summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/sudoers/auth/API2
-rw-r--r--plugins/sudoers/auth/afs.c2
-rw-r--r--plugins/sudoers/auth/aix_auth.c2
-rw-r--r--plugins/sudoers/auth/bsdauth.c14
-rw-r--r--plugins/sudoers/auth/dce.c2
-rw-r--r--plugins/sudoers/auth/fwtk.c2
-rw-r--r--plugins/sudoers/auth/kerb5.c4
-rw-r--r--plugins/sudoers/auth/pam.c2
-rw-r--r--plugins/sudoers/auth/passwd.c15
-rw-r--r--plugins/sudoers/auth/rfc1938.c4
-rw-r--r--plugins/sudoers/auth/secureware.c2
-rw-r--r--plugins/sudoers/auth/securid5.c5
-rw-r--r--plugins/sudoers/auth/sia.c2
-rw-r--r--plugins/sudoers/auth/sudo_auth.h26
-rw-r--r--plugins/sudoers/match.c7
-rw-r--r--plugins/sudoers/pwutil.c42
-rw-r--r--plugins/sudoers/toke.c9
-rw-r--r--plugins/sudoers/toke.l9
18 files changed, 102 insertions, 49 deletions
diff --git a/plugins/sudoers/auth/API b/plugins/sudoers/auth/API
index d75829915..36096709a 100644
--- a/plugins/sudoers/auth/API
+++ b/plugins/sudoers/auth/API
@@ -14,7 +14,7 @@ typedef struct sudo_auth {
int (*init)(struct passwd *pw, sudo_auth *auth);
int (*setup)(struct passwd *pw, char **prompt, sudo_auth *auth);
- int (*verify)(struct passwd *pw, char *p, sudo_auth *auth, struct sudo_conv_callback *callback);
+ int (*verify)(struct passwd *pw, const char *p, sudo_auth *auth, struct sudo_conv_callback *callback);
int (*approval)(struct passwd *pw, sudo_auth *auth);
int (*cleanup)(struct passwd *pw, sudo_auth *auth, bool force);
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth);
diff --git a/plugins/sudoers/auth/afs.c b/plugins/sudoers/auth/afs.c
index d6239168a..29e9dde97 100644
--- a/plugins/sudoers/auth/afs.c
+++ b/plugins/sudoers/auth/afs.c
@@ -45,7 +45,7 @@
#include "check.h"
int
-sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_afs_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
struct ktc_encryptionKey afs_key;
struct ktc_token afs_token;
diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c
index 8a6ec794e..239c8f96c 100644
--- a/plugins/sudoers/auth/aix_auth.c
+++ b/plugins/sudoers/auth/aix_auth.c
@@ -229,7 +229,7 @@ sudo_aix_change_password(const char *user)
}
int
-sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_aix_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
{
char *pass, *message = NULL;
int result = 1, reenter = 0;
diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c
index c34785a3b..2d972887d 100644
--- a/plugins/sudoers/auth/bsdauth.c
+++ b/plugins/sudoers/auth/bsdauth.c
@@ -104,7 +104,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth)
}
int
-bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
+bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
{
char *pass;
char *s;
@@ -133,7 +133,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback);
} else {
pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_OFF, callback);
- if (pass && *pass == '\0') {
+ if (pass != NULL && *pass == '\0') {
if ((prompt = strrchr(s, '\n')))
prompt++;
else
@@ -141,12 +141,12 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con
/*
* Append '[echo on]' to the last line of the challenge and
- * reprompt with echo turned on.
+ * re-prompt with echo turned on.
*/
- len = strlen(prompt) - 1;
- while (isspace(prompt[len]) || prompt[len] == ':')
- prompt[len--] = '\0';
- if (asprintf(&s, "%s [echo on]: ", prompt) == -1) {
+ len = strlen(prompt);
+ while (len > 0 && (isspace((unsigned char)prompt[len - 1]) || prompt[len - 1] == ':'))
+ len--;
+ if (asprintf(&s, "%.*s [echo on]: ", (int)len, prompt) == -1) {
log_warningx(0, N_("unable to allocate memory"));
debug_return_int(AUTH_FATAL);
}
diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c
index f938c0c8d..bbee84236 100644
--- a/plugins/sudoers/auth/dce.c
+++ b/plugins/sudoers/auth/dce.c
@@ -59,7 +59,7 @@
static int check_dce_status(error_status_t, char *);
int
-sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_dce_verify(struct passwd *pw, const char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback)
{
struct passwd temp_pw;
sec_passwd_rec_t password_rec;
diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c
index e9f6b72c7..a8092dcef 100644
--- a/plugins/sudoers/auth/fwtk.c
+++ b/plugins/sudoers/auth/fwtk.c
@@ -82,7 +82,7 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth)
}
int
-sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_fwtk_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
{
char *pass; /* Password from the user */
char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */
diff --git a/plugins/sudoers/auth/kerb5.c b/plugins/sudoers/auth/kerb5.c
index b45421841..7992cf398 100644
--- a/plugins/sudoers/auth/kerb5.c
+++ b/plugins/sudoers/auth/kerb5.c
@@ -185,7 +185,7 @@ done:
#ifdef HAVE_KRB5_VERIFY_USER
int
-sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
krb5_context sudo_context;
krb5_principal princ;
@@ -202,7 +202,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_con
}
#else
int
-sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
krb5_context sudo_context;
krb5_principal princ;
diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c
index 4f6e89c85..693cef3d4 100644
--- a/plugins/sudoers/auth/pam.c
+++ b/plugins/sudoers/auth/pam.c
@@ -283,7 +283,7 @@ sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth)
#endif /* _AIX */
int
-sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_pam_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback)
{
const char *envccname;
const char *s;
diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c
index b2046eca2..636c07bab 100644
--- a/plugins/sudoers/auth/passwd.c
+++ b/plugins/sudoers/auth/passwd.c
@@ -61,9 +61,9 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth)
#ifdef HAVE_CRYPT
int
-sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
- char sav, *epass;
+ char des_pass[9], *epass;
char *pw_epasswd = auth->data;
size_t pw_len;
int matched = 0;
@@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
/*
* Truncate to 8 chars if standard DES since not all crypt()'s do this.
- * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
*/
- sav = pass[8];
pw_len = strlen(pw_epasswd);
- if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
- pass[8] = '\0';
+ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) {
+ strlcpy(des_pass, pass, sizeof(des_pass));
+ pass = des_pass;
+ }
/*
* Normal UN*X password check.
@@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
* only compare the first DESLEN characters in that case.
*/
epass = (char *) crypt(pass, pw_epasswd);
- pass[8] = sav;
if (epass != NULL) {
if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
matched = !strncmp(pw_epasswd, epass, DESLEN);
@@ -100,7 +99,7 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
}
#else
int
-sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
char *pw_passwd = auth->data;
int matched;
diff --git a/plugins/sudoers/auth/rfc1938.c b/plugins/sudoers/auth/rfc1938.c
index 2e4824c60..2065c52c0 100644
--- a/plugins/sudoers/auth/rfc1938.c
+++ b/plugins/sudoers/auth/rfc1938.c
@@ -126,11 +126,11 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
}
int
-sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_rfc1938_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
debug_decl(sudo_rfc1938_verify, SUDOERS_DEBUG_AUTH);
- if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0)
+ if (rfc1938verify((struct RFC1938 *) auth->data, (char *)pass) == 0)
debug_return_int(AUTH_SUCCESS);
else
debug_return_int(AUTH_FAILURE);
diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c
index 6980b75dc..49a4b4ea9 100644
--- a/plugins/sudoers/auth/secureware.c
+++ b/plugins/sudoers/auth/secureware.c
@@ -71,7 +71,7 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth)
}
int
-sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_secureware_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
{
char *pw_epasswd = auth->data;
char *epass = NULL;
diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c
index debf632a4..349a3117b 100644
--- a/plugins/sudoers/auth/securid5.c
+++ b/plugins/sudoers/auth/securid5.c
@@ -138,7 +138,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
*
* Arguments in:
* pw - struct passwd for username
- * pass - UNUSED
+ * prompt - UNUSED
* auth - sudo authentication structure for SecurID handle
*
* Results out:
@@ -146,9 +146,10 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
* incorrect authentication, fatal on errors
*/
int
-sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
+sudo_securid_verify(struct passwd *pw, const char *promp, sudo_auth *auth, struct sudo_conv_callback *callback)
{
SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
+ char *pass;
int ret;
debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH);
diff --git a/plugins/sudoers/auth/sia.c b/plugins/sudoers/auth/sia.c
index 4fc74592f..3327550ed 100644
--- a/plugins/sudoers/auth/sia.c
+++ b/plugins/sudoers/auth/sia.c
@@ -75,7 +75,7 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
}
int
-sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth,
+sudo_sia_verify(struct passwd *pw, const char *prompt, sudo_auth *auth,
struct sudo_conv_callback *callback)
{
SIAENTITY *siah = auth->data;
diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h
index de41e6fdc..031810466 100644
--- a/plugins/sudoers/auth/sudo_auth.h
+++ b/plugins/sudoers/auth/sudo_auth.h
@@ -33,7 +33,7 @@ typedef struct sudo_auth {
void *data; /* method-specific data pointer */
int (*init)(struct passwd *pw, struct sudo_auth *auth);
int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth);
- int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
+ int (*verify)(struct passwd *pw, const char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt);
int (*cleanup)(struct passwd *pw, struct sudo_auth *auth, bool force);
int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth);
@@ -60,44 +60,44 @@ extern sudo_conv_t sudo_conv;
/* Prototypes for standalone methods */
int bsdauth_init(struct passwd *pw, sudo_auth *auth);
-int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
+int bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_aix_init(struct passwd *pw, sudo_auth *auth);
-int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_aix_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth);
-int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_fwtk_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_pam_init(struct passwd *pw, sudo_auth *auth);
int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth);
-int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_pam_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt);
int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth);
int sudo_securid_init(struct passwd *pw, sudo_auth *auth);
int sudo_securid_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
-int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_securid_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
-int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_sia_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_sia_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth);
/* Prototypes for normal methods */
-int sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
-int sudo_dce_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_afs_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_dce_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_krb5_init(struct passwd *pw, sudo_auth *auth);
int sudo_krb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
-int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_passwd_init(struct passwd *pw, sudo_auth *auth);
-int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
int sudo_rfc1938_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
-int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_rfc1938_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_secureware_init(struct passwd *pw, sudo_auth *auth);
-int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
+int sudo_secureware_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force);
/* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */
diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c
index 9801f3894..e5634c4da 100644
--- a/plugins/sudoers/match.c
+++ b/plugins/sudoers/match.c
@@ -357,6 +357,10 @@ host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
matched = !m->negated;
break;
}
+ sudo_debug_printf(SUDO_DEBUG_DEBUG,
+ "host %s (%s) matches sudoers host %s%s: %s", lhost, shost,
+ m->negated ? "!" : "", m->name ? m->name : "ALL",
+ matched == true ? "true" : "false");
debug_return_int(matched);
}
@@ -430,9 +434,6 @@ hostname_matches(const char *shost, const char *lhost, const char *pattern)
} else {
rc = !strcasecmp(host, pattern);
}
- sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
- "host %s matches sudoers pattern %s: %s",
- host, pattern, rc ? "true" : "false");
debug_return_bool(rc);
}
diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c
index 88c7a4192..0ec718593 100644
--- a/plugins/sudoers/pwutil.c
+++ b/plugins/sudoers/pwutil.c
@@ -901,12 +901,44 @@ done:
debug_return_ptr(item->d.grlist);
}
+static void
+sudo_debug_group_list(const char *user, char * const *groups, int level)
+{
+ size_t i, len = 0;
+ debug_decl(sudo_debug_group_list, SUDOERS_DEBUG_NSS);
+
+ if (!sudo_debug_needed(level))
+ debug_return;
+
+ for (i = 0; groups[i] != NULL; i++) {
+ len += strlen(groups[i]) + 1;
+ }
+ if (len != 0) {
+ char *groupstr = malloc(len);
+ if (groupstr != NULL) {
+ char *cp = groupstr;
+ for (i = 0; groups[i] != NULL; i++) {
+ size_t n = snprintf(cp, len, "%s%s", i ? "," : "", groups[i]);
+ if (n >= len)
+ break;
+ cp += n;
+ len -= n;
+ }
+ sudo_debug_printf(level, "%s: %s", user, groupstr);
+ free(groupstr);
+ }
+ }
+ debug_return;
+}
+
int
sudo_set_grlist(struct passwd *pw, char * const *groups)
{
struct cache_item key, *item;
debug_decl(sudo_set_grlist, SUDOERS_DEBUG_NSS);
+ sudo_debug_group_list(pw->pw_name, groups, SUDO_DEBUG_DEBUG);
+
if (grlist_cache == NULL) {
grlist_cache = rbcreate(cmp_pwnam);
if (grlist_cache == NULL) {
@@ -937,7 +969,11 @@ sudo_set_grlist(struct passwd *pw, char * const *groups)
sudo_grlist_delref_item(item);
debug_return_int(-1);
}
+ } else {
+ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
+ "groups for user %s are already cached", pw->pw_name);
}
+
debug_return_int(0);
}
@@ -1008,6 +1044,8 @@ sudo_set_gidlist(struct passwd *pw, char * const *gids, unsigned int type)
struct cache_item key, *item;
debug_decl(sudo_set_gidlist, SUDOERS_DEBUG_NSS);
+ sudo_debug_group_list(pw->pw_name, gids, SUDO_DEBUG_DEBUG);
+
if (gidlist_cache == NULL) {
gidlist_cache = rbcreate(cmp_gidlist);
if (gidlist_cache == NULL) {
@@ -1039,7 +1077,11 @@ sudo_set_gidlist(struct passwd *pw, char * const *gids, unsigned int type)
sudo_gidlist_delref_item(item);
debug_return_int(-1);
}
+ } else {
+ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
+ "gids for user %s are already cached", pw->pw_name);
}
+
debug_return_int(0);
}
diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c
index 82c8423dc..10a7b97ec 100644
--- a/plugins/sudoers/toke.c
+++ b/plugins/sudoers/toke.c
@@ -5914,8 +5914,9 @@ sudoers_trace_print(const char *msg)
sudo_lbuf_append(&trace_lbuf, "%s", msg);
if (strchr(msg, '\n') != NULL)
{
+ /* We already parsed the newline so sudolineno is off by one. */
sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG,
- "%s:%d: %s", sudoers, sudolineno, trace_lbuf.buf);
+ "sudoerslex: %s:%d: %s", sudoers, sudolineno - 1, trace_lbuf.buf);
trace_lbuf.len = 0;
}
return 0;
@@ -5933,6 +5934,7 @@ sudoers_input(char *buf, yy_size_t max_size)
{
char *cp;
size_t avail = sudolinebuf.len - sudolinebuf.off;
+ debug_decl(sudoers_input, SUDOERS_DEBUG_PARSER);
/* Refill line buffer if needed. */
if (avail == 0) {
@@ -5977,6 +5979,9 @@ sudoers_eof:
sudolinebuf.buf[avail] = '\0';
}
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s:%d: %.*s", sudoers, sudolineno,
+ (int)(avail -1), sudolinebuf.buf);
+
sudolinebuf.len = avail;
sudolinebuf.off = 0;
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
@@ -5987,6 +5992,6 @@ sudoers_eof:
memcpy(buf, sudolinebuf.buf + sudolinebuf.off, avail);
sudolinebuf.off += avail;
- return avail;
+ debug_return_size_t(avail);
}
diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l
index c843162d3..2f062ff12 100644
--- a/plugins/sudoers/toke.l
+++ b/plugins/sudoers/toke.l
@@ -1367,8 +1367,9 @@ sudoers_trace_print(const char *msg)
sudo_lbuf_append(&trace_lbuf, "%s", msg);
if (strchr(msg, '\n') != NULL)
{
+ /* We already parsed the newline so sudolineno is off by one. */
sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG,
- "%s:%d: %s", sudoers, sudolineno, trace_lbuf.buf);
+ "sudoerslex: %s:%d: %s", sudoers, sudolineno - 1, trace_lbuf.buf);
trace_lbuf.len = 0;
}
return 0;
@@ -1386,6 +1387,7 @@ sudoers_input(char *buf, yy_size_t max_size)
{
char *cp;
size_t avail = sudolinebuf.len - sudolinebuf.off;
+ debug_decl(sudoers_input, SUDOERS_DEBUG_PARSER);
/* Refill line buffer if needed. */
if (avail == 0) {
@@ -1430,6 +1432,9 @@ sudoers_eof:
sudolinebuf.buf[avail] = '\0';
}
+ sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s:%d: %.*s", sudoers, sudolineno,
+ (int)(avail -1), sudolinebuf.buf);
+
sudolinebuf.len = avail;
sudolinebuf.off = 0;
sudolinebuf.toke_start = sudolinebuf.toke_end = 0;
@@ -1440,5 +1445,5 @@ sudoers_eof:
memcpy(buf, sudolinebuf.buf + sudolinebuf.off, avail);
sudolinebuf.off += avail;
- return avail;
+ debug_return_size_t(avail);
}
View Lorry Controller Status