diff options
-rw-r--r-- | plugins/sudoers/cvtsudoers.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/gram.c | 16 | ||||
-rw-r--r-- | plugins/sudoers/gram.y | 16 | ||||
-rw-r--r-- | plugins/sudoers/parse.h | 3 | ||||
-rw-r--r-- | plugins/sudoers/regress/fuzz/fuzz_sudoers.c | 4 | ||||
-rw-r--r-- | plugins/sudoers/sudoers.c | 6 | ||||
-rw-r--r-- | plugins/sudoers/sudoers.h | 2 | ||||
-rw-r--r-- | plugins/sudoers/testsudoers.c | 4 | ||||
-rw-r--r-- | plugins/sudoers/toke.c | 4 | ||||
-rw-r--r-- | plugins/sudoers/toke.l | 4 | ||||
-rw-r--r-- | plugins/sudoers/visudo.c | 8 |
11 files changed, 41 insertions, 28 deletions
diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index f0e7bd594..fa52fa280 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -749,7 +749,7 @@ parse_sudoers(const char *input_file, struct cvtsudoers_config *conf) input_file = "stdin"; } else if ((sudoersin = fopen(input_file, "r")) == NULL) sudo_fatal(U_("unable to open %s"), input_file); - init_parser(input_file, false, true); + init_parser(input_file); if (sudoersparse() && !parse_error) { sudo_warnx(U_("failed to parse %s file, unknown error"), input_file); parse_error = true; diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 13a79cc86..2a92a9a9f 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -85,7 +85,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2022 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2023 * Todd C. Miller <Todd.Miller@sudo.ws> * * Permission to use, copy, modify, and distribute this software for any @@ -131,10 +131,10 @@ /* * Globals */ -bool sudoers_warnings = true; bool sudoers_recovery = true; bool sudoers_strict = false; bool parse_error = false; +int sudoers_verbose = 1; /* Optional logging function for parse errors. */ sudoers_logger_t sudoers_error_hook; @@ -3399,7 +3399,7 @@ sudoerserrorf(const char *fmt, ...) sudoers_error_hook(sudoers, this_lineno, column, fmt, ap); va_end(ap); } - if (sudoers_warnings && fmt != NULL) { + if (sudoers_verbose > 0 && fmt != NULL) { LEXTRACE("<*> "); #ifndef TRACELEXER if (trace_print == NULL || trace_print == sudoers_trace_print) { @@ -3965,7 +3965,7 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree) * the current sudoers file to path. */ bool -init_parser(const char *path, bool quiet, bool strict) +init_parser_ext(const char *path, bool strict, int verbose) { bool ret = true; debug_decl(init_parser, SUDOERS_DEBUG_PARSER); @@ -3985,12 +3985,18 @@ init_parser(const char *path, bool quiet, bool strict) } parse_error = false; - sudoers_warnings = !quiet; sudoers_strict = strict; + sudoers_verbose = verbose; debug_return_bool(ret); } +bool +init_parser(const char *path) +{ + return init_parser_ext(path, false, 1); +} + /* * Initialize all options in a cmndspec. */ diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 66c7ccad5..1380a789a 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -2,7 +2,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2022 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2023 * Todd C. Miller <Todd.Miller@sudo.ws> * * Permission to use, copy, modify, and distribute this software for any @@ -48,10 +48,10 @@ /* * Globals */ -bool sudoers_warnings = true; bool sudoers_recovery = true; bool sudoers_strict = false; bool parse_error = false; +int sudoers_verbose = 1; /* Optional logging function for parse errors. */ sudoers_logger_t sudoers_error_hook; @@ -1216,7 +1216,7 @@ sudoerserrorf(const char *fmt, ...) sudoers_error_hook(sudoers, this_lineno, column, fmt, ap); va_end(ap); } - if (sudoers_warnings && fmt != NULL) { + if (sudoers_verbose > 0 && fmt != NULL) { LEXTRACE("<*> "); #ifndef TRACELEXER if (trace_print == NULL || trace_print == sudoers_trace_print) { @@ -1782,7 +1782,7 @@ free_parse_tree(struct sudoers_parse_tree *parse_tree) * the current sudoers file to path. */ bool -init_parser(const char *path, bool quiet, bool strict) +init_parser_ext(const char *path, bool strict, int verbose) { bool ret = true; debug_decl(init_parser, SUDOERS_DEBUG_PARSER); @@ -1802,12 +1802,18 @@ init_parser(const char *path, bool quiet, bool strict) } parse_error = false; - sudoers_warnings = !quiet; sudoers_strict = strict; + sudoers_verbose = verbose; debug_return_bool(ret); } +bool +init_parser(const char *path) +{ + return init_parser_ext(path, false, 1); +} + /* * Initialize all options in a cmndspec. */ diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 4952855c6..c894c9467 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -372,7 +372,8 @@ int check_aliases(struct sudoers_parse_tree *parse_tree, bool strict, bool quiet /* gram.y */ extern struct sudoers_parse_tree parsed_policy; extern bool (*sudoers_error_hook)(const char *file, int line, int column, const char *fmt, va_list args); -bool init_parser(const char *path, bool quiet, bool strict); +bool init_parser(const char *path); +bool init_parser_ext(const char *path, bool strict, int verbose); void free_member(struct member *m); void free_members(struct member_list *members); void free_cmndspec(struct cmndspec *cs, struct cmndspec_list *csl); diff --git a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c index bc2390557..63ad8cca2 100644 --- a/plugins/sudoers/regress/fuzz/fuzz_sudoers.c +++ b/plugins/sudoers/regress/fuzz/fuzz_sudoers.c @@ -312,7 +312,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) /* Initialize defaults and parse sudoers. */ init_defaults(); - init_parser("sudoers", false, true); + init_parser_ext("sudoers", true, 1); sudoersrestart(fp); sudoersparse(); reparent_parse_tree(&parse_tree); @@ -398,7 +398,7 @@ done: /* Cleanup. */ fclose(fp); free_parse_tree(&parse_tree); - init_parser(NULL, true, true); + init_parser(NULL); if (sudo_user.pw != NULL) sudo_pw_delref(sudo_user.pw); if (runas_pw != NULL) diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 44d027b76..9d744be80 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -251,7 +251,7 @@ sudoers_init(void *info, sudoers_logger_t logger, char * const envp[]) } /* Open and parse sudoers, set global defaults. */ - init_parser(sudoers_file, false, false); + init_parser(sudoers_file); TAILQ_FOREACH_SAFE(nss, snl, entries, nss_next) { if (nss->open(nss) == -1 || (nss->parse_tree = nss->parse(nss)) == NULL) { TAILQ_REMOVE(snl, nss, entries); @@ -865,7 +865,7 @@ done: if (def_group_plugin) group_plugin_unload(); - init_parser(NULL, false, false); + init_parser(NULL); if (ret == -1) { /* Free stashed copy of the environment. */ @@ -1856,7 +1856,7 @@ sudoers_cleanup(void) nss->close(nss); } snl = NULL; - init_parser(NULL, false, false); + init_parser(NULL); } while ((def = TAILQ_FIRST(&initial_defaults)) != NULL) { TAILQ_REMOVE(&initial_defaults, def, entries); diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 591ba1004..f7bd1db5d 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -326,9 +326,9 @@ int pam_prep_user(struct passwd *); int sudoersparse(void); extern char *login_style; extern bool parse_error; -extern bool sudoers_warnings; extern bool sudoers_recovery; extern bool sudoers_strict; +extern int sudoers_verbose; /* toke.l */ YY_DECL; diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 02d8f5bf3..59b082d11 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -273,8 +273,8 @@ main(int argc, char *argv[]) sudo_fatal("%s", U_("unable to parse network address list")); } - /* Allocate space for data structures in the parser. */ - init_parser("sudoers", false, true); + /* Initialize the parser and set sudoers filename to "sudoers". */ + init_parser_ext("sudoers", true, 2); /* * Set runas passwd/group entries based on command line or sudoers. diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 700579302..260a16c51 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -5760,7 +5760,7 @@ push_include_int(const char *opath, bool isdir) struct include_stack *new_istack; if (idepth > MAX_SUDOERS_DEPTH) { - if (sudoers_warnings) + if (sudoers_verbose) sudo_warnx(U_("%s: %s"), path, U_("too many levels of includes")); sudoerserror(NULL); sudo_rcstr_delref(path); @@ -5783,7 +5783,7 @@ push_include_int(const char *opath, bool isdir) status = sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb); if (status != SUDO_PATH_SECURE) { - if (sudoers_warnings) { + if (sudoers_verbose) { switch (status) { case SUDO_PATH_BAD_TYPE: errno = ENOTDIR; diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index 91f00eebc..c397ad8c5 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -1213,7 +1213,7 @@ push_include_int(const char *opath, bool isdir) struct include_stack *new_istack; if (idepth > MAX_SUDOERS_DEPTH) { - if (sudoers_warnings) + if (sudoers_verbose) sudo_warnx(U_("%s: %s"), path, U_("too many levels of includes")); sudoerserror(NULL); sudo_rcstr_delref(path); @@ -1236,7 +1236,7 @@ push_include_int(const char *opath, bool isdir) status = sudo_secure_dir(path, sudoers_uid, sudoers_gid, &sb); if (status != SUDO_PATH_SECURE) { - if (sudoers_warnings) { + if (sudoers_verbose) { switch (status) { case SUDO_PATH_BAD_TYPE: errno = ENOTDIR; diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 9c9feccc4..d06ad64bf 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 1996, 1998-2005, 2007-2022 + * Copyright (c) 1996, 1998-2005, 2007-2023 * Todd C. Miller <Todd.Miller@sudo.ws> * * Permission to use, copy, modify, and distribute this software for any @@ -293,7 +293,7 @@ main(int argc, char *argv[]) */ if ((sudoersin = open_sudoers(sudoers_file, true, NULL)) == NULL) exit(EXIT_FAILURE); - init_parser(sudoers_file, quiet, true); + init_parser_ext(sudoers_file, true, quiet ? 0 : 2); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); (void) sudoersparse(); (void) update_defaults(&parsed_policy, NULL, @@ -654,7 +654,7 @@ reparse_sudoers(char *editor, int editor_argc, char **editor_argv, /* Clean slate for each parse */ if (!init_defaults()) sudo_fatalx("%s", U_("unable to initialize sudoers default values")); - init_parser(sp->path, quiet, true); + init_parser_ext(sp->path, true, quiet ? 0 : 2); sp->errorline = -1; /* Parse the sudoers temp file(s) */ @@ -999,7 +999,7 @@ check_syntax(const char *file, bool quiet, bool strict, bool check_owner, sudo_warn(U_("unable to open %s"), file); goto done; } - init_parser(file, quiet, true); + init_parser_ext(file, true, quiet ? 0 : 2); sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); if (sudoersparse() && !parse_error) { if (!quiet) |