From e6c0d80fa8a255105dea6a94dd4db33cdb13680f Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 6 Mar 2018 15:09:21 -0700 Subject: [PATCH] Use fmtsudoers functions in testsudoers. --- plugins/sudoers/Makefile.in | 2 +- plugins/sudoers/regress/sudoers/test1.out.ok | 10 +- plugins/sudoers/regress/sudoers/test10.out.ok | 2 - plugins/sudoers/regress/sudoers/test11.out.ok | 2 - plugins/sudoers/regress/sudoers/test12.out.ok | 2 - plugins/sudoers/regress/sudoers/test13.out.ok | 2 - plugins/sudoers/regress/sudoers/test14.out.ok | 7 +- plugins/sudoers/regress/sudoers/test15.out.ok | 4 +- plugins/sudoers/regress/sudoers/test16.out.ok | 5 +- plugins/sudoers/regress/sudoers/test17.out.ok | 21 +- plugins/sudoers/regress/sudoers/test18.out.ok | 6 +- plugins/sudoers/regress/sudoers/test19.out.ok | 22 +- plugins/sudoers/regress/sudoers/test2.out.ok | 76 ++--- plugins/sudoers/regress/sudoers/test20.out.ok | 46 ++- plugins/sudoers/regress/sudoers/test21.out.ok | 68 ++--- plugins/sudoers/regress/sudoers/test22.out.ok | 10 +- plugins/sudoers/regress/sudoers/test3.out.ok | 11 +- plugins/sudoers/regress/sudoers/test4.out.ok | 6 +- plugins/sudoers/regress/sudoers/test5.out.ok | 2 - plugins/sudoers/regress/sudoers/test6.out.ok | 21 +- plugins/sudoers/regress/sudoers/test7.out.ok | 2 - plugins/sudoers/regress/sudoers/test8.out.ok | 8 +- plugins/sudoers/regress/sudoers/test9.out.ok | 2 - plugins/sudoers/testsudoers.c | 288 +++++------------- 24 files changed, 222 insertions(+), 403 deletions(-) diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index f09cee65a..9bc6fd046 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -167,7 +167,7 @@ CVTSUDOERS_OBJS = cvtsudoers.o cvtsudoers_json.o cvtsudoers_ldif.o \ REPLAY_OBJS = getdate.o sudoreplay.o -TEST_OBJS = group_plugin.o interfaces.o locale.o net_ifs.o \ +TEST_OBJS = fmtsudoers.o group_plugin.o interfaces.o locale.o net_ifs.o \ sudo_printf.o testsudoers.o tsgetgrpw.o TSDUMP_OBJS = tsdump.o sudoers_debug.o locale.o diff --git a/plugins/sudoers/regress/sudoers/test1.out.ok b/plugins/sudoers/regress/sudoers/test1.out.ok index 34f9aa2ba..8693cea0e 100644 --- a/plugins/sudoers/regress/sudoers/test1.out.ok +++ b/plugins/sudoers/regress/sudoers/test1.out.ok @@ -1,8 +1,6 @@ Parses OK. - - -user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su - : ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id -user2 ALL = NOEXEC: NOPASSWD: SETENV: /usr/bin/vi : ALL = EXEC: PASSWD: NOSETENV: /usr/bin/echo -user3 ALL = MAIL: /bin/sh : ALL = NOMAIL: /usr/bin/id -user4 ALL = FOLLOW: sudoedit /etc/motd : ALL = NOFOLLOW: sudoedit /home/*/* +user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su - : ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id +user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi : ALL = NOSETENV: EXEC: PASSWD: /usr/bin/echo +user3 ALL = MAIL: /bin/sh : ALL = NOMAIL: /usr/bin/id +user4 ALL = FOLLOW: sudoedit /etc/motd : ALL = NOFOLLOW: sudoedit /home/*/* diff --git a/plugins/sudoers/regress/sudoers/test10.out.ok b/plugins/sudoers/regress/sudoers/test10.out.ok index ea87d793c..40c742df9 100644 --- a/plugins/sudoers/regress/sudoers/test10.out.ok +++ b/plugins/sudoers/regress/sudoers/test10.out.ok @@ -1,4 +1,2 @@ Parses OK. - - diff --git a/plugins/sudoers/regress/sudoers/test11.out.ok b/plugins/sudoers/regress/sudoers/test11.out.ok index c2b9d282c..9b2e9d6a9 100644 --- a/plugins/sudoers/regress/sudoers/test11.out.ok +++ b/plugins/sudoers/regress/sudoers/test11.out.ok @@ -1,4 +1,2 @@ Parse error in sudoers near line 1. - - diff --git a/plugins/sudoers/regress/sudoers/test12.out.ok b/plugins/sudoers/regress/sudoers/test12.out.ok index c2b9d282c..9b2e9d6a9 100644 --- a/plugins/sudoers/regress/sudoers/test12.out.ok +++ b/plugins/sudoers/regress/sudoers/test12.out.ok @@ -1,4 +1,2 @@ Parse error in sudoers near line 1. - - diff --git a/plugins/sudoers/regress/sudoers/test13.out.ok b/plugins/sudoers/regress/sudoers/test13.out.ok index c2b9d282c..9b2e9d6a9 100644 --- a/plugins/sudoers/regress/sudoers/test13.out.ok +++ b/plugins/sudoers/regress/sudoers/test13.out.ok @@ -1,4 +1,2 @@ Parse error in sudoers near line 1. - - diff --git a/plugins/sudoers/regress/sudoers/test14.out.ok b/plugins/sudoers/regress/sudoers/test14.out.ok index 54cfdcf60..bfcb661aa 100644 --- a/plugins/sudoers/regress/sudoers/test14.out.ok +++ b/plugins/sudoers/regress/sudoers/test14.out.ok @@ -1,7 +1,6 @@ Parses OK. +Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls +Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh -Cmnd_Alias LS = /bin/ls -Cmnd_Alias SH = /bin/sh - -millert ALL = LS, SH, /bin/kill +millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill diff --git a/plugins/sudoers/regress/sudoers/test15.out.ok b/plugins/sudoers/regress/sudoers/test15.out.ok index be4dc7647..fb43c8cd9 100644 --- a/plugins/sudoers/regress/sudoers/test15.out.ok +++ b/plugins/sudoers/regress/sudoers/test15.out.ok @@ -1,5 +1,3 @@ Parses OK. - - -user ALL = sudoedit /etc/motd +user ALL = sudoedit /etc/motd diff --git a/plugins/sudoers/regress/sudoers/test16.out.ok b/plugins/sudoers/regress/sudoers/test16.out.ok index 995171914..f54124263 100644 --- a/plugins/sudoers/regress/sudoers/test16.out.ok +++ b/plugins/sudoers/regress/sudoers/test16.out.ok @@ -1,6 +1,5 @@ Parses OK. +Cmnd_Alias EDIT = sudoedit /etc/motd -Cmnd_Alias EDIT = sudoedit /etc/motd - -user ALL = EDIT +user ALL = EDIT diff --git a/plugins/sudoers/regress/sudoers/test17.out.ok b/plugins/sudoers/regress/sudoers/test17.out.ok index c76ef6056..4a2c26da9 100644 --- a/plugins/sudoers/regress/sudoers/test17.out.ok +++ b/plugins/sudoers/regress/sudoers/test17.out.ok @@ -1,14 +1,13 @@ Parses OK. -Defaults command_timeout=2d8h10m59s +Defaults command_timeout=2d8h10m59s - -user0 ALL = TIMEOUT=619830 /usr/bin/id, TIMEOUT=619830 /usr/bin/who, /bin/ls -user1 ALL = TIMEOUT=619830 /usr/bin/id -user2 ALL = TIMEOUT=15030 /usr/bin/id -user3 ALL = TIMEOUT=630 /usr/bin/id -user4 ALL = TIMEOUT=1209600 /usr/bin/id -user5 ALL = TIMEOUT=300 /usr/bin/id -user6 ALL = TIMEOUT=30 /usr/bin/id -user7 ALL = TIMEOUT=45 /usr/bin/id -user8 ALL = TIMEOUT=619830 /usr/bin/id, TIMEOUT=15030 /usr/bin/id, TIMEOUT=630 /usr/bin/id, TIMEOUT=1209600 /usr/bin/id, TIMEOUT=300 /usr/bin/id, TIMEOUT=30 /usr/bin/id +user0 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/who, /bin/ls +user1 ALL = TIMEOUT=619830 /usr/bin/id +user2 ALL = TIMEOUT=15030 /usr/bin/id +user3 ALL = TIMEOUT=630 /usr/bin/id +user4 ALL = TIMEOUT=1209600 /usr/bin/id +user5 ALL = TIMEOUT=300 /usr/bin/id +user6 ALL = TIMEOUT=30 /usr/bin/id +user7 ALL = TIMEOUT=45 /usr/bin/id +user8 ALL = TIMEOUT=619830 /usr/bin/id, TIMEOUT=15030 /usr/bin/id, TIMEOUT=630 /usr/bin/id, TIMEOUT=1209600 /usr/bin/id, TIMEOUT=300 /usr/bin/id, TIMEOUT=30 /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test18.out.ok b/plugins/sudoers/regress/sudoers/test18.out.ok index 74a9a38dc..ace1ca659 100644 --- a/plugins/sudoers/regress/sudoers/test18.out.ok +++ b/plugins/sudoers/regress/sudoers/test18.out.ok @@ -1,6 +1,4 @@ Parse error in sudoers near line 4 (problem with defaults entries). -Defaults command_timeout=2d8h10m59ss -Defaults:root command_timeout=15f - - +Defaults command_timeout=2d8h10m59ss +Defaults:root command_timeout=15f diff --git a/plugins/sudoers/regress/sudoers/test19.out.ok b/plugins/sudoers/regress/sudoers/test19.out.ok index 81788290e..8d7974ef5 100644 --- a/plugins/sudoers/regress/sudoers/test19.out.ok +++ b/plugins/sudoers/regress/sudoers/test19.out.ok @@ -1,14 +1,12 @@ Parses OK. - - -user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /bin/ls -user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /bin/ls -user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id -user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id -user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id -user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id -user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id -user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id -user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id -user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, /bin/ls +user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, NOTAFTER=20170301083000Z /bin/ls +user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id +user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id +user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id +user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test2.out.ok b/plugins/sudoers/regress/sudoers/test2.out.ok index 8f55faf42..be5e8f3be 100644 --- a/plugins/sudoers/regress/sudoers/test2.out.ok +++ b/plugins/sudoers/regress/sudoers/test2.out.ok @@ -1,42 +1,42 @@ Parses OK. -Defaults@somehost set_home -Defaults@quoted" set_home -Defaults:you set_home -Defaults:us" set_home -Defaults:%them set_home -Defaults:%: non UNIX 0 c set_home -Defaults:+net set_home -Defaults>someone set_home -Defaults>some one set_home +Defaults@somehost set_home +Defaults@quoted\" set_home +Defaults:you set_home +Defaults:us\" set_home +Defaults:%them set_home +Defaults:"%: non UNIX 0 c" set_home +Defaults:+net set_home +Defaults>someone set_home +Defaults>"some one" set_home -Runas_Alias RA1 = foo -Runas_Alias RA2 = foo" -Runas_Alias RA3 = foo:bar -Runas_Alias RA4 = foo:bar" -User_Alias UA1 = foo -User_Alias UA10 = %:C/non"UNIX"0 c -User_Alias UA11 = %:C/non_UNIX_0 c -User_Alias UA12 = %:C/non\'UNIX_3 c -User_Alias UA2 = foo.bar -User_Alias UA3 = foo" -User_Alias UA4 = foo:bar -User_Alias UA5 = foo:bar" -User_Alias UA6 = %baz -User_Alias UA7 = %baz.biz -User_Alias UA8 = %:C/non UNIX 0 c -User_Alias UA9 = %:C/non\'UNIX\'1 c +Runas_Alias RA1 = foo +Runas_Alias RA2 = foo\" +Runas_Alias RA3 = foo\:bar +Runas_Alias RA4 = foo\:bar\" +User_Alias UA1 = foo +User_Alias UA10 = "%:C/non\"UNIX\"0 c" +User_Alias UA11 = "%:C/non_UNIX_0 c" +User_Alias UA12 = "%:C/non\'UNIX_3 c" +User_Alias UA2 = foo.bar +User_Alias UA3 = foo\" +User_Alias UA4 = foo\:bar +User_Alias UA5 = foo\:bar\" +User_Alias UA6 = %baz +User_Alias UA7 = %baz.biz +User_Alias UA8 = "%:C/non UNIX 0 c" +User_Alias UA9 = "%:C/non\'UNIX\'1 c" -foo hosta = (root) ALL -foo.bar hostb = (root) ALL -foo" hostc = (root) ALL -foo:bar hostd = (root) ALL -foo:bar" hoste = (root) ALL -%baz hosta = (root) ALL -%baz.biz hostb = (root) ALL -%:C/non UNIX 0 c hostc = (root) ALL -%:C/non\'UNIX\'1 c hostd = (root) ALL -%:C/non"UNIX"0 c hoste = (root) ALL -%:C/non_UNIX_0 c hostf = (root) ALL -%:C/non\'UNIX_3 c hostg = (root) ALL -+netgr hosth = (root) ALL +foo hosta = (root) ALL +foo.bar hostb = (root) ALL +foo\" hostc = (root) ALL +foo\:bar hostd = (root) ALL +foo\:bar\" hoste = (root) ALL +%baz hosta = (root) ALL +%baz.biz hostb = (root) ALL +"%:C/non UNIX 0 c" hostc = (root) ALL +"%:C/non\'UNIX\'1 c" hostd = (root) ALL +"%:C/non\"UNIX\"0 c" hoste = (root) ALL +"%:C/non_UNIX_0 c" hostf = (root) ALL +"%:C/non\'UNIX_3 c" hostg = (root) ALL ++netgr hosth = (root) ALL diff --git a/plugins/sudoers/regress/sudoers/test20.out.ok b/plugins/sudoers/regress/sudoers/test20.out.ok index fcb54996a..882af0ddf 100644 --- a/plugins/sudoers/regress/sudoers/test20.out.ok +++ b/plugins/sudoers/regress/sudoers/test20.out.ok @@ -1,26 +1,24 @@ Parses OK. -Defaults lecture -Defaults !lecture -Defaults lecture=never -Defaults lecture=once -Defaults lecture=always -Defaults listpw -Defaults !listpw -Defaults listpw=never -Defaults listpw=any -Defaults listpw=all -Defaults listpw=always -Defaults verifypw -Defaults !verifypw -Defaults verifypw=never -Defaults verifypw=any -Defaults verifypw=all -Defaults verifypw=always -Defaults fdexec -Defaults !fdexec -Defaults fdexec=never -Defaults fdexec=digest_only -Defaults fdexec=always - - +Defaults lecture +Defaults !lecture +Defaults lecture=never +Defaults lecture=once +Defaults lecture=always +Defaults listpw +Defaults !listpw +Defaults listpw=never +Defaults listpw=any +Defaults listpw=all +Defaults listpw=always +Defaults verifypw +Defaults !verifypw +Defaults verifypw=never +Defaults verifypw=any +Defaults verifypw=all +Defaults verifypw=always +Defaults fdexec +Defaults !fdexec +Defaults fdexec=never +Defaults fdexec=digest_only +Defaults fdexec=always diff --git a/plugins/sudoers/regress/sudoers/test21.out.ok b/plugins/sudoers/regress/sudoers/test21.out.ok index 4aba66729..630fa6b5e 100644 --- a/plugins/sudoers/regress/sudoers/test21.out.ok +++ b/plugins/sudoers/regress/sudoers/test21.out.ok @@ -1,37 +1,35 @@ Parses OK. -Defaults syslog -Defaults !syslog -Defaults syslog=auth -Defaults syslog=daemon -Defaults syslog=user -Defaults syslog=local0 -Defaults syslog=local1 -Defaults syslog=local2 -Defaults syslog=local3 -Defaults syslog=local4 -Defaults syslog=local5 -Defaults syslog=local6 -Defaults syslog=local7 -Defaults !syslog_goodpri -Defaults syslog_goodpri=alert -Defaults syslog_goodpri=crit -Defaults syslog_goodpri=debug -Defaults syslog_goodpri=emerg -Defaults syslog_goodpri=err -Defaults syslog_goodpri=info -Defaults syslog_goodpri=notice -Defaults syslog_goodpri=warning -Defaults syslog_goodpri=none -Defaults !syslog_badpri -Defaults syslog_badpri=alert -Defaults syslog_badpri=crit -Defaults syslog_badpri=debug -Defaults syslog_badpri=emerg -Defaults syslog_badpri=err -Defaults syslog_badpri=info -Defaults syslog_badpri=notice -Defaults syslog_badpri=warning -Defaults syslog_badpri=none - - +Defaults syslog +Defaults !syslog +Defaults syslog=auth +Defaults syslog=daemon +Defaults syslog=user +Defaults syslog=local0 +Defaults syslog=local1 +Defaults syslog=local2 +Defaults syslog=local3 +Defaults syslog=local4 +Defaults syslog=local5 +Defaults syslog=local6 +Defaults syslog=local7 +Defaults !syslog_goodpri +Defaults syslog_goodpri=alert +Defaults syslog_goodpri=crit +Defaults syslog_goodpri=debug +Defaults syslog_goodpri=emerg +Defaults syslog_goodpri=err +Defaults syslog_goodpri=info +Defaults syslog_goodpri=notice +Defaults syslog_goodpri=warning +Defaults syslog_goodpri=none +Defaults !syslog_badpri +Defaults syslog_badpri=alert +Defaults syslog_badpri=crit +Defaults syslog_badpri=debug +Defaults syslog_badpri=emerg +Defaults syslog_badpri=err +Defaults syslog_badpri=info +Defaults syslog_badpri=notice +Defaults syslog_badpri=warning +Defaults syslog_badpri=none diff --git a/plugins/sudoers/regress/sudoers/test22.out.ok b/plugins/sudoers/regress/sudoers/test22.out.ok index 59b5e10df..ab43a931f 100644 --- a/plugins/sudoers/regress/sudoers/test22.out.ok +++ b/plugins/sudoers/regress/sudoers/test22.out.ok @@ -1,8 +1,6 @@ Parses OK. - - -user1 ALL = () ALL -user2 ALL = () ALL -user3 ALL = () ALL -user4 ALL = () ALL +user1 ALL = (root) ALL +user2 ALL = (root) ALL +user3 ALL = (root) ALL +user4 ALL = (root) ALL diff --git a/plugins/sudoers/regress/sudoers/test3.out.ok b/plugins/sudoers/regress/sudoers/test3.out.ok index af2f4020f..566aec18e 100644 --- a/plugins/sudoers/regress/sudoers/test3.out.ok +++ b/plugins/sudoers/regress/sudoers/test3.out.ok @@ -1,9 +1,8 @@ Parses OK. -Defaults:FOO env_reset -Defaults:foo,bar env_reset -Defaults:foo, bar env_reset -Defaults:foo,bar env_reset - -User_Alias FOO = foo, bar +Defaults:FOO env_reset +Defaults:foo, bar env_reset +Defaults:foo, " bar" env_reset +Defaults:foo, bar env_reset +User_Alias FOO = foo, bar diff --git a/plugins/sudoers/regress/sudoers/test4.out.ok b/plugins/sudoers/regress/sudoers/test4.out.ok index 1c0bc4b43..3552d3bcc 100644 --- a/plugins/sudoers/regress/sudoers/test4.out.ok +++ b/plugins/sudoers/regress/sudoers/test4.out.ok @@ -1,6 +1,4 @@ Parse error in sudoers near line 7. - -User_Alias BAR = bar -User_Alias FOO = foo - +User_Alias BAR = bar +User_Alias FOO = foo diff --git a/plugins/sudoers/regress/sudoers/test5.out.ok b/plugins/sudoers/regress/sudoers/test5.out.ok index 3f6e2f215..3cd2ec8bf 100644 --- a/plugins/sudoers/regress/sudoers/test5.out.ok +++ b/plugins/sudoers/regress/sudoers/test5.out.ok @@ -1,4 +1,2 @@ Parse error in sudoers near line 2. - - diff --git a/plugins/sudoers/regress/sudoers/test6.out.ok b/plugins/sudoers/regress/sudoers/test6.out.ok index 275add61d..ccc1627b1 100644 --- a/plugins/sudoers/regress/sudoers/test6.out.ok +++ b/plugins/sudoers/regress/sudoers/test6.out.ok @@ -1,14 +1,13 @@ Parses OK. -Defaults:#123 set_home -Defaults>#123 set_home -Defaults:#123 set_home -Defaults>#123 set_home +Defaults:#123 set_home +Defaults>#123 set_home +Defaults:#123 set_home +Defaults>#123 set_home - -#0 ALL = ALL -#0 ALL = (#0 : #0) ALL -#0 ALL = ALL -#0 ALL = (#0 : #0) ALL -%#0 ALL = ALL -%#0 ALL = ALL +#0 ALL = ALL +#0 ALL = (#0 : #0) ALL +#0 ALL = ALL +#0 ALL = (#0 : #0) ALL +%#0 ALL = ALL +%#0 ALL = ALL diff --git a/plugins/sudoers/regress/sudoers/test7.out.ok b/plugins/sudoers/regress/sudoers/test7.out.ok index 3f6e2f215..3cd2ec8bf 100644 --- a/plugins/sudoers/regress/sudoers/test7.out.ok +++ b/plugins/sudoers/regress/sudoers/test7.out.ok @@ -1,4 +1,2 @@ Parse error in sudoers near line 2. - - diff --git a/plugins/sudoers/regress/sudoers/test8.out.ok b/plugins/sudoers/regress/sudoers/test8.out.ok index 2f0730077..2ae8c6b39 100644 --- a/plugins/sudoers/regress/sudoers/test8.out.ok +++ b/plugins/sudoers/regress/sudoers/test8.out.ok @@ -1,7 +1,5 @@ Parse error in sudoers near line 8. - -User_Alias UA1 = xy -User_Alias UA2 = xy -User_Alias UA3 = x"y - +User_Alias UA1 = xy +User_Alias UA2 = xy +User_Alias UA3 = x\"y diff --git a/plugins/sudoers/regress/sudoers/test9.out.ok b/plugins/sudoers/regress/sudoers/test9.out.ok index ea87d793c..40c742df9 100644 --- a/plugins/sudoers/regress/sudoers/test9.out.ok +++ b/plugins/sudoers/regress/sudoers/test9.out.ok @@ -1,4 +1,2 @@ Parses OK. - - diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index cf7785044..ff99ff328 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -49,6 +49,7 @@ #include "interfaces.h" #include "parse.h" #include "sudo_conf.h" +#include "sudo_lbuf.h" #include #ifdef HAVE_FNMATCH @@ -64,16 +65,13 @@ /* * Function Prototypes */ -int print_alias(void *, void *); -void dump_sudoers(void); -void print_defaults(void); -void print_privilege(struct privilege *); -void print_userspecs(void); -void usage(void) __attribute__((__noreturn__)); +static void dump_sudoers(struct sudo_lbuf *lbuf); +static void usage(void) __attribute__((__noreturn__)); static void set_runaspw(const char *); static void set_runasgr(const char *); static bool cb_runas_default(const union sudo_defs_val *); -static int testsudoers_print(const char *msg); +static int testsudoers_error(const char *msg); +static int testsudoers_output(const char *buf); extern void setgrfile(const char *); extern void setgrent(void); @@ -116,6 +114,7 @@ main(int argc, char *argv[]) const char *errstr; int match, host_match, runas_match, cmnd_match; int ch, dflag, exitcode = EXIT_FAILURE; + struct sudo_lbuf lbuf; debug_decl(main, SUDOERS_DEBUG_MAIN) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) @@ -133,6 +132,8 @@ main(int argc, char *argv[]) bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */ textdomain("sudoers"); + sudo_lbuf_init(&lbuf, testsudoers_output, 0, NULL, 0); + /* Initialize the debug subsystem. */ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) goto done; @@ -165,7 +166,7 @@ main(int argc, char *argv[]) grfile = optarg; break; case 't': - trace_print = testsudoers_print; + trace_print = testsudoers_error; break; case 'U': sudoers_uid = (uid_t)sudo_strtoid(optarg, NULL, NULL, &errstr); @@ -294,7 +295,7 @@ main(int argc, char *argv[]) if (dflag) { (void) putchar('\n'); - dump_sudoers(); + dump_sudoers(&lbuf); if (argc < 2) { exitcode = parse_error ? 1 : 0; goto done; @@ -308,9 +309,9 @@ main(int argc, char *argv[]) if (userlist_matches(sudo_user.pw, &us->users) != ALLOW) continue; TAILQ_FOREACH_REVERSE(priv, &us->privileges, privilege_list, entries) { - putchar('\n'); - print_privilege(priv); - putchar('\n'); + sudo_lbuf_append(&lbuf, "\n"); + sudoers_format_privilege(&lbuf, priv, false); + sudo_lbuf_print(&lbuf); host_match = hostlist_matches(sudo_user.pw, &priv->hostlist); if (host_match == ALLOW) { puts("\thost matched"); @@ -342,6 +343,7 @@ main(int argc, char *argv[]) */ exitcode = parse_error ? 1 : (match == ALLOW ? 0 : match + 3); done: + sudo_lbuf_destroy(&lbuf); sudo_freepwcache(); sudo_freegrcache(); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); @@ -479,244 +481,98 @@ restore_perms(void) return true; } -void -print_member(struct member *m) -{ - struct sudo_command *c; - debug_decl(print_member, SUDOERS_DEBUG_UTIL) - - if (m->negated) - putchar('!'); - if (m->type == ALL) - fputs("ALL", stdout); - else if (m->type != COMMAND) - fputs(m->name ? m->name : "", stdout); - else { - c = (struct sudo_command *) m->name; - printf("%s%s%s", c->cmnd, c->args ? " " : "", - c->args ? c->args : ""); - } - - debug_return; -} - -void -print_defaults(void) +static bool +print_defaults(struct sudo_lbuf *lbuf) { - struct defaults *d; - struct member *m; + struct defaults *def, *next; debug_decl(print_defaults, SUDOERS_DEBUG_UTIL) - TAILQ_FOREACH(d, &defaults, entries) { - (void) fputs("Defaults", stdout); - switch (d->type) { - case DEFAULTS_HOST: - putchar('@'); - break; - case DEFAULTS_USER: - putchar(':'); - break; - case DEFAULTS_RUNAS: - putchar('>'); - break; - case DEFAULTS_CMND: - putchar('!'); - break; - } - TAILQ_FOREACH(m, d->binding, entries) { - if (m != TAILQ_FIRST(d->binding)) - putchar(','); - print_member(m); - } - printf("\t%s%s", d->op == false ? "!" : "", d->var); - if (d->val != NULL) { - printf("%c%s", d->op == true ? '=' : d->op, d->val); - } - putchar('\n'); - } + TAILQ_FOREACH_SAFE(def, &defaults, entries, next) + sudoers_format_default_line(lbuf, def, &next, false); - debug_return; + debug_return_bool(!sudo_lbuf_error(lbuf)); } -int +static int print_alias(void *v1, void *v2) { - struct alias *a = (struct alias *)v1; + struct alias *a = v1; + struct sudo_lbuf *lbuf = v2; struct member *m; - struct sudo_command *c; debug_decl(print_alias, SUDOERS_DEBUG_UTIL) - switch (a->type) { - case HOSTALIAS: - (void) printf("Host_Alias\t%s = ", a->name); - break; - case CMNDALIAS: - (void) printf("Cmnd_Alias\t%s = ", a->name); - break; - case USERALIAS: - (void) printf("User_Alias\t%s = ", a->name); - break; - case RUNASALIAS: - (void) printf("Runas_Alias\t%s = ", a->name); - break; - } + sudo_lbuf_append(lbuf, "%s %s = ", alias_type_to_string(a->type), + a->name); TAILQ_FOREACH(m, &a->members, entries) { if (m != TAILQ_FIRST(&a->members)) - fputs(", ", stdout); - if (m->type == COMMAND) { - c = (struct sudo_command *) m->name; - printf("%s%s%s", c->cmnd, c->args ? " " : "", - c->args ? c->args : ""); - } else if (m->type == ALL) { - fputs("ALL", stdout); - } else { - fputs(m->name, stdout); - } + sudo_lbuf_append(lbuf, ", "); + sudoers_format_member(lbuf, m, NULL, UNSPEC); } - putchar('\n'); - debug_return_int(0); + sudo_lbuf_append(lbuf, "\n"); + + debug_return_int(sudo_lbuf_error(lbuf) ? -1 : 0); } -#define TAG_SET(tt) \ - ((tt) != UNSPEC && (tt) != IMPLIED) +static bool +print_aliases(struct sudo_lbuf *lbuf) +{ + debug_decl(print_aliases, SUDOERS_DEBUG_UTIL) + + alias_apply(print_alias, lbuf); -#define TAG_CHANGED(t) \ - (TAG_SET(cs->tags.t) && cs->tags.t != tags.t) + debug_return_bool(!sudo_lbuf_error(lbuf)); +} -void -print_privilege(struct privilege *priv) +static void +dump_sudoers(struct sudo_lbuf *lbuf) { - struct cmndspec *cs; - struct member *m; - struct cmndtag tags; - debug_decl(print_privilege, SUDOERS_DEBUG_UTIL) + debug_decl(dump_sudoers, SUDOERS_DEBUG_UTIL) - TAILQ_FOREACH(m, &priv->hostlist, entries) { - if (m != TAILQ_FIRST(&priv->hostlist)) - fputs(", ", stdout); - print_member(m); + /* Print Defaults */ + if (!print_defaults(lbuf)) + goto done; + if (lbuf->len > 0) { + sudo_lbuf_print(lbuf); + sudo_lbuf_append(lbuf, "\n"); } - fputs(" = ", stdout); - TAGS_INIT(tags); - TAILQ_FOREACH(cs, &priv->cmndlist, entries) { - if (cs != TAILQ_FIRST(&priv->cmndlist)) - fputs(", ", stdout); - if (cs->runasuserlist != NULL || cs->runasgrouplist != NULL) { - fputs("(", stdout); - if (cs->runasuserlist != NULL) { - TAILQ_FOREACH(m, cs->runasuserlist, entries) { - if (m != TAILQ_FIRST(cs->runasuserlist)) - fputs(", ", stdout); - print_member(m); - } - } else if (cs->runasgrouplist == NULL) { - fputs(def_runas_default, stdout); - } else { - fputs(sudo_user.pw->pw_name, stdout); - } - if (cs->runasgrouplist != NULL) { - fputs(" : ", stdout); - TAILQ_FOREACH(m, cs->runasgrouplist, entries) { - if (m != TAILQ_FIRST(cs->runasgrouplist)) - fputs(", ", stdout); - print_member(m); - } - } - fputs(") ", stdout); - } -#ifdef HAVE_SELINUX - if (cs->role) - printf("ROLE=%s ", cs->role); - if (cs->type) - printf("TYPE=%s ", cs->type); -#endif /* HAVE_SELINUX */ -#ifdef HAVE_PRIV_SET - if (cs->privs) - printf("PRIVS=%s ", cs->privs); - if (cs->limitprivs) - printf("LIMITPRIVS=%s ", cs->limitprivs); -#endif /* HAVE_PRIV_SET */ - if (cs->timeout > 0) - printf("TIMEOUT=%d ", cs->timeout); - if (cs->notbefore != UNSPEC) { - struct tm *tm = gmtime(&cs->notbefore); - printf("NOTBEFORE=%04d%02d%02d%02d%02d%02dZ ", - tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); - } - if (cs->notafter != UNSPEC) { - struct tm *tm = gmtime(&cs->notafter); - printf("NOTAFTER=%04d%02d%02d%02d%02d%02dZ ", - tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); - } - if (TAG_CHANGED(follow)) - printf("%sFOLLOW: ", cs->tags.follow ? "" : "NO"); - if (TAG_CHANGED(log_input)) - printf("%sLOG_INPUT: ", cs->tags.log_input ? "" : "NO"); - if (TAG_CHANGED(log_output)) - printf("%sLOG_OUTPUT: ", cs->tags.log_output ? "" : "NO"); - if (TAG_CHANGED(noexec)) - printf("%sEXEC: ", cs->tags.noexec ? "NO" : ""); - if (TAG_CHANGED(nopasswd)) - printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : ""); - if (TAG_CHANGED(send_mail)) - printf("%sMAIL: ", cs->tags.send_mail ? "" : "NO"); - if (TAG_CHANGED(setenv)) - printf("%sSETENV: ", cs->tags.setenv ? "" : "NO"); - print_member(cs->cmnd); - memcpy(&tags, &cs->tags, sizeof(tags)); + + /* Print Aliases */ + if (!print_aliases(lbuf)) + goto done; + if (lbuf->len > 1) { + sudo_lbuf_print(lbuf); + sudo_lbuf_append(lbuf, "\n"); } - debug_return; -} -void -print_userspecs(void) -{ - struct member *m; - struct userspec *us; - struct privilege *priv; - debug_decl(print_userspecs, SUDOERS_DEBUG_UTIL) + /* Print User_Specs */ + if (!sudoers_format_userspecs(lbuf, &userspecs, NULL, false, true)) + goto done; + if (lbuf->len > 1) { + sudo_lbuf_print(lbuf); + } - TAILQ_FOREACH(us, &userspecs, entries) { - TAILQ_FOREACH(m, &us->users, entries) { - if (m != TAILQ_FIRST(&us->users)) - fputs(", ", stdout); - print_member(m); - } - putchar('\t'); - TAILQ_FOREACH(priv, &us->privileges, entries) { - if (priv != TAILQ_FIRST(&us->privileges)) - fputs(" : ", stdout); - print_privilege(priv); - } - putchar('\n'); +done: + if (sudo_lbuf_error(lbuf)) { + if (errno == ENOMEM) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); } + debug_return; } -void -dump_sudoers(void) +static int +testsudoers_output(const char *buf) { - debug_decl(dump_sudoers, SUDOERS_DEBUG_UTIL) - - print_defaults(); - - putchar('\n'); - alias_apply(print_alias, NULL); - - putchar('\n'); - print_userspecs(); - - debug_return; + return fputs(buf, stdout); } -static int testsudoers_print(const char *msg) +static int +testsudoers_error(const char *buf) { - return fputs(msg, stderr); + return fputs(buf, stderr); } -void +static void usage(void) { (void) fprintf(stderr, "usage: %s [-dt] [-G sudoers_gid] [-g group] [-h host] [-P grfile] [-p pwfile] [-U sudoers_uid] [-u user] [args]\n", getprogname()); -- 2.40.0