16: -#line 222 "gram.y" +#line 223 "gram.y" { if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults)) YYERROR; } break; case 18: -#line 229 "gram.y" +#line 230 "gram.y" { HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 235 "gram.y" +#line 236 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); if (yyval.defaults == NULL) { @@ -1372,7 +1373,7 @@ case 19: } break; case 20: -#line 242 "gram.y" +#line 243 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); if (yyval.defaults == NULL) { @@ -1382,7 +1383,7 @@ case 20: } break; case 21: -#line 249 "gram.y" +#line 250 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); if (yyval.defaults == NULL) { @@ -1392,7 +1393,7 @@ case 21: } break; case 22: -#line 256 "gram.y" +#line 257 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); if (yyval.defaults == NULL) { @@ -1402,7 +1403,7 @@ case 22: } break; case 23: -#line 263 "gram.y" +#line 264 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); if (yyval.defaults == NULL) { @@ -1412,14 +1413,14 @@ case 23: } break; case 25: -#line 273 "gram.y" +#line 274 "gram.y" { HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 279 "gram.y" +#line 280 "gram.y" { struct privilege *p = calloc(1, sizeof(*p)); if (p == NULL) { @@ -1434,21 +1435,21 @@ case 26: } break; case 27: -#line 293 "gram.y" +#line 294 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: -#line 297 "gram.y" +#line 298 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: -#line 303 "gram.y" +#line 304 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1458,7 +1459,7 @@ case 29: } break; case 30: -#line 310 "gram.y" +#line 311 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1468,7 +1469,7 @@ case 30: } break; case 31: -#line 317 "gram.y" +#line 318 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -1478,7 +1479,7 @@ case 31: } break; case 32: -#line 324 "gram.y" +#line 325 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); if (yyval.member == NULL) { @@ -1488,7 +1489,7 @@ case 32: } break; case 33: -#line 331 "gram.y" +#line 332 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -1498,7 +1499,7 @@ case 33: } break; case 35: -#line 341 "gram.y" +#line 342 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); @@ -1552,7 +1553,7 @@ case 35: } break; case 36: -#line 394 "gram.y" +#line 395 "gram.y" { struct cmndspec *cs = calloc(1, sizeof(*cs)); if (cs == NULL) { @@ -1604,7 +1605,7 @@ case 36: } break; case 37: -#line 445 "gram.y" +#line 446 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1614,7 +1615,7 @@ case 37: } break; case 38: -#line 452 "gram.y" +#line 453 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1624,7 +1625,7 @@ case 38: } break; case 39: -#line 459 "gram.y" +#line 460 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1634,7 +1635,7 @@ case 39: } break; case 40: -#line 466 "gram.y" +#line 467 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1644,13 +1645,13 @@ case 40: } break; case 41: -#line 475 "gram.y" +#line 476 "gram.y" { yyval.member = yyvsp[0].member; } break; case 42: -#line 478 "gram.y" +#line 479 "gram.y" { if (yyvsp[0].member->type != COMMAND) { sudoerserror(N_("a digest requires a path name")); @@ -1662,75 +1663,75 @@ case 42: } break; case 43: -#line 489 "gram.y" +#line 490 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 44: -#line 493 "gram.y" +#line 494 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 45: -#line 499 "gram.y" +#line 500 "gram.y" { yyval.string = yyvsp[0].string; } break; case 46: -#line 504 "gram.y" +#line 505 "gram.y" { yyval.string = yyvsp[0].string; } break; case 47: -#line 508 "gram.y" +#line 509 "gram.y" { yyval.string = yyvsp[0].string; } break; case 48: -#line 513 "gram.y" +#line 514 "gram.y" { yyval.string = yyvsp[0].string; } break; case 49: -#line 518 "gram.y" +#line 519 "gram.y" { yyval.string = yyvsp[0].string; } break; case 50: -#line 523 "gram.y" +#line 524 "gram.y" { yyval.string = yyvsp[0].string; } break; case 51: -#line 527 "gram.y" +#line 528 "gram.y" { yyval.string = yyvsp[0].string; } break; case 52: -#line 532 "gram.y" +#line 533 "gram.y" { yyval.runas = NULL; } break; case 53: -#line 535 "gram.y" +#line 536 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; case 54: -#line 540 "gram.y" +#line 541 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1748,7 +1749,7 @@ case 54: } break; case 55: -#line 555 "gram.y" +#line 556 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1760,7 +1761,7 @@ case 55: } break; case 56: -#line 564 "gram.y" +#line 565 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1772,7 +1773,7 @@ case 56: } break; case 57: -#line 573 "gram.y" +#line 574 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1784,7 +1785,7 @@ case 57: } break; case 58: -#line 582 "gram.y" +#line 583 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1802,13 +1803,13 @@ case 58: } break; case 59: -#line 599 "gram.y" +#line 600 "gram.y" { init_options(&yyval.options); } break; case 60: -#line 602 "gram.y" +#line 603 "gram.y" { yyval.options.notbefore = parse_gentime(yyvsp[0].string); free(yyvsp[0].string); @@ -1819,7 +1820,7 @@ case 60: } break; case 61: -#line 610 "gram.y" +#line 611 "gram.y" { yyval.options.notafter = parse_gentime(yyvsp[0].string); free(yyvsp[0].string); @@ -1830,7 +1831,7 @@ case 61: } break; case 62: -#line 618 "gram.y" +#line 619 "gram.y" { yyval.options.timeout = parse_timeout(yyvsp[0].string); free(yyvsp[0].string); @@ -1844,7 +1845,7 @@ case 62: } break; case 63: -#line 629 "gram.y" +#line 630 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.role); @@ -1853,7 +1854,7 @@ case 63: } break; case 64: -#line 635 "gram.y" +#line 636 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.type); @@ -1862,7 +1863,7 @@ case 64: } break; case 65: -#line 641 "gram.y" +#line 642 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.privs); @@ -1871,7 +1872,7 @@ case 65: } break; case 66: -#line 647 "gram.y" +#line 648 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.limitprivs); @@ -1880,97 +1881,97 @@ case 66: } break; case 67: -#line 655 "gram.y" +#line 656 "gram.y" { TAGS_INIT(yyval.tag); } break; case 68: -#line 658 "gram.y" +#line 659 "gram.y" { yyval.tag.nopasswd = true; } break; case 69: -#line 661 "gram.y" +#line 662 "gram.y" { yyval.tag.nopasswd = false; } break; case 70: -#line 664 "gram.y" +#line 665 "gram.y" { yyval.tag.noexec = true; } break; case 71: -#line 667 "gram.y" +#line 668 "gram.y" { yyval.tag.noexec = false; } break; case 72: -#line 670 "gram.y" +#line 671 "gram.y" { yyval.tag.setenv = true; } break; case 73: -#line 673 "gram.y" +#line 674 "gram.y" { yyval.tag.setenv = false; } break; case 74: -#line 676 "gram.y" +#line 677 "gram.y" { yyval.tag.log_input = true; } break; case 75: -#line 679 "gram.y" +#line 680 "gram.y" { yyval.tag.log_input = false; } break; case 76: -#line 682 "gram.y" +#line 683 "gram.y" { yyval.tag.log_output = true; } break; case 77: -#line 685 "gram.y" +#line 686 "gram.y" { yyval.tag.log_output = false; } break; case 78: -#line 688 "gram.y" +#line 689 "gram.y" { yyval.tag.follow = true; } break; case 79: -#line 691 "gram.y" +#line 692 "gram.y" { yyval.tag.follow = false; } break; case 80: -#line 694 "gram.y" +#line 695 "gram.y" { yyval.tag.send_mail = true; } break; case 81: -#line 697 "gram.y" +#line 698 "gram.y" { yyval.tag.send_mail = false; } break; case 82: -#line 702 "gram.y" +#line 703 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1980,7 +1981,7 @@ case 82: } break; case 83: -#line 709 "gram.y" +#line 710 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1990,7 +1991,7 @@ case 83: } break; case 84: -#line 716 "gram.y" +#line 717 "gram.y" { struct sudo_command *c = calloc(1, sizeof(*c)); if (c == NULL) { @@ -2008,7 +2009,7 @@ case 84: } break; case 87: -#line 737 "gram.y" +#line 738 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, HOSTALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -2019,14 +2020,14 @@ case 87: } break; case 89: -#line 748 "gram.y" +#line 749 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 92: -#line 758 "gram.y" +#line 759 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, CMNDALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -2037,14 +2038,14 @@ case 92: } break; case 94: -#line 769 "gram.y" +#line 770 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 97: -#line 779 "gram.y" +#line 780 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, RUNASALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -2055,7 +2056,7 @@ case 97: } break; case 100: -#line 793 "gram.y" +#line 794 "gram.y" { const char *s; s = alias_add(yyvsp[-2].string, USERALIAS, sudoers, this_lineno, yyvsp[0].member); @@ -2066,28 +2067,28 @@ case 100: } break; case 102: -#line 804 "gram.y" +#line 805 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 103: -#line 810 "gram.y" +#line 811 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 104: -#line 814 "gram.y" +#line 815 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 105: -#line 820 "gram.y" +#line 821 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2097,7 +2098,7 @@ case 105: } break; case 106: -#line 827 "gram.y" +#line 828 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2107,7 +2108,7 @@ case 106: } break; case 107: -#line 834 "gram.y" +#line 835 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -2117,7 +2118,7 @@ case 107: } break; case 108: -#line 841 "gram.y" +#line 842 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); if (yyval.member == NULL) { @@ -2127,7 +2128,7 @@ case 108: } break; case 109: -#line 848 "gram.y" +#line 849 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2137,28 +2138,28 @@ case 109: } break; case 111: -#line 858 "gram.y" +#line 859 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; case 112: -#line 864 "gram.y" +#line 865 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 113: -#line 868 "gram.y" +#line 869 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 114: -#line 874 "gram.y" +#line 875 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2168,7 +2169,7 @@ case 114: } break; case 115: -#line 881 "gram.y" +#line 882 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2178,7 +2179,7 @@ case 115: } break; case 116: -#line 888 "gram.y" +#line 889 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2187,7 +2188,7 @@ case 116: } } break; -#line 2138 "gram.c" +#line 2139 "gram.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/gram.h b/plugins/sudoers/gram.h index d9fe6e9a6..c53f97a0f 100644 --- a/plugins/sudoers/gram.h +++ b/plugins/sudoers/gram.h @@ -52,7 +52,7 @@ typedef union { struct member *member; struct runascontainer *runas; struct privilege *privilege; - struct sudo_digest *digest; + struct command_digest *digest; struct sudo_command command; struct command_options options; struct cmndtag tag; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 8c285e661..7e3a1ef2a 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -46,6 +46,7 @@ #include #include "sudoers.h" +#include "sudo_digest.h" #include "toke.h" /* If we last saw a newline the entry is on the preceding line. */ @@ -70,7 +71,7 @@ static bool add_defaults(int, struct member *, struct defaults *); static bool add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, short); static struct member *new_member(char *, int); -static struct sudo_digest *new_digest(int, char *); +static struct command_digest *new_digest(int, char *); %} %union { @@ -79,7 +80,7 @@ static struct sudo_digest *new_digest(int, char *); struct member *member; struct runascontainer *runas; struct privilege *privilege; - struct sudo_digest *digest; + struct command_digest *digest; struct sudo_command command; struct command_options options; struct cmndtag tag; @@ -967,28 +968,28 @@ new_member(char *name, int type) debug_return_ptr(m); } -static struct sudo_digest * +static struct command_digest * new_digest(int digest_type, char *digest_str) { - struct sudo_digest *dig; + struct command_digest *digest; debug_decl(new_digest, SUDOERS_DEBUG_PARSER) - if ((dig = malloc(sizeof(*dig))) == NULL) { + if ((digest = malloc(sizeof(*digest))) == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); debug_return_ptr(NULL); } - dig->digest_type = digest_type; - dig->digest_str = digest_str; - if (dig->digest_str == NULL) { + digest->digest_type = digest_type; + digest->digest_str = digest_str; + if (digest->digest_str == NULL) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "unable to allocate memory"); - free(dig); - dig = NULL; + free(digest); + digest = NULL; } - debug_return_ptr(dig); + debug_return_ptr(digest); } /* diff --git a/plugins/sudoers/ldap_util.c b/plugins/sudoers/ldap_util.c index 21f5d8527..b2a1d2107 100644 --- a/plugins/sudoers/ldap_util.c +++ b/plugins/sudoers/ldap_util.c @@ -37,6 +37,7 @@ #include "gram.h" #include "sudo_lbuf.h" #include "sudo_ldap.h" +#include "sudo_digest.h" /* * Returns true if the string pointed to by valp begins with an @@ -489,7 +490,7 @@ sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers, if (cmndspec->tags.setenv == UNSPEC) cmndspec->tags.setenv = IMPLIED; } else { - struct sudo_digest digest; + struct command_digest digest; char *args; m->type = COMMAND; @@ -524,12 +525,12 @@ oom: } /* - * If a digest prefix is present, fills in struct sudo_digest + * If a digest prefix is present, fills in struct command_digest * and returns a pointer to it, updating cmnd to point to the * command after the digest. */ -struct sudo_digest * -sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest) +struct command_digest * +sudo_ldap_extract_digest(char **cmnd, struct command_digest *digest) { char *ep, *cp = *cmnd; int digest_type = SUDO_DIGEST_INVALID; diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index 4fd77a868..f0a8e9c40 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -75,13 +75,13 @@ static struct member_list empty = TAILQ_HEAD_INITIALIZER(empty); -static bool command_matches_dir(const char *sudoers_dir, size_t dlen, const struct sudo_digest *digest); +static bool command_matches_dir(const char *sudoers_dir, size_t dlen, const struct command_digest *digest); #ifndef SUDOERS_NAME_MATCH -static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); +static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest); #endif -static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); -static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); -static bool digest_matches(int fd, const char *file, const struct sudo_digest *sd); +static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest); +static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest); +static bool digest_matches(int fd, const char *file, const struct command_digest *digest); /* * Returns true if string 's' contains meta characters. @@ -425,7 +425,7 @@ command_args_match(const char *sudoers_cmnd, const char *sudoers_args) * otherwise, return true if user_cmnd names one of the inodes in path. */ bool -command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) +command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest) { bool rc = false; debug_decl(command_matches, SUDOERS_DEBUG_MATCH) @@ -512,7 +512,7 @@ is_script(int fd) * Returns false on error, else true. */ static bool -open_cmnd(const char *path, const struct sudo_digest *digest, int *fdp) +open_cmnd(const char *path, const struct command_digest *digest, int *fdp) { int fd = -1; debug_decl(open_cmnd, SUDOERS_DEBUG_MATCH) @@ -580,7 +580,7 @@ set_cmnd_fd(int fd) static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args, - const struct sudo_digest *digest) + const struct command_digest *digest) { struct stat sb; /* XXX - unused */ int fd = -1; @@ -621,7 +621,7 @@ bad: #ifndef SUDOERS_NAME_MATCH static bool command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args, - const struct sudo_digest *digest) + const struct command_digest *digest) { struct stat sudoers_stat; bool bad_digest = false; @@ -751,7 +751,7 @@ done: #ifdef SUDOERS_NAME_MATCH static bool -command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) +command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest) { size_t dlen; debug_decl(command_matches_normal, SUDOERS_DEBUG_MATCH) @@ -776,7 +776,7 @@ command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const #else /* !SUDOERS_NAME_MATCH */ static bool -digest_matches(int fd, const char *file, const struct sudo_digest *sd) +digest_matches(int fd, const char *file, const struct command_digest *digest) { unsigned char *file_digest = NULL; unsigned char *sudoers_digest = NULL; @@ -784,7 +784,7 @@ digest_matches(int fd, const char *file, const struct sudo_digest *sd) size_t digest_len; debug_decl(digest_matches, SUDOERS_DEBUG_MATCH) - file_digest = sudo_filedigest(fd, file, sd->digest_type, &digest_len); + file_digest = sudo_filedigest(fd, file, digest->digest_type, &digest_len); if (lseek(fd, (off_t)0, SEEK_SET) == -1) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO, "unable to rewind digest fd"); @@ -799,18 +799,18 @@ digest_matches(int fd, const char *file, const struct sudo_digest *sd) sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); goto done; } - if (strlen(sd->digest_str) == digest_len * 2) { + if (strlen(digest->digest_str) == digest_len * 2) { /* Convert ascii hex to binary. */ unsigned int i; for (i = 0; i < digest_len; i++) { - const int h = hexchar(&sd->digest_str[i + i]); + const int h = hexchar(&digest->digest_str[i + i]); if (h == -1) goto bad_format; sudoers_digest[i] = (unsigned char)h; } } else { /* Convert base64 to binary. */ - size_t len = base64_decode(sd->digest_str, sudoers_digest, digest_len); + size_t len = base64_decode(digest->digest_str, sudoers_digest, digest_len); if (len != digest_len) { sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, "incorrect length for digest, expected %zu, got %zu", @@ -824,13 +824,13 @@ digest_matches(int fd, const char *file, const struct sudo_digest *sd) } else { sudo_debug_printf(SUDO_DEBUG_DIAG|SUDO_DEBUG_LINENO, "%s digest mismatch for %s, expecting %s", - digest_type_to_name(sd->digest_type), file, sd->digest_str); + digest_type_to_name(digest->digest_type), file, digest->digest_str); } goto done; bad_format: sudo_warnx(U_("digest for %s (%s) is not in %s form"), file, - sd->digest_str, digest_type_to_name(sd->digest_type)); + digest->digest_str, digest_type_to_name(digest->digest_type)); done: free(sudoers_digest); free(file_digest); @@ -838,7 +838,7 @@ done: } static bool -command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) +command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest) { struct stat sudoers_stat; const char *base; @@ -903,7 +903,7 @@ bad: */ static bool command_matches_dir(const char *sudoers_dir, size_t dlen, - const struct sudo_digest *digest) + const struct command_digest *digest) { debug_decl(command_matches_dir, SUDOERS_DEBUG_MATCH) /* XXX - check digest */ @@ -915,7 +915,7 @@ command_matches_dir(const char *sudoers_dir, size_t dlen, */ static bool command_matches_dir(const char *sudoers_dir, size_t dlen, - const struct sudo_digest *digest) + const struct command_digest *digest) { struct stat sudoers_stat; struct dirent *dent; diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 51203baa2..1216f2823 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -77,13 +77,7 @@ ((cs1)->runasuserlist != (cs2)->runasuserlist || \ (cs1)->runasgrouplist != (cs2)->runasgrouplist) -#define SUDO_DIGEST_SHA224 0 -#define SUDO_DIGEST_SHA256 1 -#define SUDO_DIGEST_SHA384 2 -#define SUDO_DIGEST_SHA512 3 -#define SUDO_DIGEST_INVALID 4 - -struct sudo_digest { +struct command_digest { unsigned int digest_type; char *digest_str; }; @@ -95,7 +89,7 @@ struct sudo_digest { struct sudo_command { char *cmnd; char *args; - struct sudo_digest *digest; + struct command_digest *digest; }; /* @@ -280,7 +274,7 @@ bool addr_matches(char *n); /* match.c */ struct group; struct passwd; -bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); +bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct command_digest *digest); bool group_matches(const char *sudoers_group, const struct group *gr); bool hostname_matches(const char *shost, const char *lhost, const char *pattern); bool netgr_matches(const char *netgr, const char *lhost, const char *shost, const char *user); diff --git a/plugins/sudoers/regress/parser/check_digest.c b/plugins/sudoers/regress/parser/check_digest.c index ec744eb2c..0d49a35df 100644 --- a/plugins/sudoers/regress/parser/check_digest.c +++ b/plugins/sudoers/regress/parser/check_digest.c @@ -41,6 +41,7 @@ #include "sudo_compat.h" #include "sudo_fatal.h" #include "sudo_queue.h" +#include "sudo_digest.h" #include "sudo_util.h" #include "parse.h" diff --git a/plugins/sudoers/sudo_ldap.h b/plugins/sudoers/sudo_ldap.h index 38639341e..7298ee01e 100644 --- a/plugins/sudoers/sudo_ldap.h +++ b/plugins/sudoers/sudo_ldap.h @@ -25,6 +25,6 @@ bool sudo_ldap_is_negated(char **valp); bool sudo_ldap_add_default(const char *var, const char *val, int op, char *source, struct defaults_list *defs); int sudo_ldap_parse_option(char *optstr, char **varp, char **valp); struct privilege *sudo_ldap_role_to_priv(const char *cn, void *hosts, void *runasusers, void *runasgroups, void *cmnds, void *opts, const char *notbefore, const char *notafter, bool warnings, bool store_options, sudo_ldap_iter_t iter); -struct sudo_digest *sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest); +struct command_digest *sudo_ldap_extract_digest(char **cmnd, struct command_digest *digest); #endif /* SUDOERS_LDAP_H */ diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 02d8d5b0f..991954c30 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -1,9 +1,15 @@ #include + +#line 3 "lex.sudoers.c" + +#define YY_INT_ALIGNED short int + +/* $OpenBSD: flex.skl,v 1.16 2017/05/02 19:16:19 millert Exp $ */ + +/* A lexical scanner generated by flex */ + #define yy_create_buffer sudoers_create_buffer #define yy_delete_buffer sudoers_delete_buffer -#define yy_scan_buffer sudoers_scan_buffer -#define yy_scan_string sudoers_scan_string -#define yy_scan_bytes sudoers_scan_bytes #define yy_flex_debug sudoers_flex_debug #define yy_init_buffer sudoers_init_buffer #define yy_flush_buffer sudoers_flush_buffer @@ -12,77 +18,120 @@ #define yyin sudoersin #define yyleng sudoersleng #define yylex sudoerslex +#define yylineno sudoerslineno #define yyout sudoersout #define yyrestart sudoersrestart #define yytext sudoerstext - -/* $OpenBSD: flex.skl,v 1.12 2013/11/04 17:03:32 millert Exp $ */ - -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - * $Header: /cvs/src/usr.bin/lex/flex.skl,v 1.12 2013/11/04 17:03:32 millert Exp $ - */ +#define yywrap sudoerswrap +#define yyalloc sudoersalloc +#define yyrealloc sudoersrealloc +#define yyfree sudoersfree #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 +#define YY_FLEX_SUBMINOR_VERSION 39 +#if YY_FLEX_SUBMINOR_VERSION > 0 +#define FLEX_BETA +#endif + +/* First, we deal with platform-specific or compiler-specific issues. */ +/* begin standard C headers. */ #include +#include #include +#include +/* end standard C headers. */ -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif +/* $OpenBSD: flexint.h,v 1.1 2015/11/19 19:43:40 tedu Exp $ */ + +/* flex integer type definitions */ + +#ifndef FLEXINT_H +#define FLEXINT_H + +/* C99 systems have . Non-C99 systems may or may not. */ + +#if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L + +/* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, + * if you want the limit (max/min) macros for int types. + */ +#ifndef __STDC_LIMIT_MACROS +#define __STDC_LIMIT_MACROS 1 #endif +#include +typedef int8_t flex_int8_t; +typedef uint8_t flex_uint8_t; +typedef int16_t flex_int16_t; +typedef uint16_t flex_uint16_t; +typedef int32_t flex_int32_t; +typedef uint32_t flex_uint32_t; +#else +typedef signed char flex_int8_t; +typedef short int flex_int16_t; +typedef int flex_int32_t; +typedef unsigned char flex_uint8_t; +typedef unsigned short int flex_uint16_t; +typedef unsigned int flex_uint32_t; + +/* Limits of integral types. */ +#ifndef INT8_MIN +#define INT8_MIN (-128) +#endif +#ifndef INT16_MIN +#define INT16_MIN (-32767-1) +#endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif +#ifndef INT8_MAX +#define INT8_MAX (127) +#endif +#ifndef INT16_MAX +#define INT16_MAX (32767) +#endif +#ifndef INT32_MAX +#define INT32_MAX (2147483647) +#endif +#ifndef UINT8_MAX +#define UINT8_MAX (255U) +#endif +#ifndef UINT16_MAX +#define UINT16_MAX (65535U) +#endif +#ifndef UINT32_MAX +#define UINT32_MAX (4294967295U) +#endif -#ifdef __cplusplus +#endif /* ! C99 */ -#include -#include +#endif /* ! FLEXINT_H */ -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS +#ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ -#ifdef __STDC__ +/* C99 requires __STDC__ to be defined as 1. */ +#if defined (__STDC__) -#define YY_USE_PROTOS #define YY_USE_CONST -#endif /* __STDC__ */ +#endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - /* Returned upon end-of-file. */ #define YY_NULL 0 @@ -97,71 +146,71 @@ * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ -#define BEGIN yy_start = 1 + 2 * +#define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ -#define YY_START ((yy_start - 1) / 2) +#define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) +#define YY_NEW_FILE sudoersrestart(sudoersin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ +#ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 +#endif + +/* The state buf must be large enough to hold one state per character in the main buffer. + */ +#define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) +#ifndef YY_TYPEDEF_YY_BUFFER_STATE +#define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; +#endif + +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif -extern int yyleng; -extern FILE *yyin, *yyout; +extern yy_size_t sudoersleng; + +extern FILE *sudoersin, *sudoersout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - + #define YY_LESS_LINENO(n) + #define YY_LINENO_REWIND_TO(ptr) + +/* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ + /* Undo effects of setting up sudoerstext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ - yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up sudoerstext again */ \ } \ while ( 0 ) -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - +#define unput(c) yyunput( c, (yytext_ptr) ) +#ifndef YY_STRUCT_YY_BUFFER_STATE +#define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; @@ -177,7 +226,7 @@ struct yy_buffer_state /* Number of characters read into yy_ch_buf, not including EOB * characters. */ - int yy_n_chars; + yy_size_t yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to @@ -198,12 +247,16 @@ struct yy_buffer_state */ int yy_at_bol; + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ + /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; + #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process @@ -213,102 +266,138 @@ struct yy_buffer_state * possible backing-up. * * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. + * (via sudoersrestart()), so that the user can continue scanning by + * just pointing sudoersin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 + }; +#endif /* !YY_STRUCT_YY_BUFFER_STATE */ -static YY_BUFFER_STATE yy_current_buffer = 0; +/* Stack of input buffers. */ +static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ +static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". + * + * Returns the top of the stack, or NULL. */ -#define YY_CURRENT_BUFFER yy_current_buffer +#define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +/* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +#define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] -/* yy_hold_char holds the character lost when yytext is formed. */ +/* yy_hold_char holds the character lost when sudoerstext is formed. */ static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; +static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ +yy_size_t sudoersleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ +static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... +/* Flag which is used to allow sudoerswrap()'s to do buffer switches + * instead of setting up a fresh sudoersin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; -void yyrestart YY_PROTO(( FILE *input_file )); +void sudoersrestart (FILE *input_file ); +void sudoers_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE sudoers_create_buffer (FILE *file,int size ); +void sudoers_delete_buffer (YY_BUFFER_STATE b ); +void sudoers_flush_buffer (YY_BUFFER_STATE b ); +void sudoerspush_buffer_state (YY_BUFFER_STATE new_buffer ); +void sudoerspop_buffer_state (void ); -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) +static void sudoersensure_buffer_stack (void ); +static void sudoers_load_buffer_state (void ); +static void sudoers_init_buffer (YY_BUFFER_STATE b,FILE *file ); -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); +#define YY_FLUSH_BUFFER sudoers_flush_buffer(YY_CURRENT_BUFFER ) -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); +YY_BUFFER_STATE sudoers_scan_buffer (char *base,yy_size_t size ); +YY_BUFFER_STATE sudoers_scan_string (yyconst char *yy_str ); +YY_BUFFER_STATE sudoers_scan_bytes (yyconst char *bytes,yy_size_t len ); -#define yy_new_buffer yy_create_buffer +void *sudoersalloc (yy_size_t ); +void *sudoersrealloc (void *,yy_size_t ); +void sudoersfree (void * ); + +#define yy_new_buffer sudoers_create_buffer #define yy_set_interactive(is_interactive) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ + if ( ! YY_CURRENT_BUFFER ){ \ + sudoersensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + sudoers_create_buffer(sudoersin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ + if ( ! YY_CURRENT_BUFFER ){\ + sudoersensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ + sudoers_create_buffer(sudoersin,YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) +#define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) +/* Begin user sect3 */ -#define yywrap() 1 +#define sudoerswrap() 1 #define YY_SKIP_YYWRAP + typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; + +FILE *sudoersin = (FILE *) 0, *sudoersout = (FILE *) 0; + typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); +extern int sudoerslineno; + +int sudoerslineno = 1; + +extern char *sudoerstext; +#define yytext_ptr sudoerstext + +static yy_state_type yy_get_previous_state (void ); +static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +static int yy_get_next_buffer (void ); +static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. + * corresponding action - sets up sudoerstext. */ #define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ + (yytext_ptr) = yy_bp; \ + sudoersleng = (size_t) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; + (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 74 #define YY_END_OF_BUFFER 75 -static yyconst short int yy_accept[882] = +/* This struct is not used in this scanner, + but its presence is necessary. */ +struct yy_trans_info + { + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +static yyconst flex_int16_t yy_accept[882] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75, 62, 70, 69, 68, 61, @@ -409,7 +498,7 @@ static yyconst short int yy_accept[882] = 0 } ; -static yyconst int yy_ec[256] = +static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -441,7 +530,7 @@ static yyconst int yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst int yy_meta[72] = +static yyconst flex_int32_t yy_meta[72] = { 0, 1, 2, 3, 4, 5, 6, 1, 7, 7, 1, 8, 9, 10, 11, 12, 13, 13, 13, 13, 13, @@ -453,7 +542,7 @@ static yyconst int yy_meta[72] = 21 } ; -static yyconst short int yy_base[999] = +static yyconst flex_int16_t yy_base[999] = { 0, 0, 70, 72, 80, 126, 131, 183, 253, 161, 205, 86, 94, 324, 0, 4976, 4918, 4967, 5585, 4964, 5585, @@ -567,7 +656,7 @@ static yyconst short int yy_base[999] = } ; -static yyconst short int yy_def[999] = +static yyconst flex_int16_t yy_def[999] = { 0, 881, 1, 1, 1, 882, 882, 883, 883, 884, 884, 885, 885, 881, 13, 881, 886, 881, 881, 881, 881, @@ -681,7 +770,7 @@ static yyconst short int yy_def[999] = } ; -static yyconst short int yy_nxt[5657] = +static yyconst flex_int16_t yy_nxt[5657] = { 0, 16, 17, 18, 19, 20, 21, 22, 23, 24, 16, 25, 26, 16, 16, 27, 28, 29, 30, 28, 28, @@ -1307,7 +1396,7 @@ static yyconst short int yy_nxt[5657] = 881, 881, 881, 881, 881, 881 } ; -static yyconst short int yy_chk[5657] = +static yyconst flex_int16_t yy_chk[5657] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1936,6 +2025,9 @@ static yyconst short int yy_chk[5657] = static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; +extern int sudoers_flex_debug; +int sudoers_flex_debug = 0; + /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ @@ -1943,9 +2035,8 @@ static char *yy_last_accepting_cpos; #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET -char *yytext; +char *sudoerstext; #line 1 "toke.l" -#define INITIAL 0 #line 2 "toke.l" /* * Copyright (c) 1996, 1998-2005, 2007-2017 @@ -1995,14 +2086,9 @@ char *yytext; #include "sudoers.h" #include "toke.h" #include +#include "sudo_digest.h" #include "sudo_lbuf.h" -#ifdef HAVE_SHA224UPDATE -# include -#else -# include "compat/sha2.h" -#endif - #if defined(HAVE_STRUCT_DIRENT_D_NAMLEN) && HAVE_STRUCT_DIRENT_D_NAMLEN # define NAMLEN(dirent) (dirent)->d_namlen #else @@ -2021,7 +2107,7 @@ gid_t sudoers_gid = SUDOERS_GID; static bool continued, sawspace; static int prev_state; -static yy_size_t digest_len; +static int digest_type = -1; static bool push_include_int(char *, bool); static bool pop_include(void); @@ -2041,20 +2127,64 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; #define push_include(_p) (push_include_int((_p), false)) #define push_includedir(_p) (push_include_int((_p), true)) #define YY_NO_INPUT 1 -#define YY_NO_UNPUT 1 -#define GOTDEFS 1 -#define GOTCMND 2 -#define STARTDEFS 3 -#define INDEFS 4 -#define INSTR 5 + +#line 2136 "lex.sudoers.c" + +#define INITIAL 0 +#define GOTDEFS 1 +#define GOTCMND 2 +#define STARTDEFS 3 +#define INDEFS 4 +#define INSTR 5 #define WANTDIGEST 6 -#line 2058 "lex.sudoers.c" +#ifndef YY_NO_UNISTD_H +/* Special case for "unistd.h", since it is non-ANSI. We include it way + * down here because we want the user's section 1 to have been scanned first. + * The user has a chance to override it with an option. + */ +#include +#endif + +#ifndef YY_EXTRA_TYPE +#define YY_EXTRA_TYPE void * +#endif + +static int yy_init_globals (void ); + +/* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +int sudoerslex_destroy (void ); + +int sudoersget_debug (void ); + +void sudoersset_debug (int debug_flag ); + +YY_EXTRA_TYPE sudoersget_extra (void ); + +void sudoersset_extra (YY_EXTRA_TYPE user_defined ); + +FILE *sudoersget_in (void ); + +void sudoersset_in (FILE * in_str ); + +FILE *sudoersget_out (void ); + +void sudoersset_out (FILE * out_str ); + +yy_size_t sudoersget_leng (void ); + +char *sudoersget_text (void ); + +int sudoersget_lineno (void ); + +void sudoersset_lineno (int line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -2062,65 +2192,28 @@ int (*trace_print)(const char *msg) = sudoers_trace_print; #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); +extern "C" int sudoerswrap (void ); #else -extern int yywrap YY_PROTO(( void )); -#endif +extern int sudoerswrap (void ); #endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); #endif #ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); +static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if defined(YY_STACK_USED) && YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif +#ifdef __cplusplus +static int yyinput (void ); #else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 +static int input (void ); #endif -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#ifdef __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif #endif /* Amount of stuff to slurp up with each read. */ @@ -2129,12 +2222,11 @@ YY_MALLOC_DECL #endif /* Copy whatever the last rule matched to the standard output. */ - #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#define ECHO do { if (fwrite( sudoerstext, sudoersleng, 1, sudoersout )) {} } while (0) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -2142,21 +2234,35 @@ YY_MALLOC_DECL */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ - int c = '*', n; \ + int c = '*'; \ + size_t n; \ for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + (c = getc( sudoersin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ + if ( c == EOF && ferror( sudoersin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); + else \ + { \ + errno=0; \ + while ( (result = fread(buf, 1, max_size, sudoersin))==0 && ferror(sudoersin)) \ + { \ + if( errno != EINTR) \ + { \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + break; \ + } \ + errno=0; \ + clearerr(sudoersin); \ + } \ + }\ +\ + #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - @@ -2177,14 +2283,20 @@ YY_MALLOC_DECL #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif +/* end tables serialization structures and prototypes */ + /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif +#define YY_DECL_IS_OURS 1 + +extern int sudoerslex (void); + +#define YY_DECL int sudoerslex (void) +#endif /* !YY_DECL */ -/* Code executed at the beginning of each rule, after yytext and yyleng +/* Code executed at the beginning of each rule, after sudoerstext and sudoersleng * have been set up. */ #ifndef YY_USER_ACTION @@ -2197,67 +2309,72 @@ YY_MALLOC_DECL #endif #define YY_RULE_SETUP \ - if ( yyleng > 0 ) \ - yy_current_buffer->yy_at_bol = \ - (yytext[yyleng - 1] == '\n'); \ + if ( sudoersleng > 0 ) \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = \ + (sudoerstext[sudoersleng - 1] == '\n'); \ YY_USER_ACTION +/** The main scanner function which does all the work. + */ YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; - -#line 122 "toke.l" - -#line 2214 "lex.sudoers.c" - - if ( yy_init ) +{ + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; + + if ( !(yy_init) ) { - yy_init = 0; + (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif - if ( ! yy_start ) - yy_start = 1; /* first start state */ + if ( ! (yy_start) ) + (yy_start) = 1; /* first start state */ - if ( ! yyin ) - yyin = stdin; + if ( ! sudoersin ) + sudoersin = stdin; - if ( ! yyout ) - yyout = stdout; + if ( ! sudoersout ) + sudoersout = stdout; - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); + if ( ! YY_CURRENT_BUFFER ) { + sudoersensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + sudoers_create_buffer(sudoersin,YY_BUF_SIZE ); + } - yy_load_buffer_state(); + sudoers_load_buffer_state( ); } + { +#line 116 "toke.l" + +#line 2354 "lex.sudoers.c" + while ( 1 ) /* loops until end-of-file is reached */ { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); - /* Support of yytext. */ - *yy_cp = yy_hold_char; + /* Support of sudoerstext. */ + *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; - yy_current_state = yy_start; + yy_current_state = (yy_start); yy_current_state += YY_AT_BOL(); yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -2274,29 +2391,27 @@ yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; - do_action: /* This label is used only to access EOF actions. */ - switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; + *yy_cp = (yy_hold_char); + yy_cp = (yy_last_accepting_cpos); + yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: YY_RULE_SETUP -#line 123 "toke.l" +#line 117 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -2304,12 +2419,12 @@ YY_RULE_SETUP YY_BREAK case 2: YY_RULE_SETUP -#line 128 "toke.l" +#line 122 "toke.l" BEGIN STARTDEFS; YY_BREAK case 3: YY_RULE_SETUP -#line 130 "toke.l" +#line 124 "toke.l" { BEGIN INDEFS; LEXTRACE("DEFVAR "); @@ -2321,7 +2436,7 @@ YY_RULE_SETUP case 4: YY_RULE_SETUP -#line 139 "toke.l" +#line 133 "toke.l" { BEGIN STARTDEFS; LEXTRACE(", "); @@ -2330,7 +2445,7 @@ YY_RULE_SETUP YY_BREAK case 5: YY_RULE_SETUP -#line 145 "toke.l" +#line 139 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -2338,7 +2453,7 @@ YY_RULE_SETUP YY_BREAK case 6: YY_RULE_SETUP -#line 150 "toke.l" +#line 144 "toke.l" { LEXTRACE("+= "); LEXRETURN('+'); @@ -2346,7 +2461,7 @@ YY_RULE_SETUP YY_BREAK case 7: YY_RULE_SETUP -#line 155 "toke.l" +#line 149 "toke.l" { LEXTRACE("-= "); LEXRETURN('-'); @@ -2354,7 +2469,7 @@ YY_RULE_SETUP YY_BREAK case 8: YY_RULE_SETUP -#line 160 "toke.l" +#line 154 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -2364,7 +2479,7 @@ YY_RULE_SETUP YY_BREAK case 9: YY_RULE_SETUP -#line 167 "toke.l" +#line 161 "toke.l" { LEXTRACE("WORD(2) "); if (!fill(sudoerstext, sudoersleng)) @@ -2375,8 +2490,9 @@ YY_RULE_SETUP case 10: +/* rule 10 can match eol */ YY_RULE_SETUP -#line 176 "toke.l" +#line 170 "toke.l" { /* Line continuation char followed by newline. */ sudolineno++; @@ -2385,7 +2501,7 @@ YY_RULE_SETUP YY_BREAK case 11: YY_RULE_SETUP -#line 182 "toke.l" +#line 176 "toke.l" { LEXTRACE("ENDSTR "); BEGIN prev_state; @@ -2420,7 +2536,7 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 214 "toke.l" +#line 208 "toke.l" { LEXTRACE("BACKSLASH "); if (!append(sudoerstext, sudoersleng)) @@ -2429,7 +2545,7 @@ YY_RULE_SETUP YY_BREAK case 13: YY_RULE_SETUP -#line 220 "toke.l" +#line 214 "toke.l" { LEXTRACE("STRBODY "); if (!append(sudoerstext, sudoersleng)) @@ -2440,7 +2556,7 @@ YY_RULE_SETUP case 14: YY_RULE_SETUP -#line 228 "toke.l" +#line 222 "toke.l" { /* quoted fnmatch glob char, pass verbatim */ LEXTRACE("QUOTEDCHAR "); @@ -2451,7 +2567,7 @@ YY_RULE_SETUP YY_BREAK case 15: YY_RULE_SETUP -#line 236 "toke.l" +#line 230 "toke.l" { /* quoted sudoers special char, strip backslash */ LEXTRACE("QUOTEDCHAR "); @@ -2461,8 +2577,9 @@ YY_RULE_SETUP } YY_BREAK case 16: +/* rule 16 can match eol */ YY_RULE_SETUP -#line 244 "toke.l" +#line 238 "toke.l" { BEGIN INITIAL; yyless(0); @@ -2471,7 +2588,7 @@ YY_RULE_SETUP YY_BREAK case 17: YY_RULE_SETUP -#line 250 "toke.l" +#line 244 "toke.l" { LEXTRACE("ARG "); if (!fill_args(sudoerstext, sudoersleng, sawspace)) @@ -2482,9 +2599,11 @@ YY_RULE_SETUP case 18: YY_RULE_SETUP -#line 258 "toke.l" +#line 252 "toke.l" { /* Only return DIGEST if the length is correct. */ + yy_size_t digest_len = + sudo_digest_getlen(digest_type); if ((yy_size_t)sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -2498,10 +2617,11 @@ YY_RULE_SETUP YY_BREAK case 19: YY_RULE_SETUP -#line 271 "toke.l" +#line 267 "toke.l" { /* Only return DIGEST if the length is correct. */ - yy_size_t len; + yy_size_t len, digest_len = + sudo_digest_getlen(digest_type); if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ len = 4 * ((digest_len + 2) / 3); @@ -2521,8 +2641,9 @@ YY_RULE_SETUP } /* base64 digest */ YY_BREAK case 20: +/* rule 20 can match eol */ YY_RULE_SETUP -#line 292 "toke.l" +#line 289 "toke.l" { char *path; @@ -2542,8 +2663,9 @@ YY_RULE_SETUP } YY_BREAK case 21: +/* rule 21 can match eol */ YY_RULE_SETUP -#line 310 "toke.l" +#line 307 "toke.l" { char *path; @@ -2567,7 +2689,7 @@ YY_RULE_SETUP YY_BREAK case 22: YY_RULE_SETUP -#line 331 "toke.l" +#line 328 "toke.l" { char deftype; int n; @@ -2610,7 +2732,7 @@ YY_RULE_SETUP YY_BREAK case 23: YY_RULE_SETUP -#line 371 "toke.l" +#line 368 "toke.l" { int n; @@ -2639,7 +2761,7 @@ YY_RULE_SETUP YY_BREAK case 24: YY_RULE_SETUP -#line 397 "toke.l" +#line 394 "toke.l" { /* cmnd does not require passwd for this user */ LEXTRACE("NOPASSWD "); @@ -2648,7 +2770,7 @@ YY_RULE_SETUP YY_BREAK case 25: YY_RULE_SETUP -#line 403 "toke.l" +#line 400 "toke.l" { /* cmnd requires passwd for this user */ LEXTRACE("PASSWD "); @@ -2657,7 +2779,7 @@ YY_RULE_SETUP YY_BREAK case 26: YY_RULE_SETUP -#line 409 "toke.l" +#line 406 "toke.l" { LEXTRACE("NOEXEC "); LEXRETURN(NOEXEC); @@ -2665,7 +2787,7 @@ YY_RULE_SETUP YY_BREAK case 27: YY_RULE_SETUP -#line 414 "toke.l" +#line 411 "toke.l" { LEXTRACE("EXEC "); LEXRETURN(EXEC); @@ -2673,7 +2795,7 @@ YY_RULE_SETUP YY_BREAK case 28: YY_RULE_SETUP -#line 419 "toke.l" +#line 416 "toke.l" { LEXTRACE("SETENV "); LEXRETURN(SETENV); @@ -2681,7 +2803,7 @@ YY_RULE_SETUP YY_BREAK case 29: YY_RULE_SETUP -#line 424 "toke.l" +#line 421 "toke.l" { LEXTRACE("NOSETENV "); LEXRETURN(NOSETENV); @@ -2689,7 +2811,7 @@ YY_RULE_SETUP YY_BREAK case 30: YY_RULE_SETUP -#line 429 "toke.l" +#line 426 "toke.l" { LEXTRACE("LOG_OUTPUT "); LEXRETURN(LOG_OUTPUT); @@ -2697,7 +2819,7 @@ YY_RULE_SETUP YY_BREAK case 31: YY_RULE_SETUP -#line 434 "toke.l" +#line 431 "toke.l" { LEXTRACE("NOLOG_OUTPUT "); LEXRETURN(NOLOG_OUTPUT); @@ -2705,7 +2827,7 @@ YY_RULE_SETUP YY_BREAK case 32: YY_RULE_SETUP -#line 439 "toke.l" +#line 436 "toke.l" { LEXTRACE("LOG_INPUT "); LEXRETURN(LOG_INPUT); @@ -2713,7 +2835,7 @@ YY_RULE_SETUP YY_BREAK case 33: YY_RULE_SETUP -#line 444 "toke.l" +#line 441 "toke.l" { LEXTRACE("NOLOG_INPUT "); LEXRETURN(NOLOG_INPUT); @@ -2721,7 +2843,7 @@ YY_RULE_SETUP YY_BREAK case 34: YY_RULE_SETUP -#line 449 "toke.l" +#line 446 "toke.l" { LEXTRACE("MAIL "); LEXRETURN(MAIL); @@ -2729,7 +2851,7 @@ YY_RULE_SETUP YY_BREAK case 35: YY_RULE_SETUP -#line 454 "toke.l" +#line 451 "toke.l" { LEXTRACE("NOMAIL "); LEXRETURN(NOMAIL); @@ -2737,7 +2859,7 @@ YY_RULE_SETUP YY_BREAK case 36: YY_RULE_SETUP -#line 459 "toke.l" +#line 456 "toke.l" { LEXTRACE("FOLLOW "); LEXRETURN(FOLLOW); @@ -2745,7 +2867,7 @@ YY_RULE_SETUP YY_BREAK case 37: YY_RULE_SETUP -#line 464 "toke.l" +#line 461 "toke.l" { LEXTRACE("NOFOLLOW "); LEXRETURN(NOFOLLOW); @@ -2753,7 +2875,7 @@ YY_RULE_SETUP YY_BREAK case 38: YY_RULE_SETUP -#line 469 "toke.l" +#line 466 "toke.l" { /* empty group or netgroup */ LEXTRACE("ERROR "); @@ -2762,7 +2884,7 @@ YY_RULE_SETUP YY_BREAK case 39: YY_RULE_SETUP -#line 475 "toke.l" +#line 472 "toke.l" { /* netgroup */ if (!fill(sudoerstext, sudoersleng)) @@ -2773,7 +2895,7 @@ YY_RULE_SETUP YY_BREAK case 40: YY_RULE_SETUP -#line 483 "toke.l" +#line 480 "toke.l" { /* group */ if (!fill(sudoerstext, sudoersleng)) @@ -2784,7 +2906,7 @@ YY_RULE_SETUP YY_BREAK case 41: YY_RULE_SETUP -#line 491 "toke.l" +#line 488 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -2794,7 +2916,7 @@ YY_RULE_SETUP YY_BREAK case 42: YY_RULE_SETUP -#line 498 "toke.l" +#line 495 "toke.l" { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -2804,7 +2926,7 @@ YY_RULE_SETUP YY_BREAK case 43: YY_RULE_SETUP -#line 505 "toke.l" +#line 502 "toke.l" { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); @@ -2818,7 +2940,7 @@ YY_RULE_SETUP YY_BREAK case 44: YY_RULE_SETUP -#line 516 "toke.l" +#line 513 "toke.l" { if (!ipv6_valid(sudoerstext)) { LEXTRACE("ERROR "); @@ -2832,7 +2954,7 @@ YY_RULE_SETUP YY_BREAK case 45: YY_RULE_SETUP -#line 527 "toke.l" +#line 524 "toke.l" { LEXTRACE("ALL "); LEXRETURN(ALL); @@ -2841,7 +2963,7 @@ YY_RULE_SETUP YY_BREAK case 46: YY_RULE_SETUP -#line 533 "toke.l" +#line 530 "toke.l" { LEXTRACE("CMND_TIMEOUT "); LEXRETURN(CMND_TIMEOUT); @@ -2849,7 +2971,7 @@ YY_RULE_SETUP YY_BREAK case 47: YY_RULE_SETUP -#line 538 "toke.l" +#line 535 "toke.l" { LEXTRACE("NOTBEFORE "); LEXRETURN(NOTBEFORE); @@ -2857,7 +2979,7 @@ YY_RULE_SETUP YY_BREAK case 48: YY_RULE_SETUP -#line 543 "toke.l" +#line 540 "toke.l" { LEXTRACE("NOTAFTER "); LEXRETURN(NOTAFTER); @@ -2865,7 +2987,7 @@ YY_RULE_SETUP YY_BREAK case 49: YY_RULE_SETUP -#line 548 "toke.l" +#line 545 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("ROLE "); @@ -2877,7 +2999,7 @@ YY_RULE_SETUP YY_BREAK case 50: YY_RULE_SETUP -#line 557 "toke.l" +#line 554 "toke.l" { #ifdef HAVE_SELINUX LEXTRACE("TYPE "); @@ -2889,7 +3011,7 @@ YY_RULE_SETUP YY_BREAK case 51: YY_RULE_SETUP -#line 565 "toke.l" +#line 562 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("PRIVS "); @@ -2901,7 +3023,7 @@ YY_RULE_SETUP YY_BREAK case 52: YY_RULE_SETUP -#line 574 "toke.l" +#line 571 "toke.l" { #ifdef HAVE_PRIV_SET LEXTRACE("LIMITPRIVS "); @@ -2913,7 +3035,7 @@ YY_RULE_SETUP YY_BREAK case 53: YY_RULE_SETUP -#line 583 "toke.l" +#line 580 "toke.l" { got_alias: if (!fill(sudoerstext, sudoersleng)) @@ -2924,7 +3046,7 @@ YY_RULE_SETUP YY_BREAK case 54: YY_RULE_SETUP -#line 591 "toke.l" +#line 588 "toke.l" { /* XXX - no way to specify digest for command */ /* no command args allowed for Defaults!/path */ @@ -2936,9 +3058,9 @@ YY_RULE_SETUP YY_BREAK case 55: YY_RULE_SETUP -#line 600 "toke.l" +#line 597 "toke.l" { - digest_len = SHA224_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA224; BEGIN WANTDIGEST; LEXTRACE("SHA224_TOK "); LEXRETURN(SHA224_TOK); @@ -2946,9 +3068,9 @@ YY_RULE_SETUP YY_BREAK case 56: YY_RULE_SETUP -#line 607 "toke.l" +#line 604 "toke.l" { - digest_len = SHA256_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA256; BEGIN WANTDIGEST; LEXTRACE("SHA256_TOK "); LEXRETURN(SHA256_TOK); @@ -2956,9 +3078,9 @@ YY_RULE_SETUP YY_BREAK case 57: YY_RULE_SETUP -#line 614 "toke.l" +#line 611 "toke.l" { - digest_len = SHA384_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA384; BEGIN WANTDIGEST; LEXTRACE("SHA384_TOK "); LEXRETURN(SHA384_TOK); @@ -2966,9 +3088,9 @@ YY_RULE_SETUP YY_BREAK case 58: YY_RULE_SETUP -#line 621 "toke.l" +#line 618 "toke.l" { - digest_len = SHA512_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA512; BEGIN WANTDIGEST; LEXTRACE("SHA512_TOK "); LEXRETURN(SHA512_TOK); @@ -2976,7 +3098,7 @@ YY_RULE_SETUP YY_BREAK case 59: YY_RULE_SETUP -#line 628 "toke.l" +#line 625 "toke.l" { BEGIN GOTCMND; LEXTRACE("COMMAND "); @@ -2986,7 +3108,7 @@ YY_RULE_SETUP YY_BREAK case 60: YY_RULE_SETUP -#line 635 "toke.l" +#line 632 "toke.l" { /* directories can't have args... */ if (sudoerstext[sudoersleng - 1] == '/') { @@ -3004,7 +3126,7 @@ YY_RULE_SETUP YY_BREAK case 61: YY_RULE_SETUP -#line 650 "toke.l" +#line 647 "toke.l" { LEXTRACE("BEGINSTR "); sudoerslval.string = NULL; @@ -3014,7 +3136,7 @@ YY_RULE_SETUP YY_BREAK case 62: YY_RULE_SETUP -#line 657 "toke.l" +#line 654 "toke.l" { /* a word */ if (!fill(sudoerstext, sudoersleng)) @@ -3025,7 +3147,7 @@ YY_RULE_SETUP YY_BREAK case 63: YY_RULE_SETUP -#line 665 "toke.l" +#line 662 "toke.l" { LEXTRACE("( "); LEXRETURN('('); @@ -3033,7 +3155,7 @@ YY_RULE_SETUP YY_BREAK case 64: YY_RULE_SETUP -#line 670 "toke.l" +#line 667 "toke.l" { LEXTRACE(") "); LEXRETURN(')'); @@ -3041,7 +3163,7 @@ YY_RULE_SETUP YY_BREAK case 65: YY_RULE_SETUP -#line 675 "toke.l" +#line 672 "toke.l" { LEXTRACE(", "); LEXRETURN(','); @@ -3049,7 +3171,7 @@ YY_RULE_SETUP YY_BREAK case 66: YY_RULE_SETUP -#line 680 "toke.l" +#line 677 "toke.l" { LEXTRACE("= "); LEXRETURN('='); @@ -3057,7 +3179,7 @@ YY_RULE_SETUP YY_BREAK case 67: YY_RULE_SETUP -#line 685 "toke.l" +#line 682 "toke.l" { LEXTRACE(": "); LEXRETURN(':'); @@ -3065,7 +3187,7 @@ YY_RULE_SETUP YY_BREAK case 68: YY_RULE_SETUP -#line 690 "toke.l" +#line 687 "toke.l" { if (sudoersleng & 1) { LEXTRACE("!"); @@ -3074,8 +3196,9 @@ YY_RULE_SETUP } YY_BREAK case 69: +/* rule 69 can match eol */ YY_RULE_SETUP -#line 697 "toke.l" +#line 694 "toke.l" { if (YY_START == INSTR) { LEXTRACE("ERROR "); @@ -3090,14 +3213,15 @@ YY_RULE_SETUP YY_BREAK case 70: YY_RULE_SETUP -#line 709 "toke.l" +#line 706 "toke.l" { /* throw away space/tabs */ sawspace = true; /* but remember for fill_args */ } YY_BREAK case 71: +/* rule 71 can match eol */ YY_RULE_SETUP -#line 713 "toke.l" +#line 710 "toke.l" { sawspace = true; /* remember for fill_args */ sudolineno++; @@ -3105,15 +3229,16 @@ YY_RULE_SETUP } /* throw away EOL after \ */ YY_BREAK case 72: +/* rule 72 can match eol */ YY_RULE_SETUP -#line 719 "toke.l" +#line 716 "toke.l" { if (sudoerstext[sudoersleng - 1] == '\n') { /* comment ending in a newline */ BEGIN INITIAL; sudolineno++; continued = false; - } else if (!feof(yyin)) { + } else if (!feof(sudoersin)) { LEXTRACE("ERROR "); LEXRETURN(ERROR); } @@ -3123,7 +3248,7 @@ YY_RULE_SETUP YY_BREAK case 73: YY_RULE_SETUP -#line 733 "toke.l" +#line 730 "toke.l" { LEXTRACE("ERROR "); LEXRETURN(ERROR); @@ -3136,7 +3261,7 @@ case YY_STATE_EOF(STARTDEFS): case YY_STATE_EOF(INDEFS): case YY_STATE_EOF(INSTR): case YY_STATE_EOF(WANTDIGEST): -#line 738 "toke.l" +#line 735 "toke.l" { if (YY_START != INITIAL) { BEGIN INITIAL; @@ -3149,34 +3274,34 @@ case YY_STATE_EOF(WANTDIGEST): YY_BREAK case 74: YY_RULE_SETUP -#line 748 "toke.l" +#line 745 "toke.l" ECHO; YY_BREAK -#line 3156 "lex.sudoers.c" +#line 3280 "lex.sudoers.c" case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; + *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our + * just pointed sudoersin at a new source and called + * sudoerslex(). If so, then we have to assure + * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_input_file = sudoersin; + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position @@ -3186,13 +3311,13 @@ ECHO; * end-of-buffer state). Contrast this with the test * in input(). */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have @@ -3205,41 +3330,41 @@ ECHO; yy_next_state = yy_try_NUL_trans( yy_current_state ); - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; + yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { - yy_cp = yy_c_buf_p; + yy_cp = (yy_c_buf_p); goto yy_find_action; } } - else switch ( yy_get_next_buffer() ) + else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { - yy_did_buffer_switch_on_eof = 0; + (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap() ) + if ( sudoerswrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up - * yytext, we can now set up + * sudoerstext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; @@ -3247,30 +3372,30 @@ ECHO; else { - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; + (yy_c_buf_p) = + (yytext_ptr) + yy_amount_of_matched_text; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; + (yy_c_buf_p) = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; - yy_current_state = yy_get_previous_state(); + yy_current_state = yy_get_previous_state( ); - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; + yy_cp = (yy_c_buf_p); + yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; @@ -3281,8 +3406,8 @@ ECHO; "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ - } /* end of yylex */ - + } /* end of user's declarations */ +} /* end of sudoerslex */ /* yy_get_next_buffer - try to read in a new buffer * @@ -3291,21 +3416,20 @@ ECHO; * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ - -static int yy_get_next_buffer YY_PROTO(( void )) - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; +static int yy_get_next_buffer (void) +{ + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = (yytext_ptr); + int number_to_move, i; int ret_val; - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); - if ( yy_current_buffer->yy_fill_buffer == 0 ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. @@ -3325,38 +3449,34 @@ static int yy_get_next_buffer YY_PROTO(( void )) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; + yy_size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); + (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -3365,8 +3485,7 @@ static int yy_get_next_buffer YY_PROTO(( void )) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); + sudoersrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ @@ -3376,35 +3495,35 @@ static int yy_get_next_buffer YY_PROTO(( void )) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; - num_to_read = yy_current_buffer->yy_buf_size - + num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; -#endif + } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), + (yy_n_chars), num_to_read ); - yy_current_buffer->yy_n_chars = yy_n_chars; + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - if ( yy_n_chars == 0 ) + if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); + sudoersrestart(sudoersin ); } else { ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = + YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } @@ -3412,33 +3531,42 @@ static int yy_get_next_buffer YY_PROTO(( void )) else ret_val = EOB_ACT_CONTINUE_SCAN; - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ + yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) sudoersrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + /* "- 2" to take care of EOB's */ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); + } - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + (yy_n_chars) += number_to_move; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; - return ret_val; - } + (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; + return ret_val; +} /* yy_get_previous_state - get the state just before the EOB char was reached */ -static yy_state_type yy_get_previous_state YY_PROTO(( void )) - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; + static yy_state_type yy_get_previous_state (void) +{ + yy_state_type yy_current_state; + char *yy_cp; + + yy_current_state = (yy_start); yy_current_state += YY_AT_BOL(); - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -3450,30 +3578,23 @@ static yy_state_type yy_get_previous_state YY_PROTO(( void )) } return yy_current_state; - } - +} /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) +{ + int yy_is_jam; + char *yy_cp = (yy_c_buf_p); -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; + (yy_last_accepting_state) = yy_current_state; + (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { @@ -3484,82 +3605,37 @@ yy_state_type yy_current_state; yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 881); - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - + return yy_is_jam ? 0 : yy_current_state; +} #ifndef YY_NO_INPUT #ifdef __cplusplus -static int yyinput YY_PROTO(( void )) + static int yyinput (void) #else -static int input YY_PROTO(( void )) + static int input (void) #endif - { - int c; - *yy_c_buf_p = yy_hold_char; +{ + int c; + + *(yy_c_buf_p) = (yy_hold_char); - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ - *yy_c_buf_p = '\0'; + *(yy_c_buf_p) = '\0'; else { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; + yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); - switch ( yy_get_next_buffer() ) + switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() @@ -3573,16 +3649,16 @@ static int input YY_PROTO(( void )) */ /* Reset buffer status. */ - yyrestart( yyin ); + sudoersrestart(sudoersin ); - /* fall through */ + /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap() ) + if ( sudoerswrap( ) ) return EOF; - if ( ! yy_did_buffer_switch_on_eof ) + if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); @@ -3592,177 +3668,167 @@ static int input YY_PROTO(( void )) } case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; + (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; + c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ + *(yy_c_buf_p) = '\0'; /* preserve sudoerstext */ + (yy_hold_char) = *++(yy_c_buf_p); - yy_current_buffer->yy_at_bol = (c == '\n'); + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = (c == '\n'); return c; - } +} #endif /* ifndef YY_NO_INPUT */ - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); +/** Immediately switch to a different input stream. + * @param input_file A readable stream. + * + * @note This function does not reset the start condition to @c INITIAL . + */ + void sudoersrestart (FILE * input_file ) +{ + + if ( ! YY_CURRENT_BUFFER ){ + sudoersensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = + sudoers_create_buffer(sudoersin,YY_BUF_SIZE ); } + sudoers_init_buffer(YY_CURRENT_BUFFER,input_file ); + sudoers_load_buffer_state( ); +} -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) +/** Switch to a different input buffer. + * @param new_buffer The new input buffer. + * + */ + void sudoers_switch_to_buffer (YY_BUFFER_STATE new_buffer ) +{ + + /* TODO. We should be able to replace this entire function body + * with + * sudoerspop_buffer_state(); + * sudoerspush_buffer_state(new_buffer); + */ + sudoersensure_buffer_stack (); + if ( YY_CURRENT_BUFFER == new_buffer ) return; - if ( yy_current_buffer ) + if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } - yy_current_buffer = new_buffer; - yy_load_buffer_state(); + YY_CURRENT_BUFFER_LVALUE = new_buffer; + sudoers_load_buffer_state( ); /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe + * EOF (sudoerswrap()) processing, but the only time this flag + * is looked at is after sudoerswrap() is called, so it's safe * to go ahead and always set it. */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } + (yy_did_buffer_switch_on_eof) = 1; +} +static void sudoers_load_buffer_state (void) +{ + (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; + (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; + sudoersin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; + (yy_hold_char) = *(yy_c_buf_p); +} -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { +/** Allocate and initialize an input buffer state. + * @param file A readable stream. + * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. + * + * @return the allocated buffer state. + */ + YY_BUFFER_STATE sudoers_create_buffer (FILE * file, int size ) +{ YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + + b = (YY_BUFFER_STATE) sudoersalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in sudoers_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) sudoersalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in sudoers_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer( b, file ); + sudoers_init_buffer(b,file ); return b; - } - +} -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { +/** Destroy the buffer. + * @param b a buffer created with sudoers_create_buffer() + * + */ + void sudoers_delete_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; + if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - -#ifndef YY_ALWAYS_INTERACTIVE -#ifndef YY_NEVER_INTERACTIVE -#include -#endif -#endif + sudoersfree((void *) b->yy_ch_buf ); -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif + sudoersfree((void *) b ); +} +/* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a sudoersrestart() or at EOF. + */ + static void sudoers_init_buffer (YY_BUFFER_STATE b, FILE * file ) - { +{ int oerrno = errno; - - yy_flush_buffer( b ); + + sudoers_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; -#if defined(YY_ALWAYS_INTERACTIVE) && YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if defined(YY_NEVER_INTERACTIVE) && YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - errno = oerrno; - } - + /* If b is the current buffer, then sudoers_init_buffer was _probably_ + * called from sudoersrestart() or through yy_get_next_buffer. + * In that case, we don't want to reset the lineno or column. + */ + if (b != YY_CURRENT_BUFFER){ + b->yy_bs_lineno = 1; + b->yy_bs_column = 0; + } -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; + + errno = oerrno; +} - { - if ( ! b ) +/** Discard all buffered characters. On the next scan, YY_INPUT will be called. + * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. + * + */ + void sudoers_flush_buffer (YY_BUFFER_STATE b ) +{ + if ( ! b ) return; b->yy_n_chars = 0; @@ -3779,31 +3845,127 @@ YY_BUFFER_STATE b; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; - if ( b == yy_current_buffer ) - yy_load_buffer_state(); + if ( b == YY_CURRENT_BUFFER ) + sudoers_load_buffer_state( ); +} + +/** Pushes the new state onto the stack. The new state becomes + * the current state. This function will allocate the stack + * if necessary. + * @param new_buffer The new state. + * + */ +void sudoerspush_buffer_state (YY_BUFFER_STATE new_buffer ) +{ + if (new_buffer == NULL) + return; + + sudoersensure_buffer_stack(); + + /* This block is copied from sudoers_switch_to_buffer. */ + if ( YY_CURRENT_BUFFER ) + { + /* Flush out information for old buffer. */ + *(yy_c_buf_p) = (yy_hold_char); + YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } + + /* Only push if top exists. Otherwise, replace top. */ + if (YY_CURRENT_BUFFER) + (yy_buffer_stack_top)++; + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from sudoers_switch_to_buffer. */ + sudoers_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; +} + +/** Removes and deletes the top of the stack, if present. + * The next element becomes the new top. + * + */ +void sudoerspop_buffer_state (void) +{ + if (!YY_CURRENT_BUFFER) + return; + + sudoers_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + if ((yy_buffer_stack_top) > 0) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { + sudoers_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } +} + +/* Allocates the stack if it does not exist. + * Guarantees space for at least one push. + */ +static void sudoersensure_buffer_stack (void) +{ + yy_size_t num_to_alloc; + + if (!(yy_buffer_stack)) { + + /* First allocation is just for 2 elements, since we don't know if this + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ + num_to_alloc = 1; + (yy_buffer_stack) = (struct yy_buffer_state**)sudoersalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in sudoersensure_buffer_stack()" ); + + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); + + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; } + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; + /* Increase the buffer to prepare for a possible push. */ + int grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)sudoersrealloc + ((yy_buffer_stack), + num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in sudoersensure_buffer_stack()" ); + + /* zero only the new slots.*/ + memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); + (yy_buffer_stack_max) = num_to_alloc; + } +} +/** Setup the input buffer state to scan directly from a user-specified character buffer. + * @param base the character buffer + * @param size the size in bytes of the character buffer + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE sudoers_scan_buffer (char * base, yy_size_t size ) +{ + YY_BUFFER_STATE b; + if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) sudoersalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in sudoers_scan_buffer()" ); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; @@ -3815,58 +3977,53 @@ yy_size_t size; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer( b ); + sudoers_switch_to_buffer(b ); return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif +} +/** Setup the input buffer state to scan a string. The next call to sudoerslex() will + * scan from a @e copy of @a str. + * @param yystr a NUL-terminated string to scan + * + * @return the newly allocated buffer state object. + * @note If you want to scan bytes that may contain NUL values, then use + * sudoers_scan_bytes() instead. + */ +YY_BUFFER_STATE sudoers_scan_string (yyconst char * yystr ) +{ + + return sudoers_scan_bytes(yystr,strlen(yystr) ); +} -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { +/** Setup the input buffer state to scan the given bytes. The next call to sudoerslex() will + * scan from a @e copy of @a bytes. + * @param yybytes the byte buffer to scan + * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +YY_BUFFER_STATE sudoers_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) +{ YY_BUFFER_STATE b; char *buf; yy_size_t n; - int i; - + yy_size_t i; + /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); + n = _yybytes_len + 2; + buf = (char *) sudoersalloc(n ); if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + YY_FATAL_ERROR( "out of dynamic memory in sudoers_scan_bytes()" ); - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; + for ( i = 0; i < _yybytes_len; ++i ) + buf[i] = yybytes[i]; - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer( buf, n ); + b = sudoers_scan_buffer(buf,n ); if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + YY_FATAL_ERROR( "bad buffer in sudoers_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. @@ -3874,148 +4031,196 @@ int len; b->yy_is_our_buffer = 1; return b; - } +} + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 #endif +static void yy_fatal_error (yyconst char* msg ) +{ + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); +} -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; +/* Redefine yyless() so it works in section 3 code. */ - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up sudoerstext. */ \ + int yyless_macro_arg = (n); \ + YY_LESS_LINENO(yyless_macro_arg);\ + sudoerstext[sudoersleng] = (yy_hold_char); \ + (yy_c_buf_p) = sudoerstext + yyless_macro_arg; \ + (yy_hold_char) = *(yy_c_buf_p); \ + *(yy_c_buf_p) = '\0'; \ + sudoersleng = yyless_macro_arg; \ + } \ + while ( 0 ) - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); +/* Accessor methods (get/set functions) to struct members. */ - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); +/** Get the current line number. + * + */ +int sudoersget_lineno (void) +{ + + return sudoerslineno; +} - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } +/** Get the input stream. + * + */ +FILE *sudoersget_in (void) +{ + return sudoersin; +} - yy_start_stack[yy_start_stack_ptr++] = YY_START; +/** Get the output stream. + * + */ +FILE *sudoersget_out (void) +{ + return sudoersout; +} - BEGIN(new_state); - } -#endif +/** Get the length of the current token. + * + */ +yy_size_t sudoersget_leng (void) +{ + return sudoersleng; +} +/** Get the current token. + * + */ -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )) - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); +char *sudoersget_text (void) +{ + return sudoerstext; +} - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif +/** Set the current line number. + * @param line_number + * + */ +void sudoersset_lineno (int line_number ) +{ + + sudoerslineno = line_number; +} +/** Set the input stream. This does not discard the current + * input buffer. + * @param in_str A readable stream. + * + * @see sudoers_switch_to_buffer + */ +void sudoersset_in (FILE * in_str ) +{ + sudoersin = in_str ; +} -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )) - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif +void sudoersset_out (FILE * out_str ) +{ + sudoersout = out_str ; +} -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif +int sudoersget_debug (void) +{ + return sudoers_flex_debug; +} + +void sudoersset_debug (int bdebug ) +{ + sudoers_flex_debug = bdebug ; +} -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) +static int yy_init_globals (void) +{ + /* Initialization is the same as for the non-reentrant scanner. + * This function is called from sudoerslex_destroy(), so don't allocate here. + */ + + (yy_buffer_stack) = 0; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; + (yy_c_buf_p) = (char *) 0; + (yy_init) = 0; + (yy_start) = 0; + +/* Defined in main.c */ +#ifdef YY_STDINIT + sudoersin = stdin; + sudoersout = stdout; #else -static void yy_fatal_error( msg ) -char msg[]; + sudoersin = (FILE *) 0; + sudoersout = (FILE *) 0; #endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } + /* For future reference: Set errno on error, since we are called by + * sudoerslex_init() + */ + return 0; +} +/* sudoerslex_destroy is for both reentrant and non-reentrant scanners. */ +int sudoerslex_destroy (void) +{ + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ + sudoers_delete_buffer(YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + sudoerspop_buffer_state(); + } -/* Redefine yyless() so it works in section 3 code. */ + /* Destroy the stack itself. */ + sudoersfree((yy_buffer_stack) ); + (yy_buffer_stack) = NULL; -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) + /* Reset the globals. This is important in a non-reentrant scanner so the next time + * sudoerslex() is called, initialization will occur. */ + yy_init_globals( ); + return 0; +} -/* Internal utility routines. */ +/* + * Internal utility routines. + */ #ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; +static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +{ + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; - } +} #endif #ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; +static int yy_flex_strlen (yyconst char * s ) +{ + int n; for ( n = 0; s[n]; ++n ) ; return n; - } +} #endif - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { +void *sudoersalloc (yy_size_t size ) +{ return (void *) malloc( size ); - } +} -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { +void *sudoersrealloc (void * ptr, yy_size_t size ) +{ /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -4024,26 +4229,17 @@ yy_size_t size; * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); - } +} -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } +void sudoersfree (void * ptr ) +{ + free( (char *) ptr ); /* see sudoersrealloc() for (char *) cast */ +} + +#define YYTABLES_NAME "yytables" + +#line 745 "toke.l" -#if defined(YY_MAIN) && YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 748 "toke.l" struct path_list { SLIST_ENTRY(path_list) entries; @@ -4216,6 +4412,7 @@ init_lexer(void) keepopen = false; sawspace = false; continued = false; + digest_type = -1; prev_state = INITIAL; debug_return; @@ -4463,3 +4660,4 @@ sudoers_trace_print(const char *msg) return 0; } #endif /* TRACELEXER */ + diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index 0afacd2f4..79e659afb 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -47,14 +47,9 @@ #include "sudoers.h" #include "toke.h" #include +#include "sudo_digest.h" #include "sudo_lbuf.h" -#ifdef HAVE_SHA224UPDATE -# include -#else -# include "compat/sha2.h" -#endif - #if defined(HAVE_STRUCT_DIRENT_D_NAMLEN) && HAVE_STRUCT_DIRENT_D_NAMLEN # define NAMLEN(dirent) (dirent)->d_namlen #else @@ -73,7 +68,7 @@ gid_t sudoers_gid = SUDOERS_GID; static bool continued, sawspace; static int prev_state; -static yy_size_t digest_len; +static int digest_type = -1; static bool push_include_int(char *, bool); static bool pop_include(void); @@ -256,6 +251,8 @@ DEFVAR [a-z_]+ [[:xdigit:]]+ { /* Only return DIGEST if the length is correct. */ + yy_size_t digest_len = + sudo_digest_getlen(digest_type); if ((yy_size_t)sudoersleng == digest_len * 2) { if (!fill(sudoerstext, sudoersleng)) yyterminate(); @@ -269,7 +266,8 @@ DEFVAR [a-z_]+ [A-Za-z0-9\+/=]+ { /* Only return DIGEST if the length is correct. */ - yy_size_t len; + yy_size_t len, digest_len = + sudo_digest_getlen(digest_type); if (sudoerstext[sudoersleng - 1] == '=') { /* use padding */ len = 4 * ((digest_len + 2) / 3); @@ -597,28 +595,28 @@ ALL { } sha224 { - digest_len = SHA224_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA224; BEGIN WANTDIGEST; LEXTRACE("SHA224_TOK "); LEXRETURN(SHA224_TOK); } sha256 { - digest_len = SHA256_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA256; BEGIN WANTDIGEST; LEXTRACE("SHA256_TOK "); LEXRETURN(SHA256_TOK); } sha384 { - digest_len = SHA384_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA384; BEGIN WANTDIGEST; LEXTRACE("SHA384_TOK "); LEXRETURN(SHA384_TOK); } sha512 { - digest_len = SHA512_DIGEST_LENGTH; + digest_type = SUDO_DIGEST_SHA512; BEGIN WANTDIGEST; LEXTRACE("SHA512_TOK "); LEXRETURN(SHA512_TOK); @@ -916,6 +914,7 @@ init_lexer(void) keepopen = false; sawspace = false; continued = false; + digest_type = -1; prev_state = INITIAL; debug_return; -- 2.40.0