Refactor common alias code out of cvtsudoers and visudo and into alias.c.

2025-08-31 14:25:15 +00:00 · 2018-04-02 07:41:09 -06:00
parent dbd5613b1a
commit 18ba38ef4c
4 changed files with 124 additions and 192 deletions
--- a/plugins/sudoers/alias.c
+++ b/plugins/sudoers/alias.c
@@ -237,3 +237,109 @@ alias_type_to_string(int alias_type)
 	alias_type == RUNASALIAS ? "Runas_Alias" :
 	"Invalid_Alias";
 }
+
+/*
+ * Remove the alias of the specified type as well as any other aliases
+ * referenced by that alias.  Stores removed aliases in a freelist.
+ */
+static bool
+alias_remove_recursive(char *name, int type, struct rbtree *freelist)
+{
+    struct member *m;
+    struct alias *a;
+    bool ret = true;
+    debug_decl(alias_remove_recursive, SUDOERS_DEBUG_ALIAS)
+
+    if ((a = alias_remove(name, type)) != NULL) {
+	TAILQ_FOREACH(m, &a->members, entries) {
+	    if (m->type == ALIAS) {
+		if (!alias_remove_recursive(m->name, type, freelist))
+		    ret = false;
+	    }
+	}
+	if (rbinsert(freelist, a, NULL) != 0)
+	    ret = false;
+    }
+    debug_return_bool(ret);
+}
+
+/*
+ * Move all aliases referenced by userspecs to used_aliases.
+ */
+bool
+alias_find_used(struct rbtree *used_aliases)
+{
+    struct privilege *priv;
+    struct userspec *us;
+    struct cmndspec *cs;
+    struct defaults *d;
+    struct member *m;
+    int atype, errors = 0;
+    debug_decl(alias_find_used, SUDOERS_DEBUG_ALIAS)
+
+    /* Move referenced aliases to used_aliases. */
+    TAILQ_FOREACH(us, &userspecs, entries) {
+	TAILQ_FOREACH(m, &us->users, entries) {
+	    if (m->type == ALIAS) {
+		if (!alias_remove_recursive(m->name, USERALIAS, used_aliases))
+		    errors++;
+	    }
+	}
+	TAILQ_FOREACH(priv, &us->privileges, entries) {
+	    TAILQ_FOREACH(m, &priv->hostlist, entries) {
+		if (m->type == ALIAS) {
+		    if (!alias_remove_recursive(m->name, HOSTALIAS, used_aliases))
+			errors++;
+		}
+	    }
+	    TAILQ_FOREACH(cs, &priv->cmndlist, entries) {
+		if (cs->runasuserlist != NULL) {
+		    TAILQ_FOREACH(m, cs->runasuserlist, entries) {
+			if (m->type == ALIAS) {
+			    if (!alias_remove_recursive(m->name, RUNASALIAS, used_aliases))
+				errors++;
+			}
+		    }
+		}
+		if (cs->runasgrouplist != NULL) {
+		    TAILQ_FOREACH(m, cs->runasgrouplist, entries) {
+			if (m->type == ALIAS) {
+			    if (!alias_remove_recursive(m->name, RUNASALIAS, used_aliases))
+				errors++;
+			}
+		    }
+		}
+		if ((m = cs->cmnd)->type == ALIAS) {
+		    if (!alias_remove_recursive(m->name, CMNDALIAS, used_aliases))
+			errors++;
+		}
+	    }
+	}
+    }
+    TAILQ_FOREACH(d, &defaults, entries) {
+	switch (d->type) {
+	    case DEFAULTS_HOST:
+		atype = HOSTALIAS;
+		break;
+	    case DEFAULTS_USER:
+		atype = USERALIAS;
+		break;
+	    case DEFAULTS_RUNAS:
+		atype = RUNASALIAS;
+		break;
+	    case DEFAULTS_CMND:
+		atype = CMNDALIAS;
+		break;
+	    default:
+		continue; /* not an alias */
+	}
+	TAILQ_FOREACH(m, d->binding, entries) {
+	    if (m->type == ALIAS) {
+		if (!alias_remove_recursive(m->name, atype, used_aliases))
+		    errors++;
+	    }
+	}
+    }
+
+    debug_return_int(errors ? false : true);
+}