diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/sudoers/auth/API | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/afs.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/aix_auth.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/bsdauth.c | 14 | ||||
-rw-r--r-- | plugins/sudoers/auth/dce.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/fwtk.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/kerb5.c | 4 | ||||
-rw-r--r-- | plugins/sudoers/auth/pam.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/passwd.c | 15 | ||||
-rw-r--r-- | plugins/sudoers/auth/rfc1938.c | 4 | ||||
-rw-r--r-- | plugins/sudoers/auth/secureware.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/securid5.c | 5 | ||||
-rw-r--r-- | plugins/sudoers/auth/sia.c | 2 | ||||
-rw-r--r-- | plugins/sudoers/auth/sudo_auth.h | 26 | ||||
-rw-r--r-- | plugins/sudoers/match.c | 7 | ||||
-rw-r--r-- | plugins/sudoers/pwutil.c | 42 | ||||
-rw-r--r-- | plugins/sudoers/toke.c | 9 | ||||
-rw-r--r-- | plugins/sudoers/toke.l | 9 |
18 files changed, 102 insertions, 49 deletions
diff --git a/plugins/sudoers/auth/API b/plugins/sudoers/auth/API index d75829915..36096709a 100644 --- a/plugins/sudoers/auth/API +++ b/plugins/sudoers/auth/API @@ -14,7 +14,7 @@ typedef struct sudo_auth { int (*init)(struct passwd *pw, sudo_auth *auth); int (*setup)(struct passwd *pw, char **prompt, sudo_auth *auth); - int (*verify)(struct passwd *pw, char *p, sudo_auth *auth, struct sudo_conv_callback *callback); + int (*verify)(struct passwd *pw, const char *p, sudo_auth *auth, struct sudo_conv_callback *callback); int (*approval)(struct passwd *pw, sudo_auth *auth); int (*cleanup)(struct passwd *pw, sudo_auth *auth, bool force); int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); diff --git a/plugins/sudoers/auth/afs.c b/plugins/sudoers/auth/afs.c index d6239168a..29e9dde97 100644 --- a/plugins/sudoers/auth/afs.c +++ b/plugins/sudoers/auth/afs.c @@ -45,7 +45,7 @@ #include "check.h" int -sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_afs_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { struct ktc_encryptionKey afs_key; struct ktc_token afs_token; diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c index 8a6ec794e..239c8f96c 100644 --- a/plugins/sudoers/auth/aix_auth.c +++ b/plugins/sudoers/auth/aix_auth.c @@ -229,7 +229,7 @@ sudo_aix_change_password(const char *user) } int -sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_aix_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { char *pass, *message = NULL; int result = 1, reenter = 0; diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index c34785a3b..2d972887d 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -104,7 +104,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) } int -bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) +bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { char *pass; char *s; @@ -133,7 +133,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con pass = auth_getpass(prompt, SUDO_CONV_PROMPT_ECHO_OFF, callback); } else { pass = auth_getpass(s, SUDO_CONV_PROMPT_ECHO_OFF, callback); - if (pass && *pass == '\0') { + if (pass != NULL && *pass == '\0') { if ((prompt = strrchr(s, '\n'))) prompt++; else @@ -141,12 +141,12 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_con /* * Append '[echo on]' to the last line of the challenge and - * reprompt with echo turned on. + * re-prompt with echo turned on. */ - len = strlen(prompt) - 1; - while (isspace(prompt[len]) || prompt[len] == ':') - prompt[len--] = '\0'; - if (asprintf(&s, "%s [echo on]: ", prompt) == -1) { + len = strlen(prompt); + while (len > 0 && (isspace((unsigned char)prompt[len - 1]) || prompt[len - 1] == ':')) + len--; + if (asprintf(&s, "%.*s [echo on]: ", (int)len, prompt) == -1) { log_warningx(0, N_("unable to allocate memory")); debug_return_int(AUTH_FATAL); } diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c index f938c0c8d..bbee84236 100644 --- a/plugins/sudoers/auth/dce.c +++ b/plugins/sudoers/auth/dce.c @@ -59,7 +59,7 @@ static int check_dce_status(error_status_t, char *); int -sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_dce_verify(struct passwd *pw, const char *plain_pw, sudo_auth *auth, struct sudo_conv_callback *callback) { struct passwd temp_pw; sec_passwd_rec_t password_rec; diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c index e9f6b72c7..a8092dcef 100644 --- a/plugins/sudoers/auth/fwtk.c +++ b/plugins/sudoers/auth/fwtk.c @@ -82,7 +82,7 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth) } int -sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_fwtk_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { char *pass; /* Password from the user */ char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */ diff --git a/plugins/sudoers/auth/kerb5.c b/plugins/sudoers/auth/kerb5.c index b45421841..7992cf398 100644 --- a/plugins/sudoers/auth/kerb5.c +++ b/plugins/sudoers/auth/kerb5.c @@ -185,7 +185,7 @@ done: #ifdef HAVE_KRB5_VERIFY_USER int -sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { krb5_context sudo_context; krb5_principal princ; @@ -202,7 +202,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_con } #else int -sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { krb5_context sudo_context; krb5_principal princ; diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 4f6e89c85..693cef3d4 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -283,7 +283,7 @@ sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth) #endif /* _AIX */ int -sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_pam_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { const char *envccname; const char *s; diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index b2046eca2..636c07bab 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -61,9 +61,9 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) #ifdef HAVE_CRYPT int -sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { - char sav, *epass; + char des_pass[9], *epass; char *pw_epasswd = auth->data; size_t pw_len; int matched = 0; @@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c /* * Truncate to 8 chars if standard DES since not all crypt()'s do this. - * If this turns out not to be safe we will have to use OS #ifdef's (sigh). */ - sav = pass[8]; pw_len = strlen(pw_epasswd); - if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) - pass[8] = '\0'; + if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { + strlcpy(des_pass, pass, sizeof(des_pass)); + pass = des_pass; + } /* * Normal UN*X password check. @@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c * only compare the first DESLEN characters in that case. */ epass = (char *) crypt(pass, pw_epasswd); - pass[8] = sav; if (epass != NULL) { if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) matched = !strncmp(pw_epasswd, epass, DESLEN); @@ -100,7 +99,7 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c } #else int -sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { char *pw_passwd = auth->data; int matched; diff --git a/plugins/sudoers/auth/rfc1938.c b/plugins/sudoers/auth/rfc1938.c index 2e4824c60..2065c52c0 100644 --- a/plugins/sudoers/auth/rfc1938.c +++ b/plugins/sudoers/auth/rfc1938.c @@ -126,11 +126,11 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) } int -sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_rfc1938_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { debug_decl(sudo_rfc1938_verify, SUDOERS_DEBUG_AUTH); - if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0) + if (rfc1938verify((struct RFC1938 *) auth->data, (char *)pass) == 0) debug_return_int(AUTH_SUCCESS); else debug_return_int(AUTH_FAILURE); diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c index 6980b75dc..49a4b4ea9 100644 --- a/plugins/sudoers/auth/secureware.c +++ b/plugins/sudoers/auth/secureware.c @@ -71,7 +71,7 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth) } int -sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_secureware_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { char *pw_epasswd = auth->data; char *epass = NULL; diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c index debf632a4..349a3117b 100644 --- a/plugins/sudoers/auth/securid5.c +++ b/plugins/sudoers/auth/securid5.c @@ -138,7 +138,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) * * Arguments in: * pw - struct passwd for username - * pass - UNUSED + * prompt - UNUSED * auth - sudo authentication structure for SecurID handle * * Results out: @@ -146,9 +146,10 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) * incorrect authentication, fatal on errors */ int -sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) +sudo_securid_verify(struct passwd *pw, const char *promp, sudo_auth *auth, struct sudo_conv_callback *callback) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; + char *pass; int ret; debug_decl(sudo_securid_verify, SUDOERS_DEBUG_AUTH); diff --git a/plugins/sudoers/auth/sia.c b/plugins/sudoers/auth/sia.c index 4fc74592f..3327550ed 100644 --- a/plugins/sudoers/auth/sia.c +++ b/plugins/sudoers/auth/sia.c @@ -75,7 +75,7 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth) } int -sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth, +sudo_sia_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback) { SIAENTITY *siah = auth->data; diff --git a/plugins/sudoers/auth/sudo_auth.h b/plugins/sudoers/auth/sudo_auth.h index de41e6fdc..031810466 100644 --- a/plugins/sudoers/auth/sudo_auth.h +++ b/plugins/sudoers/auth/sudo_auth.h @@ -33,7 +33,7 @@ typedef struct sudo_auth { void *data; /* method-specific data pointer */ int (*init)(struct passwd *pw, struct sudo_auth *auth); int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth); - int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback); + int (*verify)(struct passwd *pw, const char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback); int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt); int (*cleanup)(struct passwd *pw, struct sudo_auth *auth, bool force); int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); @@ -60,44 +60,44 @@ extern sudo_conv_t sudo_conv; /* Prototypes for standalone methods */ int bsdauth_init(struct passwd *pw, sudo_auth *auth); -int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); +int bsdauth_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt); int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_aix_init(struct passwd *pw, sudo_auth *auth); -int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_aix_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth); -int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_fwtk_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_pam_init(struct passwd *pw, sudo_auth *auth); int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth); -int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_pam_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt); int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth); int sudo_securid_init(struct passwd *pw, sudo_auth *auth); int sudo_securid_setup(struct passwd *pw, char **prompt, sudo_auth *auth); -int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_securid_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth); -int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_sia_verify(struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_sia_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); /* Prototypes for normal methods */ -int sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); -int sudo_dce_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_afs_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_dce_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_krb5_init(struct passwd *pw, sudo_auth *auth); int sudo_krb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth); -int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_krb5_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_passwd_init(struct passwd *pw, sudo_auth *auth); -int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_passwd_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force); int sudo_rfc1938_setup(struct passwd *pw, char **prompt, sudo_auth *auth); -int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_rfc1938_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_secureware_init(struct passwd *pw, sudo_auth *auth); -int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); +int sudo_secureware_verify(struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force); /* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */ diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index 9801f3894..e5634c4da 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -357,6 +357,10 @@ host_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw, matched = !m->negated; break; } + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "host %s (%s) matches sudoers host %s%s: %s", lhost, shost, + m->negated ? "!" : "", m->name ? m->name : "ALL", + matched == true ? "true" : "false"); debug_return_int(matched); } @@ -430,9 +434,6 @@ hostname_matches(const char *shost, const char *lhost, const char *pattern) } else { rc = !strcasecmp(host, pattern); } - sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "host %s matches sudoers pattern %s: %s", - host, pattern, rc ? "true" : "false"); debug_return_bool(rc); } diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index 88c7a4192..0ec718593 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -901,12 +901,44 @@ done: debug_return_ptr(item->d.grlist); } +static void +sudo_debug_group_list(const char *user, char * const *groups, int level) +{ + size_t i, len = 0; + debug_decl(sudo_debug_group_list, SUDOERS_DEBUG_NSS); + + if (!sudo_debug_needed(level)) + debug_return; + + for (i = 0; groups[i] != NULL; i++) { + len += strlen(groups[i]) + 1; + } + if (len != 0) { + char *groupstr = malloc(len); + if (groupstr != NULL) { + char *cp = groupstr; + for (i = 0; groups[i] != NULL; i++) { + size_t n = snprintf(cp, len, "%s%s", i ? "," : "", groups[i]); + if (n >= len) + break; + cp += n; + len -= n; + } + sudo_debug_printf(level, "%s: %s", user, groupstr); + free(groupstr); + } + } + debug_return; +} + int sudo_set_grlist(struct passwd *pw, char * const *groups) { struct cache_item key, *item; debug_decl(sudo_set_grlist, SUDOERS_DEBUG_NSS); + sudo_debug_group_list(pw->pw_name, groups, SUDO_DEBUG_DEBUG); + if (grlist_cache == NULL) { grlist_cache = rbcreate(cmp_pwnam); if (grlist_cache == NULL) { @@ -937,7 +969,11 @@ sudo_set_grlist(struct passwd *pw, char * const *groups) sudo_grlist_delref_item(item); debug_return_int(-1); } + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "groups for user %s are already cached", pw->pw_name); } + debug_return_int(0); } @@ -1008,6 +1044,8 @@ sudo_set_gidlist(struct passwd *pw, char * const *gids, unsigned int type) struct cache_item key, *item; debug_decl(sudo_set_gidlist, SUDOERS_DEBUG_NSS); + sudo_debug_group_list(pw->pw_name, gids, SUDO_DEBUG_DEBUG); + if (gidlist_cache == NULL) { gidlist_cache = rbcreate(cmp_gidlist); if (gidlist_cache == NULL) { @@ -1039,7 +1077,11 @@ sudo_set_gidlist(struct passwd *pw, char * const *gids, unsigned int type) sudo_gidlist_delref_item(item); debug_return_int(-1); } + } else { + sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, + "gids for user %s are already cached", pw->pw_name); } + debug_return_int(0); } diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 82c8423dc..10a7b97ec 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -5914,8 +5914,9 @@ sudoers_trace_print(const char *msg) sudo_lbuf_append(&trace_lbuf, "%s", msg); if (strchr(msg, '\n') != NULL) { + /* We already parsed the newline so sudolineno is off by one. */ sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG, - "%s:%d: %s", sudoers, sudolineno, trace_lbuf.buf); + "sudoerslex: %s:%d: %s", sudoers, sudolineno - 1, trace_lbuf.buf); trace_lbuf.len = 0; } return 0; @@ -5933,6 +5934,7 @@ sudoers_input(char *buf, yy_size_t max_size) { char *cp; size_t avail = sudolinebuf.len - sudolinebuf.off; + debug_decl(sudoers_input, SUDOERS_DEBUG_PARSER); /* Refill line buffer if needed. */ if (avail == 0) { @@ -5977,6 +5979,9 @@ sudoers_eof: sudolinebuf.buf[avail] = '\0'; } + sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s:%d: %.*s", sudoers, sudolineno, + (int)(avail -1), sudolinebuf.buf); + sudolinebuf.len = avail; sudolinebuf.off = 0; sudolinebuf.toke_start = sudolinebuf.toke_end = 0; @@ -5987,6 +5992,6 @@ sudoers_eof: memcpy(buf, sudolinebuf.buf + sudolinebuf.off, avail); sudolinebuf.off += avail; - return avail; + debug_return_size_t(avail); } diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index c843162d3..2f062ff12 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -1367,8 +1367,9 @@ sudoers_trace_print(const char *msg) sudo_lbuf_append(&trace_lbuf, "%s", msg); if (strchr(msg, '\n') != NULL) { + /* We already parsed the newline so sudolineno is off by one. */ sudo_debug_printf2(NULL, NULL, 0, SUDOERS_DEBUG_PARSER|SUDO_DEBUG_DEBUG, - "%s:%d: %s", sudoers, sudolineno, trace_lbuf.buf); + "sudoerslex: %s:%d: %s", sudoers, sudolineno - 1, trace_lbuf.buf); trace_lbuf.len = 0; } return 0; @@ -1386,6 +1387,7 @@ sudoers_input(char *buf, yy_size_t max_size) { char *cp; size_t avail = sudolinebuf.len - sudolinebuf.off; + debug_decl(sudoers_input, SUDOERS_DEBUG_PARSER); /* Refill line buffer if needed. */ if (avail == 0) { @@ -1430,6 +1432,9 @@ sudoers_eof: sudolinebuf.buf[avail] = '\0'; } + sudo_debug_printf(SUDO_DEBUG_DEBUG, "%s:%d: %.*s", sudoers, sudolineno, + (int)(avail -1), sudolinebuf.buf); + sudolinebuf.len = avail; sudolinebuf.off = 0; sudolinebuf.toke_start = sudolinebuf.toke_end = 0; @@ -1440,5 +1445,5 @@ sudoers_eof: memcpy(buf, sudolinebuf.buf + sudolinebuf.off, avail); sudolinebuf.off += avail; - return avail; + debug_return_size_t(avail); } |