diff --git a/common/Makefile.in b/common/Makefile.in index 598834e6e..dd9dc8908 100644 --- a/common/Makefile.in +++ b/common/Makefile.in @@ -43,7 +43,7 @@ DEFS = @OSDEFS@ SHELL = @SHELL@ LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \ - setgroups.lo sudo_debug.lo term.lo zero_bytes.lo @COMMON_OBJS@ + setgroups.lo sudo_debug.lo term.lo zero_bytes.lo @COMMON_OBJS@ all: libcommon.la @@ -98,28 +98,32 @@ aix.lo: $(srcdir)/aix.c $(top_builddir)/config.h $(incdir)/missing.h \ alloc.lo: $(srcdir)/alloc.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/alloc.h $(incdir)/error.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/alloc.c -atobool.lo: $(srcdir)/atobool.c $(top_builddir)/config.h $(incdir)/missing.h +atobool.lo: $(srcdir)/atobool.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/atobool.c fileops.lo: $(srcdir)/fileops.c $(top_builddir)/config.h \ $(top_srcdir)/compat/timespec.h $(incdir)/missing.h \ - $(incdir)/fileops.h + $(incdir)/fileops.h $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/fileops.c fmt_string.lo: $(srcdir)/fmt_string.c $(top_builddir)/config.h \ - $(incdir)/missing.h + $(incdir)/missing.h $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/fmt_string.c lbuf.lo: $(srcdir)/lbuf.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(incdir)/alloc.h $(incdir)/error.h $(incdir)/lbuf.h + $(incdir)/alloc.h $(incdir)/error.h $(incdir)/lbuf.h \ + $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/lbuf.c list.lo: $(srcdir)/list.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/list.h $(incdir)/error.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/list.c -setgroups.lo: $(srcdir)/setgroups.c $(top_builddir)/config.h $(incdir)/missing.h +setgroups.lo: $(srcdir)/setgroups.c $(top_builddir)/config.h \ + $(incdir)/missing.h $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/setgroups.c sudo_debug.lo: $(srcdir)/sudo_debug.c $(top_builddir)/config.h \ - $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ - $(incdir)/gettext.h $(incdir)/sudo_debug.h + $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ + $(incdir)/gettext.h $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/sudo_debug.c -term.lo: $(srcdir)/term.c $(top_builddir)/config.h $(incdir)/missing.h +term.lo: $(srcdir)/term.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/term.c zero_bytes.lo: $(srcdir)/zero_bytes.c $(top_builddir)/config.h \ $(incdir)/missing.h diff --git a/common/atobool.c b/common/atobool.c index f22aae8a0..0a59be16a 100644 --- a/common/atobool.c +++ b/common/atobool.c @@ -39,10 +39,13 @@ #endif /* HAVE_STRINGS_H */ #include "missing.h" +#include "sudo_debug.h" int atobool(const char *str) { + debug_decl(atobool, SUDO_DEBUG_UTIL) + switch (*str) { case '0': case '1': @@ -78,4 +81,5 @@ atobool(const char *str) break; } return -1; + debug_return_int(-1); } diff --git a/common/fileops.c b/common/fileops.c index 38cc0c1c6..a4e69867c 100644 --- a/common/fileops.c +++ b/common/fileops.c @@ -49,6 +49,7 @@ #include "missing.h" #include "fileops.h" +#include "sudo_debug.h" #ifndef LINE_MAX # define LINE_MAX 2048 @@ -61,6 +62,8 @@ int touch(int fd, char *path, struct timeval *tvp) { struct timeval times[2]; + int rval = -1; + debug_decl(touch, SUDO_DEBUG_UTIL) if (tvp != NULL) { times[0].tv_sec = times[1].tv_sec = tvp->tv_sec; @@ -69,13 +72,12 @@ touch(int fd, char *path, struct timeval *tvp) #if defined(HAVE_FUTIME) || defined(HAVE_FUTIMES) if (fd != -1) - return futimes(fd, tvp ? times : NULL); + rval = futimes(fd, tvp ? times : NULL); else #endif if (path != NULL) - return utimes(path, tvp ? times : NULL); - else - return -1; + rval = utimes(path, tvp ? times : NULL); + debug_return_int(rval); } /* @@ -86,6 +88,7 @@ int lock_file(int fd, int lockit) { int op = 0; + debug_decl(lock_file, SUDO_DEBUG_UTIL) switch (lockit) { case SUDO_LOCK: @@ -98,13 +101,14 @@ lock_file(int fd, int lockit) op = F_ULOCK; break; } - return lockf(fd, op, 0) == 0; + debug_return_int(lockf(fd, op, 0) == 0); } #elif HAVE_FLOCK int lock_file(int fd, int lockit) { int op = 0; + debug_decl(lock_file, SUDO_DEBUG_UTIL) switch (lockit) { case SUDO_LOCK: @@ -117,7 +121,7 @@ lock_file(int fd, int lockit) op = LOCK_UN; break; } - return flock(fd, op) == 0; + debug_return_int(flock(fd, op) == 0); } #else int @@ -126,6 +130,7 @@ lock_file(int fd, int lockit) #ifdef F_SETLK int func; struct flock lock; + debug_decl(lock_file, SUDO_DEBUG_UTIL) lock.l_start = 0; lock.l_len = 0; @@ -134,7 +139,7 @@ lock_file(int fd, int lockit) lock.l_whence = SEEK_SET; func = (lockit == SUDO_LOCK) ? F_SETLKW : F_SETLK; - return fcntl(fd, func, &lock) == 0; + debug_return_int(fcntl(fd, func, &lock) == 0); #else return TRUE; #endif @@ -151,6 +156,7 @@ sudo_parseln(FILE *fp) size_t len; char *cp = NULL; static char buf[LINE_MAX]; + debug_decl(sudo_parseln, SUDO_DEBUG_UTIL) if (fgets(buf, sizeof(buf), fp) != NULL) { /* Remove comments */ @@ -164,5 +170,5 @@ sudo_parseln(FILE *fp) for (cp = buf; isblank((unsigned char)*cp); cp++) continue; } - return cp; + debug_return_str(cp); } diff --git a/common/fmt_string.c b/common/fmt_string.c index a9c723218..23bc5f72b 100644 --- a/common/fmt_string.c +++ b/common/fmt_string.c @@ -39,6 +39,7 @@ #endif /* HAVE_STRINGS_H */ #include "missing.h" +#include "sudo_debug.h" /* * Allocate storage for a name=value string and return it. @@ -49,6 +50,7 @@ fmt_string(const char *var, const char *val) size_t var_len = strlen(var); size_t val_len = strlen(val); char *cp, *str; + debug_decl(fmt_string, SUDO_DEBUG_UTIL) cp = str = malloc(var_len + 1 + val_len + 1); if (str != NULL) { @@ -60,5 +62,5 @@ fmt_string(const char *var, const char *val) *cp = '\0'; } - return str; + debug_return_str(str); } diff --git a/common/lbuf.c b/common/lbuf.c index dc2b7bfaf..4618b94b5 100644 --- a/common/lbuf.c +++ b/common/lbuf.c @@ -47,11 +47,14 @@ #include "alloc.h" #include "error.h" #include "lbuf.h" +#include "sudo_debug.h" void lbuf_init(struct lbuf *lbuf, int (*output)(const char *), int indent, const char *continuation, int cols) { + debug_decl(lbuf_init, SUDO_DEBUG_UTIL) + lbuf->output = output; lbuf->continuation = continuation; lbuf->indent = indent; @@ -59,13 +62,19 @@ lbuf_init(struct lbuf *lbuf, int (*output)(const char *), lbuf->len = 0; lbuf->size = 0; lbuf->buf = NULL; + + debug_return; } void lbuf_destroy(struct lbuf *lbuf) { + debug_decl(lbuf_destroy, SUDO_DEBUG_UTIL) + efree(lbuf->buf); lbuf->buf = NULL; + + debug_return; } /* @@ -78,6 +87,7 @@ lbuf_append_quoted(struct lbuf *lbuf, const char *set, const char *fmt, ...) va_list ap; int len; char *cp, *s = NULL; + debug_decl(lbuf_append_quoted, SUDO_DEBUG_UTIL) va_start(ap, fmt); while (*fmt != '\0') { @@ -118,6 +128,8 @@ lbuf_append_quoted(struct lbuf *lbuf, const char *set, const char *fmt, ...) } lbuf->buf[lbuf->len] = '\0'; va_end(ap); + + debug_return; } /* @@ -129,6 +141,7 @@ lbuf_append(struct lbuf *lbuf, const char *fmt, ...) va_list ap; int len; char *s = NULL; + debug_decl(lbuf_append, SUDO_DEBUG_UTIL) va_start(ap, fmt); while (*fmt != '\0') { @@ -155,6 +168,8 @@ lbuf_append(struct lbuf *lbuf, const char *fmt, ...) } lbuf->buf[lbuf->len] = '\0'; va_end(ap); + + debug_return; } static void @@ -162,6 +177,7 @@ lbuf_println(struct lbuf *lbuf, char *line, int len) { char *cp, save; int i, have, contlen; + debug_decl(lbuf_println, SUDO_DEBUG_UTIL) contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0; @@ -210,6 +226,8 @@ lbuf_println(struct lbuf *lbuf, char *line, int len) } lbuf->output("\n"); } + + debug_return; } /* @@ -221,6 +239,7 @@ lbuf_print(struct lbuf *lbuf) { char *cp, *ep; int len; + debug_decl(lbuf_print, SUDO_DEBUG_UTIL) if (lbuf->buf == NULL || lbuf->len == 0) goto done; @@ -250,4 +269,6 @@ lbuf_print(struct lbuf *lbuf) done: lbuf->len = 0; /* reset the buffer for re-use. */ + + debug_return; } diff --git a/common/list.c b/common/list.c index 693317773..a656a6e8e 100644 --- a/common/list.c +++ b/common/list.c @@ -81,7 +81,7 @@ list2tq(void *vh, void *vl) if (l != NULL) { #ifdef DEBUG if (l->prev == NULL) { - warningx("list2tq called with non-semicircular list"); + warningx2("list2tq called with non-semicircular list"); abort(); } #endif diff --git a/common/setgroups.c b/common/setgroups.c index 2c42816f1..41df2256c 100644 --- a/common/setgroups.c +++ b/common/setgroups.c @@ -36,11 +36,13 @@ #include #include "missing.h" +#include "sudo_debug.h" int sudo_setgroups(int ngids, const GETGROUPS_T *gids) { int maxgids, rval; + debug_decl(sudo_setgroups, SUDO_DEBUG_UTIL) rval = setgroups(ngids, gids); if (rval == -1 && errno == EINVAL) { @@ -53,5 +55,5 @@ sudo_setgroups(int ngids, const GETGROUPS_T *gids) if (ngids > maxgids) rval = setgroups(maxgids, gids); } - return rval; + debug_return_int(rval); } diff --git a/common/term.c b/common/term.c index b8f03db0b..32d33bd6b 100644 --- a/common/term.c +++ b/common/term.c @@ -39,6 +39,7 @@ #include #include "missing.h" +#include "sudo_debug.h" #ifndef TCSASOFT # define TCSASOFT 0 @@ -69,21 +70,25 @@ int term_kill; int term_restore(int fd, int flush) { + debug_decl(term_restore, SUDO_DEBUG_UTIL) + if (changed) { int flags = TCSASOFT; flags |= flush ? TCSAFLUSH : TCSADRAIN; if (tcsetattr(fd, flags, &oterm) != 0) - return 0; + debug_return_int(0); changed = 0; } - return 1; + debug_return_int(1); } int term_noecho(int fd) { + debug_decl(term_noecho, SUDO_DEBUG_UTIL) + if (!changed && tcgetattr(fd, &oterm) != 0) - return 0; + debug_return_int(0); (void) memcpy(&term, &oterm, sizeof(term)); CLR(term.c_lflag, ECHO|ECHONL); #ifdef VSTATUS @@ -92,14 +97,16 @@ term_noecho(int fd) if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) { changed = 1; return 1; + debug_return_int(1); } - return 0; + debug_return_int(0); } int term_raw(int fd, int isig) { struct termios term; + debug_decl(term_raw, SUDO_DEBUG_UTIL) if (!changed && tcgetattr(fd, &oterm) != 0) return 0; @@ -114,14 +121,16 @@ term_raw(int fd, int isig) SET(term.c_lflag, ISIG); if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) { changed = 1; - return 1; + debug_return_int(1); } - return 0; + debug_return_int(0); } int term_cbreak(int fd) { + debug_decl(term_cbreak, SUDO_DEBUG_UTIL) + if (!changed && tcgetattr(fd, &oterm) != 0) return 0; (void) memcpy(&term, &oterm, sizeof(term)); @@ -137,19 +146,20 @@ term_cbreak(int fd) term_erase = term.c_cc[VERASE]; term_kill = term.c_cc[VKILL]; changed = 1; - return 1; + debug_return_int(1); } - return 0; + debug_return_int(0); } int term_copy(int src, int dst) { struct termios tt; + debug_decl(term_copy, SUDO_DEBUG_UTIL) if (tcgetattr(src, &tt) != 0) - return 0; + debug_return_int(0); if (tcsetattr(dst, TCSANOW|TCSASOFT, &tt) != 0) - return 0; - return 1; + debug_return_int(0); + debug_return_int(1); } diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 3a0cddc11..e5af9d128 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -355,32 +355,37 @@ afs.lo: $(authdir)/afs.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/afs.c aix_auth.lo: $(authdir)/aix_auth.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/aix_auth.c alias.lo: $(srcdir)/alias.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/gram.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/redblack.h \ + $(srcdir)/gram.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/alias.c audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(srcdir)/logging.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h + $(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \ + $(srcdir)/linux_audit.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/audit.c -boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h +boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/boottime.c bsdauth.lo: $(authdir)/bsdauth.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/bsdauth.c bsm_audit.lo: $(srcdir)/bsm_audit.c $(top_builddir)/config.h \ $(srcdir)/bsm_audit.h @@ -389,15 +394,16 @@ check.lo: $(srcdir)/check.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/check.c check_addr.o: $(srcdir)/regress/parser/check_addr.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h $(srcdir)/parse.h \ - $(srcdir)/interfaces.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/interfaces.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_addr.c check_fill.o: $(srcdir)/regress/parser/check_fill.c $(top_builddir)/config.h \ $(incdir)/list.h $(srcdir)/parse.h $(srcdir)/toke.h \ @@ -410,7 +416,8 @@ check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \ $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h \ $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ - $(incdir)/gettext.h $(srcdir)/def_data.c + $(incdir)/sudo_debug.h $(incdir)/gettext.h \ + $(srcdir)/def_data.c $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/regress/iolog_path/check_iolog_path.c check_wrap.o: $(srcdir)/regress/logging/check_wrap.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h @@ -419,20 +426,23 @@ dce.lo: $(authdir)/dce.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/dce.c defaults.lo: $(srcdir)/defaults.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/parse.h $(srcdir)/gram.h $(srcdir)/def_data.c + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/parse.h \ + $(srcdir)/gram.h $(srcdir)/def_data.c $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/defaults.c env.lo: $(srcdir)/env.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/env.c error.o: $(top_srcdir)/src/error.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/gettext.h @@ -442,14 +452,15 @@ find_path.lo: $(srcdir)/find_path.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/find_path.c find_path.o: find_path.lo fwtk.lo: $(authdir)/fwtk.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/fwtk.c getdate.o: $(devdir)/getdate.c $(top_builddir)/config.h \ $(top_builddir)/config.h $(incdir)/missing.h @@ -459,13 +470,14 @@ getspwuid.lo: $(srcdir)/getspwuid.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/getspwuid.c goodpath.lo: $(srcdir)/goodpath.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/goodpath.c goodpath.o: goodpath.lo gram.lo: $(devdir)/gram.c $(top_builddir)/config.h $(top_builddir)/config.h \ @@ -473,7 +485,8 @@ gram.lo: $(devdir)/gram.c $(top_builddir)/config.h $(top_builddir)/config.h \ $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \ $(incdir)/fileops.h $(srcdir)/defaults.h $(srcdir)/def_data.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ - $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/parse.h \ + $(srcdir)/toke.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(devdir)/gram.c group_plugin.lo: $(srcdir)/group_plugin.c $(top_builddir)/config.h \ $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \ @@ -481,7 +494,8 @@ group_plugin.lo: $(srcdir)/group_plugin.c $(top_builddir)/config.h \ $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \ $(incdir)/fileops.h $(srcdir)/defaults.h $(srcdir)/def_data.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/group_plugin.c group_plugin.o: group_plugin.lo interfaces.lo: $(srcdir)/interfaces.c $(top_builddir)/config.h \ @@ -489,99 +503,109 @@ interfaces.lo: $(srcdir)/interfaces.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/interfaces.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/interfaces.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/interfaces.c interfaces.o: interfaces.lo iolog.lo: $(srcdir)/iolog.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/iolog.c iolog_path.lo: $(srcdir)/iolog_path.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/iolog_path.c iolog_path.o: iolog_path.lo kerb4.lo: $(authdir)/kerb4.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/kerb4.c kerb5.lo: $(authdir)/kerb5.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/kerb5.c ldap.lo: $(srcdir)/ldap.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/parse.h $(incdir)/lbuf.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(incdir)/lbuf.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/ldap.c linux_audit.lo: $(srcdir)/linux_audit.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ - $(incdir)/gettext.h $(srcdir)/linux_audit.h + $(incdir)/gettext.h $(incdir)/sudo_debug.h \ + $(srcdir)/linux_audit.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/linux_audit.c logging.lo: $(srcdir)/logging.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/logging.c logwrap.lo: $(srcdir)/logwrap.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/logwrap.c logwrap.o: logwrap.lo match.lo: $(srcdir)/match.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/parse.h $(srcdir)/gram.h $(top_srcdir)/compat/fnmatch.h \ - $(top_srcdir)/compat/glob.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/gram.h \ + $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/match.c match_addr.lo: $(srcdir)/match_addr.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/interfaces.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/interfaces.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/match_addr.c match_addr.o: match_addr.lo net_ifs.o: $(top_srcdir)/src/net_ifs.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ - $(incdir)/gettext.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(top_srcdir)/src/net_ifs.c pam.lo: $(authdir)/pam.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/pam.c parse.lo: $(srcdir)/parse.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/parse.h $(incdir)/lbuf.h $(srcdir)/gram.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(incdir)/lbuf.h \ + $(srcdir)/gram.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/parse.c passwd.lo: $(authdir)/passwd.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/passwd.c plugin_error.lo: $(srcdir)/plugin_error.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ @@ -591,76 +615,81 @@ pwutil.lo: $(srcdir)/pwutil.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/redblack.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/redblack.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/pwutil.c pwutil.o: pwutil.lo redblack.lo: $(srcdir)/redblack.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(incdir)/alloc.h $(srcdir)/redblack.h + $(incdir)/alloc.h $(incdir)/sudo_debug.h $(srcdir)/redblack.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/redblack.c redblack.o: redblack.lo rfc1938.lo: $(authdir)/rfc1938.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/rfc1938.c secureware.lo: $(authdir)/secureware.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/secureware.c securid.lo: $(authdir)/securid.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/securid.c securid5.lo: $(authdir)/securid5.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/securid5.c set_perms.lo: $(srcdir)/set_perms.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/set_perms.c sia.lo: $(authdir)/sia.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/sia.c sudo_auth.lo: $(authdir)/sudo_auth.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h $(srcdir)/insults.h \ - $(srcdir)/ins_2001.h $(srcdir)/ins_goons.h \ - $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/insults.h $(srcdir)/ins_2001.h \ + $(srcdir)/ins_goons.h $(srcdir)/ins_classic.h \ + $(srcdir)/ins_csops.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/sudo_auth.c sudo_nss.lo: $(srcdir)/sudo_nss.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(incdir)/lbuf.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(incdir)/lbuf.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/sudo_nss.c sudoers.lo: $(srcdir)/sudoers.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/interfaces.h $(srcdir)/sudoers_version.h \ - $(srcdir)/auth/sudo_auth.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/interfaces.h \ + $(srcdir)/sudoers_version.h $(srcdir)/auth/sudo_auth.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/sudoers.c sudoreplay.o: $(srcdir)/sudoreplay.c $(top_builddir)/config.h \ $(top_srcdir)/compat/timespec.h $(top_builddir)/pathnames.h \ @@ -673,9 +702,9 @@ testsudoers.o: $(srcdir)/testsudoers.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/interfaces.h $(srcdir)/parse.h $(srcdir)/gram.h \ - $(top_srcdir)/compat/fnmatch.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/interfaces.h $(srcdir)/parse.h \ + $(srcdir)/gram.h $(top_srcdir)/compat/fnmatch.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/testsudoers.c timestr.lo: $(srcdir)/timestr.c $(top_builddir)/config.h $(incdir)/missing.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/timestr.c @@ -684,15 +713,17 @@ toke.lo: $(devdir)/toke.c $(top_builddir)/config.h $(top_builddir)/config.h \ $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \ $(incdir)/fileops.h $(srcdir)/defaults.h $(srcdir)/def_data.h \ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \ - $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h $(srcdir)/gram.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/parse.h \ + $(srcdir)/toke.h $(srcdir)/gram.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(devdir)/toke.c toke_util.lo: $(srcdir)/toke_util.c $(top_builddir)/config.h \ $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h $(srcdir)/parse.h \ - $(srcdir)/toke.h $(srcdir)/gram.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h \ + $(srcdir)/gram.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/toke_util.c toke_util.o: toke_util.lo tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(top_builddir)/config.h \ @@ -701,13 +732,14 @@ tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(top_builddir)/config.h \ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \ $(srcdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ - $(incdir)/sudo_plugin.h $(incdir)/gettext.h + $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/tsgetgrpw.c visudo.o: $(srcdir)/visudo.c $(top_builddir)/config.h $(srcdir)/sudoers.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \ $(srcdir)/defaults.h $(srcdir)/def_data.h $(srcdir)/logging.h \ - $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h \ - $(srcdir)/interfaces.h $(srcdir)/parse.h $(srcdir)/redblack.h \ - $(incdir)/gettext.h $(srcdir)/sudoers_version.h $(srcdir)/gram.h + $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(srcdir)/interfaces.h $(srcdir)/parse.h \ + $(srcdir)/redblack.h $(incdir)/gettext.h $(srcdir)/sudoers_version.h \ + $(srcdir)/gram.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/visudo.c diff --git a/plugins/sudoers/alias.c b/plugins/sudoers/alias.c index 20f26451c..14ed9bf3d 100644 --- a/plugins/sudoers/alias.c +++ b/plugins/sudoers/alias.c @@ -62,6 +62,7 @@ alias_compare(const void *v1, const void *v2) const struct alias *a1 = (const struct alias *)v1; const struct alias *a2 = (const struct alias *)v2; int res; + debug_decl(alias_compare, SUDO_DEBUG_ALIAS) if (v1 == NULL) res = -1; @@ -69,7 +70,7 @@ alias_compare(const void *v1, const void *v2) res = 1; else if ((res = strcmp(a1->name, a2->name)) == 0) res = a1->type - a2->type; - return res; + debug_return_int(res); } /* @@ -82,6 +83,7 @@ alias_find(char *name, int type) struct alias key; struct rbnode *node; struct alias *a = NULL; + debug_decl(alias_find, SUDO_DEBUG_ALIAS) key.name = name; key.type = type; @@ -94,13 +96,13 @@ alias_find(char *name, int type) a = node->data; if (a->seqno == alias_seqno) { errno = ELOOP; - return NULL; + debug_return_ptr(NULL); } a->seqno = alias_seqno; } else { errno = ENOENT; } - return a; + debug_return_ptr(a); } /* @@ -112,6 +114,7 @@ alias_add(char *name, int type, struct member *members) { static char errbuf[512]; struct alias *a; + debug_decl(alias_add, SUDO_DEBUG_ALIAS) a = emalloc(sizeof(*a)); a->name = name; @@ -121,9 +124,9 @@ alias_add(char *name, int type, struct member *members) if (rbinsert(aliases, a)) { snprintf(errbuf, sizeof(errbuf), _("Alias `%s' already defined"), name); alias_free(a); - return errbuf; + debug_return_str(errbuf); } - return NULL; + debug_return_str(NULL); } /* @@ -132,7 +135,11 @@ alias_add(char *name, int type, struct member *members) void alias_apply(int (*func)(void *, void *), void *cookie) { + debug_decl(alias_apply, SUDO_DEBUG_ALIAS) + rbapply(aliases, func, cookie, inorder); + + debug_return; } /* @@ -141,7 +148,8 @@ alias_apply(int (*func)(void *, void *), void *cookie) int no_aliases(void) { - return rbisempty(aliases); + debug_decl(no_aliases, SUDO_DEBUG_ALIAS) + debug_return_int(rbisempty(aliases)); } /* @@ -154,6 +162,7 @@ alias_free(void *v) struct member *m; struct sudo_command *c; void *next; + debug_decl(alias_free, SUDO_DEBUG_ALIAS) efree(a->name); for (m = a->members.first; m != NULL; m = next) { @@ -167,6 +176,8 @@ alias_free(void *v) efree(m); } efree(a); + + debug_return; } /* @@ -177,6 +188,7 @@ alias_remove(char *name, int type) { struct rbnode *node; struct alias key; + debug_decl(alias_remove, SUDO_DEBUG_ALIAS) key.name = name; key.type = type; @@ -184,13 +196,17 @@ alias_remove(char *name, int type) errno = ENOENT; return NULL; } - return rbdelete(aliases, node); + debug_return_ptr(rbdelete(aliases, node)); } void init_aliases(void) { + debug_decl(init_aliases, SUDO_DEBUG_ALIAS) + if (aliases != NULL) rbdestroy(aliases, alias_free); aliases = rbcreate(alias_compare); + + debug_return; } diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c index c3d35a279..d2dcca353 100644 --- a/plugins/sudoers/audit.c +++ b/plugins/sudoers/audit.c @@ -30,6 +30,7 @@ #include "missing.h" #include "logging.h" +#include "sudo_debug.h" #ifdef HAVE_BSM_AUDIT # include "bsm_audit.h" @@ -41,31 +42,36 @@ void audit_success(char *exec_args[]) { - if (exec_args == NULL) - return; + debug_decl(audit_success, SUDO_DEBUG_AUDIT) + if (exec_args != NULL) { #ifdef HAVE_BSM_AUDIT - bsm_audit_success(exec_args); + bsm_audit_success(exec_args); #endif #ifdef HAVE_LINUX_AUDIT - linux_audit_command(exec_args, 1); + linux_audit_command(exec_args, 1); #endif + } + + debug_return; } void audit_failure(char *exec_args[], char const *const fmt, ...) { va_list ap; + debug_decl(audit_success, SUDO_DEBUG_AUDIT) - if (exec_args == NULL) - return; - - va_start(ap, fmt); + if (exec_args != NULL) { + va_start(ap, fmt); #ifdef HAVE_BSM_AUDIT - bsm_audit_failure(exec_args, fmt, ap); + bsm_audit_failure(exec_args, fmt, ap); #endif #ifdef HAVE_LINUX_AUDIT - linux_audit_command(exec_args, 0); + linux_audit_command(exec_args, 0); #endif - va_end(ap); + va_end(ap); + } + + debug_return; } diff --git a/plugins/sudoers/auth/afs.c b/plugins/sudoers/auth/afs.c index 389bd9d59..8a622e4c6 100644 --- a/plugins/sudoers/auth/afs.c +++ b/plugins/sudoers/auth/afs.c @@ -54,6 +54,7 @@ afs_verify(struct passwd *pw, char *pass, sudo_auth *auth) { struct ktc_encryptionKey afs_key; struct ktc_token afs_token; + debug_decl(afs_verify, SUDO_DEBUG_AUTH) /* Try to just check the password */ ka_StringToKey(pass, NULL, &afs_key); @@ -64,7 +65,7 @@ afs_verify(struct passwd *pw, char *pass, sudo_auth *auth) 0, /* lifetime */ &afs_token, /* token */ 0) == 0) /* new */ - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); /* Fall back on old method XXX - needed? */ setpag(); @@ -77,7 +78,7 @@ afs_verify(struct passwd *pw, char *pass, sudo_auth *auth) NULL, /* expiration ptr (unused) */ 0, /* spare */ NULL) == 0) /* reason */ - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c index 6abc48cc1..6b7eda40d 100644 --- a/plugins/sudoers/auth/aix_auth.c +++ b/plugins/sudoers/auth/aix_auth.c @@ -56,6 +56,7 @@ aixauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) char *pass, *message = NULL; int result = 1, reenter = 0; int rval = AUTH_SUCCESS; + debug_decl(aixauth_verify, SUDO_DEBUG_AUTH) do { pass = auth_getpass(prompt, def_passwd_timeout * 60, @@ -84,14 +85,16 @@ aixauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) rval = pass ? AUTH_FAILURE : AUTH_INTR; } efree(message); - return rval; + debug_return_int(rval); } int aixauth_cleanup(struct passwd *pw, sudo_auth *auth) { + debug_decl(aixauth_cleanup, SUDO_DEBUG_AUTH) + /* Unset AUTHSTATE as it may not be correct for the runas user. */ unsetenv("AUTHSTATE"); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index 60616e2bb..22c29b8e8 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -57,12 +57,13 @@ int bsdauth_init(struct passwd *pw, sudo_auth *auth) { static auth_session_t *as; - extern login_cap_t *lc; /* from sudo.c */ + extern login_cap_t *lc; /* from sudoers.c */ + debug_decl(bsdauth_init, SUDO_DEBUG_AUTH) if ((as = auth_open()) == NULL) { log_error(USE_ERRNO|NO_EXIT|NO_MAIL, _("unable to begin bsd authentication")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* XXX - maybe sanity check the auth style earlier? */ @@ -70,7 +71,7 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) if (login_style == NULL) { log_error(NO_EXIT|NO_MAIL, _("invalid authentication type")); auth_close(as); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } if (auth_setitem(as, AUTHV_STYLE, login_style) < 0 || @@ -78,11 +79,11 @@ bsdauth_init(struct passwd *pw, sudo_auth *auth) auth_setitem(as, AUTHV_CLASS, login_class) < 0) { log_error(NO_EXIT|NO_MAIL, _("unable to setup authentication")); auth_close(as); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } auth->data = (void *) as; - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int @@ -94,6 +95,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) int authok = 0; sigaction_t sa, osa; auth_session_t *as = (auth_session_t *) auth->data; + debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH) /* save old signal handler */ sigemptyset(&sa.sa_mask); @@ -140,22 +142,23 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) (void) sigaction(SIGCHLD, &osa, NULL); if (authok) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); if (!pass) - return AUTH_INTR; + debug_return_int(AUTH_INTR); if ((s = auth_getvalue(as, "errormsg")) != NULL) log_error(NO_EXIT|NO_MAIL, "%s", s); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) { auth_session_t *as = (auth_session_t *) auth->data; + debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH) auth_close(as); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c index a4ffd34ee..1df6ac063 100644 --- a/plugins/sudoers/auth/dce.c +++ b/plugins/sudoers/auth/dce.c @@ -75,6 +75,7 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) boolean32 reset_passwd; sec_login_auth_src_t auth_src; error_status_t status; + debug_decl(dce_verify, SUDO_DEBUG_AUTH) /* * Create the local context of the DCE principal necessary @@ -86,7 +87,7 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) sec_login_no_flags, &login_context, &status)) { if (check_dce_status(status, "sec_login_setup_identity(1):")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); password_rec.key.key_type = sec_passwd_plain; password_rec.key.tagged_union.plain = (idl_char *) plain_pw; @@ -98,7 +99,7 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) &reset_passwd, &auth_src, &status)) { if (check_dce_status(status, "sec_login_validate_identity(1):")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); /* * Certify that the DCE Security Server used to set @@ -108,10 +109,10 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) if (!sec_login_certify_identity(login_context, &status)) { (void) fprintf(stderr, "Whoa! Bogus authentication server!\n"); (void) check_dce_status(status,"sec_login_certify_identity(1):"); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } if (check_dce_status(status, "sec_login_certify_identity(2):")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); /* * Sets the network credentials to those specified @@ -119,7 +120,7 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) */ sec_login_set_context(login_context, &status); if (check_dce_status(status, "sec_login_set_context:")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); /* * Oops, your credentials were no good. Possibly @@ -129,13 +130,13 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) if (auth_src != sec_login_auth_src_network) { (void) fprintf(stderr, "You have no network credentials.\n"); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } /* Check if the password has aged and is thus no good */ if (reset_passwd) { (void) fprintf(stderr, "Your DCE password needs resetting.\n"); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } /* @@ -147,7 +148,7 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw, &status); if (check_dce_status(status, "sec_login_get_pwent:")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); /* * If we get to here, then the pwent above properly fetched @@ -169,17 +170,17 @@ dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) * somewhere later in the program. */ sec_login_purge_context(&login_context, &status); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } else { if(check_dce_status(status, "sec_login_validate_identity(2):")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); sec_login_purge_context(&login_context, &status); if(check_dce_status(status, "sec_login_purge_context:")) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } } (void) check_dce_status(status, "sec_login_setup_identity(2):"); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } /* Returns 0 for DCE "ok" status, 1 otherwise */ @@ -188,10 +189,11 @@ check_dce_status(error_status_t input_status, char *comment) { int error_stat; unsigned char error_string[dce_c_error_string_len]; + debug_decl(check_dce_status, SUDO_DEBUG_AUTH) if (input_status == rpc_s_ok) - return 0; + debug_return_bool(0); dce_error_inq_text(input_status, error_string, &error_stat); (void) fprintf(stderr, "%s %s\n", comment, error_string); - return 1; + debug_return_bool(1); } diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c index ebab9154a..f7adfed5a 100644 --- a/plugins/sudoers/auth/fwtk.c +++ b/plugins/sudoers/auth/fwtk.c @@ -54,28 +54,29 @@ fwtk_init(struct passwd *pw, sudo_auth *auth) { static Cfg *confp; /* Configuration entry struct */ char resp[128]; /* Response from the server */ + debug_decl(fwtk_init, SUDO_DEBUG_AUTH) if ((confp = cfg_read("sudo")) == (Cfg *)-1) { warningx(_("unable to read fwtk config")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } if (auth_open(confp)) { warningx(_("unable to connect to authentication server")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* Get welcome message from auth server */ if (auth_recv(resp, sizeof(resp))) { warningx(_("lost connection to authentication server")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } if (strncmp(resp, "Authsrv ready", 13) != 0) { warningx(_("authentication server error:\n%s"), resp); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int @@ -85,13 +86,14 @@ fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth) char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; + debug_decl(fwtk_verify, SUDO_DEBUG_AUTH) /* Send username to authentication server. */ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); restart: if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { warningx(_("lost connection to authentication server")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* Get the password/response from the user. */ @@ -114,10 +116,10 @@ restart: goto restart; } else { warningx("%s", resp); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } if (!pass) { /* ^C or error */ - return AUTH_INTR; + debug_return_int(AUTH_INTR); } /* Send the user's response to the server */ @@ -140,13 +142,14 @@ restart: done: zero_bytes(pass, strlen(pass)); zero_bytes(buf, strlen(buf)); - return error; + debug_return_int(error); } int fwtk_cleanup(struct passwd *pw, sudo_auth *auth) { + debug_decl(fwtk_cleanup, SUDO_DEBUG_AUTH) auth_close(); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/kerb4.c b/plugins/sudoers/auth/kerb4.c index c16739af4..dd4e9c99c 100644 --- a/plugins/sudoers/auth/kerb4.c +++ b/plugins/sudoers/auth/kerb4.c @@ -51,19 +51,20 @@ int kerb4_init(struct passwd *pw, sudo_auth *auth) { static char realm[REALM_SZ]; + debug_decl(kerb4_init, SUDO_DEBUG_AUTH) /* Don't try to verify root */ if (pw->pw_uid == 0) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); /* Get the local realm, or retrun failure (no krb.conf) */ if (krb_get_lrealm(realm, 1) != KSUCCESS) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); /* Stash a pointer to the realm (used in kerb4_verify) */ auth->data = (void *) realm; - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int @@ -72,6 +73,7 @@ kerb4_verify(struct passwd *pw, char *pass, sudo_auth *auth) char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN]; char *realm = (char *) auth->data; int error; + debug_decl(kerb4_verify, SUDO_DEBUG_AUTH) /* * Set the ticket file to be in sudo sudo timedir so we don't @@ -88,7 +90,7 @@ kerb4_verify(struct passwd *pw, char *pass, sudo_auth *auth) switch (error) { case INTK_OK: dest_tkt(); /* we are done with the temp ticket */ - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); break; case INTK_BADPW: case KDC_PR_UNKNOWN: @@ -98,5 +100,5 @@ kerb4_verify(struct passwd *pw, char *pass, sudo_auth *auth) krb_err_txt[error]); } - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } diff --git a/plugins/sudoers/auth/kerb5.c b/plugins/sudoers/auth/kerb5.c index f94865dd4..ce9dd551c 100644 --- a/plugins/sudoers/auth/kerb5.c +++ b/plugins/sudoers/auth/kerb5.c @@ -91,6 +91,7 @@ int kerb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { static char *krb5_prompt; + debug_decl(kerb5_init, SUDO_DEBUG_AUTH) if (krb5_prompt == NULL) { krb5_context sudo_context; @@ -109,7 +110,7 @@ kerb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) log_error(NO_EXIT|NO_MAIL, _("%s: unable to unparse princ ('%s'): %s"), auth->name, pw->pw_name, error_message(error)); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } /* Only rewrite prompt if user didn't specify their own. */ @@ -120,7 +121,7 @@ kerb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) } *promptp = krb5_prompt; - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int @@ -131,6 +132,7 @@ kerb5_init(struct passwd *pw, sudo_auth *auth) krb5_principal princ; krb5_error_code error; char cache_name[64]; + debug_decl(kerb5_init, SUDO_DEBUG_AUTH) auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ @@ -140,7 +142,7 @@ kerb5_init(struct passwd *pw, sudo_auth *auth) error = krb5_init_context(&(sudo_krb5_data.sudo_context)); #endif if (error) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); sudo_context = sudo_krb5_data.sudo_context; if ((error = krb5_parse_name(sudo_context, pw->pw_name, @@ -148,7 +150,7 @@ kerb5_init(struct passwd *pw, sudo_auth *auth) log_error(NO_EXIT|NO_MAIL, _("%s: unable to parse '%s': %s"), auth->name, pw->pw_name, error_message(error)); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } princ = sudo_krb5_data.princ; @@ -159,11 +161,11 @@ kerb5_init(struct passwd *pw, sudo_auth *auth) log_error(NO_EXIT|NO_MAIL, _("%s: unable to resolve ccache: %s"), auth->name, error_message(error)); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } ccache = sudo_krb5_data.ccache; - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } #ifdef HAVE_KRB5_VERIFY_USER @@ -174,13 +176,14 @@ kerb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) krb5_principal princ; krb5_ccache ccache; krb5_error_code error; + debug_decl(kerb5_verify, SUDO_DEBUG_AUTH) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; ccache = ((sudo_krb5_datap) auth->data)->ccache; error = krb5_verify_user(sudo_context, princ, ccache, pass, 1, NULL); - return error ? AUTH_FAILURE : AUTH_SUCCESS; + debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); } #else int @@ -192,6 +195,7 @@ kerb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) krb5_ccache ccache; krb5_error_code error; krb5_get_init_creds_opt *opts = NULL; + debug_decl(kerb5_verify, SUDO_DEBUG_AUTH) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -248,7 +252,7 @@ done: } if (creds) krb5_free_cred_contents(sudo_context, creds); - return error ? AUTH_FAILURE : AUTH_SUCCESS; + debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); } #endif @@ -258,6 +262,7 @@ kerb5_cleanup(struct passwd *pw, sudo_auth *auth) krb5_context sudo_context; krb5_principal princ; krb5_ccache ccache; + debug_decl(kerb5_cleanup, SUDO_DEBUG_AUTH) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -271,7 +276,7 @@ kerb5_cleanup(struct passwd *pw, sudo_auth *auth) krb5_free_context(sudo_context); } - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } #ifndef HAVE_KRB5_VERIFY_USER @@ -289,6 +294,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) krb5_error_code error; krb5_principal server; krb5_verify_init_creds_opt vopt; + debug_decl(verify_krb_v5_tgt, SUDO_DEBUG_AUTH) /* * Get the server principal for the local host. @@ -299,7 +305,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) log_error(NO_EXIT|NO_MAIL, _("%s: unable to get host principal: %s"), auth_name, error_message(error)); - return -1; + debug_return_int(-1); } /* Initialize verify opts and set secure mode */ @@ -314,6 +320,6 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) log_error(NO_EXIT|NO_MAIL, _("%s: Cannot verify TGT! Possible attack!: %s"), auth_name, error_message(error)); - return error; + debug_return_int(error); } #endif diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index 70e916e0e..dc297ab8f 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -84,6 +84,7 @@ pam_init(struct passwd *pw, sudo_auth *auth) { static struct pam_conv pam_conv; static int pam_status; + debug_decl(pam_init, SUDO_DEBUG_AUTH) /* Initial PAM setup */ if (auth != NULL) @@ -97,7 +98,7 @@ pam_init(struct passwd *pw, sudo_auth *auth) pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); if (pam_status != PAM_SUCCESS) { log_error(USE_ERRNO|NO_EXIT|NO_MAIL, _("unable to initialize PAM")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* @@ -119,7 +120,7 @@ pam_init(struct passwd *pw, sudo_auth *auth) else (void) pam_set_item(pamh, PAM_TTY, user_ttypath); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int @@ -127,6 +128,7 @@ pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { const char *s; int *pam_status = (int *) auth->data; + debug_decl(pam_verify, SUDO_DEBUG_AUTH) def_prompt = prompt; /* for converse */ @@ -137,44 +139,44 @@ pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth) *pam_status = pam_acct_mgmt(pamh, PAM_SILENT); switch (*pam_status) { case PAM_SUCCESS: - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); case PAM_AUTH_ERR: log_error(NO_EXIT|NO_MAIL, _("account validation failure, " "is your account locked?")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); case PAM_NEW_AUTHTOK_REQD: log_error(NO_EXIT|NO_MAIL, _("Account or password is " "expired, reset your password and try again")); *pam_status = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (*pam_status == PAM_SUCCESS) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); if ((s = pam_strerror(pamh, *pam_status))) log_error(NO_EXIT|NO_MAIL, _("pam_chauthtok: %s"), s); - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); case PAM_AUTHTOK_EXPIRED: log_error(NO_EXIT|NO_MAIL, _("Password expired, contact your system administrator")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); case PAM_ACCT_EXPIRED: log_error(NO_EXIT|NO_MAIL, _("Account expired or PAM config lacks an \"account\" " "section for sudo, contact your system administrator")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* FALLTHROUGH */ case PAM_AUTH_ERR: if (gotintr) { /* error or ^C from tgetpass() */ - return AUTH_INTR; + debug_return_int(AUTH_INTR); } case PAM_MAXTRIES: case PAM_PERM_DENIED: - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); default: if ((s = pam_strerror(pamh, *pam_status))) log_error(NO_EXIT|NO_MAIL, _("pam_authenticate: %s"), s); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } } @@ -182,20 +184,22 @@ int pam_cleanup(struct passwd *pw, sudo_auth *auth) { int *pam_status = (int *) auth->data; + debug_decl(pam_cleanup, SUDO_DEBUG_AUTH) /* If successful, we can't close the session until pam_end_session() */ if (*pam_status == AUTH_SUCCESS) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); *pam_status = pam_end(pamh, *pam_status | PAM_DATA_SILENT); pamh = NULL; - return *pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE; + return_debug_int(*pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE); } int pam_begin_session(struct passwd *pw, sudo_auth *auth) { int status = PAM_SUCCESS; + debug_decl(pam_begin_session, SUDO_DEBUG_AUTH) /* * If there is no valid user we cannot open a PAM session. @@ -235,13 +239,14 @@ pam_begin_session(struct passwd *pw, sudo_auth *auth) #endif done: - return status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE; + return_debug_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE); } int pam_end_session(struct passwd *pw, sudo_auth *auth) { int status = PAM_SUCCESS; + debug_decl(pam_end_session, SUDO_DEBUG_AUTH) if (pamh != NULL) { #ifndef NO_PAM_SESSION @@ -256,7 +261,7 @@ pam_end_session(struct passwd *pw, sudo_auth *auth) pamh = NULL; } - return status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE; + return_debug_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE); } /* @@ -272,9 +277,10 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, const char *prompt; char *pass; int n, type, std_prompt; + debug_decl(converse, SUDO_DEBUG_AUTH) if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) - return PAM_SYSTEM_ERR; + return_debug_int(PAM_SYSTEM_ERR); zero_bytes(*response, num_msg * sizeof(struct pam_response)); for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) { @@ -336,7 +342,7 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, } } - return PAM_SUCCESS; + return_debug_int(PAM_SUCCESS); err: /* Zero and free allocated memory and return an error. */ @@ -350,5 +356,5 @@ err: zero_bytes(*response, num_msg * sizeof(struct pam_response)); free(*response); *response = NULL; - return gotintr ? PAM_AUTH_ERR : PAM_CONV_ERR; + return_debug_int(gotintr ? PAM_AUTH_ERR : PAM_CONV_ERR); } diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index 1316acdae..d14130d03 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -51,14 +51,16 @@ int passwd_init(struct passwd *pw, sudo_auth *auth) { + debug_decl(passwd_init, SUDO_DEBUG_AUTH) + #ifdef HAVE_SKEYACCESS if (skeyaccess(pw, user_tty, NULL, NULL) == 0) - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); #endif sudo_setspent(); auth->data = sudo_getepw(pw); sudo_endspent(); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int @@ -68,6 +70,7 @@ passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) char *pw_epasswd = auth->data; size_t pw_len; int error; + debug_decl(passwd_verify, SUDO_DEBUG_AUTH) pw_len = strlen(pw_epasswd); @@ -75,7 +78,7 @@ passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) /* Ultrix shadow passwords may use crypt16() */ error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); if (!error) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); #endif /* HAVE_GETAUTHUID */ /* @@ -98,7 +101,7 @@ passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) else error = strcmp(pw_epasswd, epass); - return error ? AUTH_FAILURE : AUTH_SUCCESS; + debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); } int @@ -107,10 +110,11 @@ passwd_cleanup(pw, auth) sudo_auth *auth; { char *pw_epasswd = auth->data; + debug_decl(passwd_cleanup, SUDO_DEBUG_AUTH) if (pw_epasswd != NULL) { zero_bytes(pw_epasswd, strlen(pw_epasswd)); efree(pw_epasswd); } - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/rfc1938.c b/plugins/sudoers/auth/rfc1938.c index fe5b28f37..75f95cc5c 100644 --- a/plugins/sudoers/auth/rfc1938.c +++ b/plugins/sudoers/auth/rfc1938.c @@ -69,6 +69,7 @@ rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) static char *orig_prompt = NULL, *new_prompt = NULL; static int op_len, np_size; static struct RFC1938 rfc1938; + debug_decl(rfc1938_setup, SUDO_DEBUG_AUTH) /* Stash a pointer to the rfc1938 struct if we have not initialized */ if (!auth->data) @@ -101,9 +102,9 @@ rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) { if (IS_ONEANDONLY(auth)) { warningx(_("you do not exist in the %s database"), auth->name); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } else { - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } } @@ -120,15 +121,16 @@ rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) orig_prompt, challenge); *promptp = new_prompt; - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth) { + debug_decl(rfc1938_verify, SUDO_DEBUG_AUTH) if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); else - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c index 8a08da79f..3cb4e2614 100644 --- a/plugins/sudoers/auth/secureware.c +++ b/plugins/sudoers/auth/secureware.c @@ -57,41 +57,47 @@ secureware_init(struct passwd *pw, sudo_auth *auth) { #ifdef __alpha extern int crypt_type; + debug_decl(secureware_init, SUDO_DEBUG_AUTH) if (crypt_type == INT_MAX) - return AUTH_FAILURE; /* no shadow */ + debug_return_int(AUTH_FAILURE); /* no shadow */ +#else + debug_decl(secureware_init, SUDO_DEBUG_AUTH) #endif sudo_setspent(); auth->data = sudo_getepw(pw); sudo_endspent(); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char *pw_epasswd = auth->data; + debug_decl(secureware_verify, SUDO_DEBUG_AUTH) #ifdef __alpha - extern int crypt_type; + { + extern int crypt_type; # ifdef HAVE_DISPCRYPT - if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) - return AUTH_SUCCESS; + if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) + debug_return_int(AUTH_SUCCESS); # else - if (crypt_type == AUTH_CRYPT_BIGCRYPT) { - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - return AUTH_SUCCESS; - } else if (crypt_type == AUTH_CRYPT_CRYPT16) { - if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) - return AUTH_SUCCESS; + if (crypt_type == AUTH_CRYPT_BIGCRYPT) { + if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) + debug_return_int(AUTH_SUCCESS); + } else if (crypt_type == AUTH_CRYPT_CRYPT16) { + if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) + debug_return_int(AUTH_SUCCESS); + } } # endif /* HAVE_DISPCRYPT */ #elif defined(HAVE_BIGCRYPT) if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); #endif /* __alpha */ - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } int @@ -100,10 +106,11 @@ secureware_cleanup(pw, auth) sudo_auth *auth; { char *pw_epasswd = auth->data; + debug_decl(secureware_cleanup, SUDO_DEBUG_AUTH) if (pw_epasswd != NULL) { zero_bytes(pw_epasswd, strlen(pw_epasswd)); efree(pw_epasswd); } - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/securid.c b/plugins/sudoers/auth/securid.c index 2c3796c88..fa659f46c 100644 --- a/plugins/sudoers/auth/securid.c +++ b/plugins/sudoers/auth/securid.c @@ -59,28 +59,30 @@ int securid_init(struct passwd *pw, sudo_auth *auth) { static struct SD_CLIENT sd_dat; /* SecurID data block */ + debug_decl(securid_init, SUDO_DEBUG_AUTH) auth->data = (void *) &sd_dat; /* For method-specific data */ if (creadcfg() == 0) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); else - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } int securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data; + debug_decl(securid_setup, SUDO_DEBUG_AUTH) /* Re-initialize SecurID every time. */ if (sd_init(sd) == 0) { /* The programmer's guide says username is 32 bytes */ strlcpy(sd->username, pw->pw_name, 32); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } else { warningx(_("unable to contact the SecurID server")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } } @@ -89,11 +91,12 @@ securid_verify(struct passwd *pw, char *pass, sudo_auth *auth) { struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data; int rval; + debug_decl(securid_verify, SUDO_DEBUG_AUTH) rval = sd_auth(sd); sd_close(); if (rval == ACM_OK) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); else - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c index cf022d2f8..b12fc5c3f 100644 --- a/plugins/sudoers/auth/securid5.c +++ b/plugins/sudoers/auth/securid5.c @@ -70,15 +70,16 @@ int securid_init(struct passwd *pw, sudo_auth *auth) { static SDI_HANDLE sd_dat; /* SecurID handle */ + debug_decl(securid_init, SUDO_DEBUG_AUTH) auth->data = (void *) &sd_dat; /* For method-specific data */ /* Start communications */ if (AceInitialize() != SD_FALSE) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); warningx(_("failed to initialise the ACE API library")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* @@ -99,11 +100,12 @@ securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int retval; + debug_decl(securid_setup, SUDO_DEBUG_AUTH) /* Re-initialize SecurID every time. */ if (SD_Init(sd) != ACM_OK) { warningx(_("unable to contact the SecurID server")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } /* Lock new PIN code */ @@ -112,23 +114,23 @@ securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) switch (retval) { case ACM_OK: warningx(_("User ID locked for SecurID Authentication")); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); case ACE_UNDEFINED_USERNAME: warningx(_("invalid username length for SecurID")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); case ACE_ERR_INVALID_HANDLE: warningx(_("invalid Authentication Handle for SecurID")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); case ACM_ACCESS_DENIED: warningx(_("SecurID communication failed")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); default: warningx(_("unknown SecurID error")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } } @@ -149,6 +151,7 @@ securid_verify(struct passwd *pw, char *pass, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int rval; + debug_decl(securid_verify, SUDO_DEBUG_AUTH) pass = auth_getpass("Enter your PASSCODE: ", def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); @@ -218,5 +221,5 @@ then enter the new token code.\n", \ SD_Close(*sd); /* Return stored state to calling process */ - return rval; + debug_return_int(rval); } diff --git a/plugins/sudoers/auth/sia.c b/plugins/sudoers/auth/sia.c index 20d0c14aa..a2c41c2e5 100644 --- a/plugins/sudoers/auth/sia.c +++ b/plugins/sudoers/auth/sia.c @@ -63,6 +63,8 @@ static int sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts, prompt_t *prompts) { + debug_decl(sudo_collect, SUDO_DEBUG_AUTH) + switch (rendition) { case SIAFORM: case SIAONELINER: @@ -81,7 +83,7 @@ sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts, break; } - return sia_collect_trm(timeout, rendition, title, nprompts, prompts); + debug_return_int(sia_collect_trm(timeout, rendition, title, nprompts, prompts)); } int @@ -91,6 +93,7 @@ sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth) int i; extern int NewArgc; extern char **NewArgv; + debug_decl(sia_setup, SUDO_DEBUG_AUTH) /* Rebuild argv for sia_ses_init() */ sudo_argc = NewArgc + 1; @@ -104,33 +107,35 @@ sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth) log_error(USE_ERRNO|NO_EXIT|NO_MAIL, _("unable to initialize SIA session")); - return AUTH_FATAL; + debug_return_int(AUTH_FATAL); } auth->data = (void *) siah; - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } int sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { SIAENTITY *siah = (SIAENTITY *) auth->data; + debug_decl(sia_verify, SUDO_DEBUG_AUTH) def_prompt = prompt; /* for sudo_collect */ /* XXX - need a way to detect user hitting return or EOF at prompt */ if (sia_ses_reauthent(sudo_collect, siah) == SIASUCCESS) - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); else - return AUTH_FAILURE; + debug_return_int(AUTH_FAILURE); } int sia_cleanup(struct passwd *pw, sudo_auth *auth) { SIAENTITY *siah = (SIAENTITY *) auth->data; + debug_decl(sia_cleanup, SUDO_DEBUG_AUTH) (void) sia_ses_release(&siah); efree(sudo_argv); - return AUTH_SUCCESS; + debug_return_int(AUTH_SUCCESS); } diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index cd0408394..2b0d07eab 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -108,9 +108,10 @@ sudo_auth_init(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; + debug_decl(sudo_auth_init, SUDO_DEBUG_AUTH) if (auth_switch[0].name == NULL) - return TRUE; + debug_return_int(TRUE); /* Make sure we haven't mixed standalone and shared auth methods. */ standalone = IS_STANDALONE(&auth_switch[0]); @@ -118,7 +119,7 @@ sudo_auth_init(struct passwd *pw) audit_failure(NewArgv, "invalid authentication methods"); log_error(0, _("Invalid authentication methods compiled into sudo! " "You may mix standalone and non-standalone authentication.")); - return -1; + debug_return_int(-1); } /* Set FLAG_ONEANDONLY if there is only one auth method. */ @@ -145,7 +146,7 @@ sudo_auth_init(struct passwd *pw) } } } - return status == AUTH_FATAL ? -1 : TRUE; + debug_return_int(status == AUTH_FATAL ? -1 : TRUE); } int @@ -153,6 +154,7 @@ sudo_auth_cleanup(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; + debug_decl(sudo_auth_cleanup, SUDO_DEBUG_AUTH) /* Call cleanup routines. */ for (auth = auth_switch; auth->name; auth++) { @@ -172,7 +174,7 @@ sudo_auth_cleanup(struct passwd *pw) } } } - return status == AUTH_FATAL ? -1 : TRUE; + debug_return_int(status == AUTH_FATAL ? -1 : TRUE); } int @@ -184,6 +186,7 @@ verify_user(struct passwd *pw, char *prompt) char *p; sudo_auth *auth; sigaction_t sa, osa; + debug_decl(verify_user, SUDO_DEBUG_AUTH) /* Enable suspend during password entry. */ sigemptyset(&sa.sa_mask); @@ -199,7 +202,7 @@ verify_user(struct passwd *pw, char *prompt) _("There are no authentication methods compiled into sudo! " "If you want to turn off authentication, use the " "--disable-authentication configure option.")); - return -1; + debug_return_int(-1); } while (--counter) { @@ -219,7 +222,7 @@ verify_user(struct passwd *pw, char *prompt) else if (status == AUTH_FATAL) { /* XXX log */ audit_failure(NewArgv, "authentication failure"); - return -1; /* assume error msg already printed */ + debug_return_int(-1);/* assume error msg already printed */ } } } @@ -282,7 +285,7 @@ done: break; } - return rval; + debug_return_int(rval); } int @@ -290,6 +293,7 @@ sudo_auth_begin_session(struct passwd *pw) { sudo_auth *auth; int status; + debug_decl(auth_begin_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->begin_session && !IS_DISABLED(auth)) { @@ -297,11 +301,11 @@ sudo_auth_begin_session(struct passwd *pw) if (status == AUTH_FATAL) { /* XXX log */ audit_failure(NewArgv, "authentication failure"); - return -1; /* assume error msg already printed */ + debug_return_bool(-1); /* assume error msg already printed */ } } } - return TRUE; + debug_return_bool(TRUE); } int @@ -309,29 +313,33 @@ sudo_auth_end_session(struct passwd *pw) { sudo_auth *auth; int status; + debug_decl(auth_end_session, SUDO_DEBUG_AUTH) for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { status = (auth->end_session)(pw, auth); if (status == AUTH_FATAL) { /* XXX log */ - return -1; /* assume error msg already printed */ + debug_return_bool(-1); /* assume error msg already printed */ } } } - return TRUE; + debug_return_bool(TRUE); } static void pass_warn(void) { const char *warning = def_badpass_message; + debug_decl(pass_warn, SUDO_DEBUG_AUTH) #ifdef INSULT if (def_insults) warning = INSULT; #endif sudo_printf(SUDO_CONV_ERROR_MSG, "%s\n", warning); + + debug_return; } char * @@ -339,6 +347,7 @@ auth_getpass(const char *prompt, int timeout, int type) { struct sudo_conv_message msg; struct sudo_conv_reply repl; + debug_decl(auth_getpass, SUDO_DEBUG_AUTH) /* Mask user input if pwfeedback set and echo is off. */ if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback) @@ -356,16 +365,19 @@ auth_getpass(const char *prompt, int timeout, int type) memset(&repl, 0, sizeof(repl)); sudo_conv(1, &msg, &repl); /* XXX - check for ENOTTY? */ - return repl.reply; + debug_return_str_masked(repl.reply); } void dump_auth_methods(void) { sudo_auth *auth; + debug_decl(dump_auth_methods, SUDO_DEBUG_AUTH) sudo_printf(SUDO_CONV_INFO_MSG, _("Authentication methods:")); for (auth = auth_switch; auth->name; auth++) sudo_printf(SUDO_CONV_INFO_MSG, " '%s'", auth->name); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); + + debug_return; } diff --git a/plugins/sudoers/boottime.c b/plugins/sudoers/boottime.c index 96576f84e..2c9c07467 100644 --- a/plugins/sudoers/boottime.c +++ b/plugins/sudoers/boottime.c @@ -53,6 +53,7 @@ #endif /* !__linux__ */ #include "missing.h" +#include "sudo_debug.h" /* * Fill in a struct timeval with the time the system booted. @@ -67,6 +68,7 @@ get_boottime(struct timeval *tv) size_t linesize = 0; ssize_t len; FILE * fp; + debug_decl(get_boottime, SUDO_DEBUG_UTIL) /* read btime from /proc/stat */ fp = fopen("/proc/stat", "r"); @@ -75,14 +77,14 @@ get_boottime(struct timeval *tv) if (strncmp(line, "btime ", 6) == 0) { tv->tv_sec = atoi(line + 6); tv->tv_usec = 0; - return 1; + debug_return_bool(1); } } fclose(fp); free(line); } - return 0; + debug_return_bool(0); } #elif defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME) @@ -92,14 +94,15 @@ get_boottime(struct timeval *tv) { size_t size; int mib[2]; + debug_decl(get_boottime, SUDO_DEBUG_UTIL) mib[0] = CTL_KERN; mib[1] = KERN_BOOTTIME; size = sizeof(*tv); if (sysctl(mib, 2, tv, &size, NULL, 0) != -1) - return 1; + debug_return_bool(1); - return 0; + debug_return_bool(0); } #elif defined(HAVE_GETUTXID) @@ -108,6 +111,7 @@ int get_boottime(struct timeval *tv) { struct utmpx *ut, key; + debug_decl(get_boottime, SUDO_DEBUG_UTIL) memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; @@ -117,7 +121,7 @@ get_boottime(struct timeval *tv) tv->tv_usec = ut->ut_tv.tv_usec; } endutxent(); - return ut != NULL; + debug_return_bool(ut != NULL); } #elif defined(HAVE_GETUTID) @@ -126,6 +130,7 @@ int get_boottime(struct timeval *tv) { struct utmp *ut, key; + debug_decl(get_boottime, SUDO_DEBUG_UTIL) memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; @@ -135,7 +140,7 @@ get_boottime(struct timeval *tv) tv->tv_usec = 0; } endutent(); - return ut != NULL; + debug_return_bool(ut != NULL); } #else @@ -143,6 +148,7 @@ get_boottime(struct timeval *tv) int get_boottime(struct timeval *tv) { - return 0; + debug_decl(get_boottime, SUDO_DEBUG_UTIL) + debug_return_bool(0); } #endif diff --git a/plugins/sudoers/bsm_audit.c b/plugins/sudoers/bsm_audit.c index df53ea0c7..305014aa3 100644 --- a/plugins/sudoers/bsm_audit.c +++ b/plugins/sudoers/bsm_audit.c @@ -51,6 +51,7 @@ audit_sudo_selected(int sf) struct au_mask *mask; auditinfo_t ainfo; int rc, sorf; + debug_decl(audit_sudo_selected, SUDO_DEBUG_AUDIT) if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { if (errno == ENOSYS) { @@ -63,7 +64,7 @@ audit_sudo_selected(int sf) mask = &ainfo_addr.ai_mask; sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD); - return rc; + debug_return_int(rc); } void @@ -76,6 +77,7 @@ bsm_audit_success(char **exec_args) long au_cond; int aufd; pid_t pid; + debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) pid = getpid(); /* @@ -87,13 +89,13 @@ bsm_audit_success(char **exec_args) log_error(0, _("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) - return; + debug_return; /* * Check to see if the preselection masks are interested in seeing * this event. */ if (!audit_sudo_selected(0)) - return; + debug_return; if (getauid(&auid) < 0) log_error(0, _("getauid failed")); if ((aufd = au_open()) == -1) @@ -124,6 +126,7 @@ bsm_audit_success(char **exec_args) au_write(aufd, tok); if (au_close(aufd, 1, AUE_sudo) == -1) log_error(0, _("unable to commit audit record")); + debug_return; } void @@ -137,6 +140,7 @@ bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap) au_id_t auid; pid_t pid; int aufd; + debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) pid = getpid(); /* @@ -144,13 +148,13 @@ bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap) */ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) - return; + debug_return; log_error(0, _("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) - return; + debug_return; if (!audit_sudo_selected(1)) - return; + debug_return; if (getauid(&auid) < 0) log_error(0, _("getauid: failed")); if ((aufd = au_open()) == -1) @@ -183,4 +187,5 @@ bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap) au_write(aufd, tok); if (au_close(aufd, 1, AUE_sudo) == -1) log_error(0, _("unable to commit audit record")); + debug_return; } diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index 4be3b0bdd..cd4247c63 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -104,6 +104,7 @@ check_user(int validated, int mode) char *prompt; struct stat sb; int status, rval = TRUE; + debug_decl(check_user, SUDO_DEBUG_AUTH) /* Stash the tty's ctime for tty ticket comparison. */ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { @@ -171,7 +172,7 @@ done: sudo_auth_cleanup(auth_pw); pw_delref(auth_pw); - return rval; + debug_return_int(rval); } #define DEFAULT_LECTURE "\n" \ @@ -192,10 +193,11 @@ lecture(int status) ssize_t nread; struct sudo_conv_message msg; struct sudo_conv_reply repl; + debug_decl(lecture, SUDO_DEBUG_AUTH) if (def_lecture == never || (def_lecture == once && status != TS_MISSING && status != TS_ERROR)) - return; + debug_return; memset(&msg, 0, sizeof(msg)); memset(&repl, 0, sizeof(repl)); @@ -213,6 +215,7 @@ lecture(int status) msg.msg = _(DEFAULT_LECTURE); sudo_conv(1, &msg, &repl); } + debug_return; } /* @@ -221,9 +224,11 @@ lecture(int status) static void update_timestamp(char *timestampdir, char *timestampfile) { + debug_decl(update_timestamp, SUDO_DEBUG_AUTH) + /* If using tty timestamps but we have no tty there is nothing to do. */ if (def_tty_tickets && !user_ttypath) - return; + debug_return; if (timestamp_uid != 0) set_perms(PERM_TIMESTAMP); @@ -252,6 +257,7 @@ update_timestamp(char *timestampdir, char *timestampfile) } if (timestamp_uid != 0) restore_perms(); + debug_return; } /* @@ -264,6 +270,7 @@ expand_prompt(char *old_prompt, char *user, char *host) size_t len, n; int subst; char *p, *np, *new_prompt, *endp; + debug_decl(expand_prompt, SUDO_DEBUG_AUTH) /* How much space do we need to malloc for the prompt? */ subst = 0; @@ -374,7 +381,7 @@ expand_prompt(char *old_prompt, char *user, char *host) } else new_prompt = old_prompt; - return new_prompt; + debug_return_str(new_prompt); oflow: /* We pre-allocate enough space, so this should never happen. */ @@ -387,9 +394,12 @@ oflow: int user_is_exempt(void) { - if (!def_exempt_group) - return FALSE; - return user_in_group(sudo_user.pw, def_exempt_group); + int rval = FALSE; + debug_decl(user_is_exempt, SUDO_DEBUG_AUTH) + + if (def_exempt_group) + rval = user_in_group(sudo_user.pw, def_exempt_group); + debug_return_bool(rval); } /* @@ -400,6 +410,7 @@ build_timestamp(char **timestampdir, char **timestampfile) { char *dirparent; int len; + debug_decl(build_timestamp, SUDO_DEBUG_AUTH) dirparent = def_timestampdir; len = easprintf(timestampdir, "%s/%s", dirparent, user_name); @@ -432,10 +443,10 @@ build_timestamp(char **timestampdir, char **timestampfile) } else *timestampfile = NULL; - return len; + debug_return_int(len); bad: log_error(0, _("timestamp path too long: %s"), *timestampfile); - return -1; + debug_return_int(-1); } /* @@ -449,6 +460,7 @@ timestamp_status(char *timestampdir, char *timestampfile, char *user, int flags) time_t now; char *dirparent = def_timestampdir; int status = TS_ERROR; /* assume the worst */ + debug_decl(timestamp_status, SUDO_DEBUG_AUTH) if (timestamp_uid != 0) set_perms(PERM_TIMESTAMP); @@ -633,7 +645,7 @@ timestamp_status(char *timestampdir, char *timestampfile, char *user, int flags) done: if (timestamp_uid != 0) restore_perms(); - return status; + debug_return_int(status); } /* @@ -645,9 +657,10 @@ remove_timestamp(int remove) struct timeval tv; char *timestampdir, *timestampfile, *path; int status; + debug_decl(remove_timestamp, SUDO_DEBUG_AUTH) if (build_timestamp(×tampdir, ×tampfile) == -1) - return; + debug_return; status = timestamp_status(timestampdir, timestampfile, user_name, TS_REMOVE); @@ -671,9 +684,10 @@ remove_timestamp(int remove) error(1, _("unable to reset %s to the epoch"), path); } } - efree(timestampdir); efree(timestampfile); + + debug_return; } /* @@ -690,6 +704,7 @@ tty_is_devpts(const char *tty) int retval = FALSE; #ifdef __linux__ struct statfs sfs; + debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) #ifndef DEVPTS_SUPER_MAGIC # define DEVPTS_SUPER_MAGIC 0x1cd1 @@ -701,13 +716,16 @@ tty_is_devpts(const char *tty) } #elif defined(__sun) && defined(__SVR4) struct statvfs sfs; + debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) if (statvfs(tty, &sfs) == 0) { if (strcmp(sfs.f_fstr, "devices") == 0) retval = TRUE; } +#else + debug_decl(tty_is_devpts, SUDO_DEBUG_PTY) #endif /* __linux__ */ - return retval; + debug_return_bool(retval); } /* @@ -719,6 +737,7 @@ static struct passwd * get_authpw(void) { struct passwd *pw; + debug_decl(get_authpw, SUDO_DEBUG_AUTH) if (def_rootpw) { if ((pw = sudo_getpwuid(ROOT_UID)) == NULL) @@ -737,5 +756,5 @@ get_authpw(void) pw = sudo_user.pw; } - return pw; + debug_return_ptr(pw); } diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index dd404f5bf..c0943a9cd 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -119,6 +119,7 @@ dump_defaults(void) struct list_member *item; struct def_values *def; char *desc; + debug_decl(dump_defaults, SUDO_DEBUG_DEFAULTS) for (cur = sudo_defs_table; cur->name; cur++) { if (cur->desc) { @@ -182,6 +183,7 @@ dump_defaults(void) } } } + debug_return; } /* @@ -196,6 +198,7 @@ set_default(char *var, char *val, int op) { struct sudo_defs_types *cur; int num; + debug_decl(set_default, SUDO_DEBUG_DEFAULTS) for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) { if (strcmp(var, cur->name) == 0) @@ -203,7 +206,7 @@ set_default(char *var, char *val, int op) } if (!cur->name) { warningx(_("unknown defaults entry `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } switch (cur->type & T_MASK) { @@ -214,7 +217,7 @@ set_default(char *var, char *val, int op) val, var); else warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } break; case T_LOGPRI: @@ -224,7 +227,7 @@ set_default(char *var, char *val, int op) val, var); else warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } break; case T_STR: @@ -232,16 +235,16 @@ set_default(char *var, char *val, int op) /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != FALSE) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } } if (ISSET(cur->type, T_PATH) && val && *val != '/') { warningx(_("values for `%s' must start with a '/'"), var); - return FALSE; + debug_return_bool(FALSE); } if (!store_str(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; case T_INT: @@ -249,12 +252,12 @@ set_default(char *var, char *val, int op) /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != FALSE) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } } if (!store_int(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; case T_UINT: @@ -262,12 +265,12 @@ set_default(char *var, char *val, int op) /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != FALSE) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } } if (!store_uint(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; case T_FLOAT: @@ -275,12 +278,12 @@ set_default(char *var, char *val, int op) /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != FALSE) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } } if (!store_float(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; case T_MODE: @@ -288,18 +291,18 @@ set_default(char *var, char *val, int op) /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != FALSE) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } } if (!store_mode(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; case T_FLAG: if (val) { warningx(_("option `%s' does not take a value"), var); - return FALSE; + debug_return_bool(FALSE); } cur->sd_un.flag = op; break; @@ -308,27 +311,27 @@ set_default(char *var, char *val, int op) /* Check for bogus boolean usage or lack of a value. */ if (!ISSET(cur->type, T_BOOL) || op != FALSE) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } } if (!store_list(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; case T_TUPLE: if (!val && !ISSET(cur->type, T_BOOL)) { warningx(_("no value specified for `%s'"), var); - return FALSE; + debug_return_bool(FALSE); } if (!store_tuple(val, cur, op)) { warningx(_("value `%s' is invalid for option `%s'"), val, var); - return FALSE; + debug_return_bool(FALSE); } break; } - return TRUE; + debug_return_bool(TRUE); } /* @@ -340,6 +343,7 @@ init_defaults(void) { static int firsttime = 1; struct sudo_defs_types *def; + debug_decl(init_defaults, SUDO_DEBUG_DEFAULTS) /* Clear any old settings. */ if (!firsttime) { @@ -473,6 +477,8 @@ init_defaults(void) init_envtables(); firsttime = 0; + + debug_return; } /* @@ -484,6 +490,7 @@ update_defaults(int what) { struct defaults *def; int rc = TRUE; + debug_decl(init_defaults, SUDO_DEBUG_DEFAULTS) tq_foreach_fwd(&defaults, def) { switch (def->type) { @@ -518,7 +525,7 @@ update_defaults(int what) break; } } - return rc; + debug_return_bool(rc); } static int @@ -526,19 +533,20 @@ store_int(char *val, struct sudo_defs_types *def, int op) { char *endp; long l; + debug_decl(store_int, SUDO_DEBUG_DEFAULTS) if (op == FALSE) { def->sd_un.ival = 0; } else { l = strtol(val, &endp, 10); if (*endp != '\0') - return FALSE; + debug_return_bool(FALSE); /* XXX - should check against INT_MAX */ def->sd_un.ival = (int)l; } if (def->callback) - return def->callback(val); - return TRUE; + debug_return_bool(def->callback(val)); + debug_return_bool(TRUE); } static int @@ -546,19 +554,20 @@ store_uint(char *val, struct sudo_defs_types *def, int op) { char *endp; long l; + debug_decl(store_uint, SUDO_DEBUG_DEFAULTS) if (op == FALSE) { def->sd_un.ival = 0; } else { l = strtol(val, &endp, 10); if (*endp != '\0' || l < 0) - return FALSE; + debug_return_bool(FALSE); /* XXX - should check against INT_MAX */ def->sd_un.ival = (unsigned int)l; } if (def->callback) - return def->callback(val); - return TRUE; + debug_return_bool(def->callback(val)); + debug_return_bool(TRUE); } static int @@ -566,25 +575,27 @@ store_float(char *val, struct sudo_defs_types *def, int op) { char *endp; double d; + debug_decl(store_float, SUDO_DEBUG_DEFAULTS) if (op == FALSE) { def->sd_un.fval = 0.0; } else { d = strtod(val, &endp); if (*endp != '\0') - return FALSE; + debug_return_bool(FALSE); /* XXX - should check against HUGE_VAL */ def->sd_un.fval = d; } if (def->callback) - return def->callback(val); - return TRUE; + debug_return_bool(def->callback(val)); + debug_return_bool(TRUE); } static int store_tuple(char *val, struct sudo_defs_types *def, int op) { struct def_values *v; + debug_decl(store_tuple, SUDO_DEBUG_DEFAULTS) /* * Since enums are really just ints we store the value as an ival. @@ -603,16 +614,17 @@ store_tuple(char *val, struct sudo_defs_types *def, int op) } } if (v->sval == NULL) - return FALSE; + debug_return_bool(FALSE); } if (def->callback) - return def->callback(val); - return TRUE; + debug_return_bool(def->callback(val)); + debug_return_bool(TRUE); } static int store_str(char *val, struct sudo_defs_types *def, int op) { + debug_decl(store_str, SUDO_DEBUG_DEFAULTS) efree(def->sd_un.str); if (op == FALSE) @@ -620,14 +632,15 @@ store_str(char *val, struct sudo_defs_types *def, int op) else def->sd_un.str = estrdup(val); if (def->callback) - return def->callback(val); - return TRUE; + debug_return_bool(def->callback(val)); + debug_return_bool(TRUE); } static int store_list(char *str, struct sudo_defs_types *def, int op) { char *start, *end; + debug_decl(store_list, SUDO_DEBUG_DEFAULTS) /* Remove all old members. */ if (op == FALSE || op == TRUE) @@ -649,31 +662,32 @@ store_list(char *str, struct sudo_defs_types *def, int op) list_op(start, end - start, def, op == '-' ? delete : add); } while (*end++ != '\0'); } - return TRUE; + debug_return_bool(TRUE); } static int store_syslogfac(char *val, struct sudo_defs_types *def, int op) { struct strmap *fac; + debug_decl(store_syslogfac, SUDO_DEBUG_DEFAULTS) if (op == FALSE) { def->sd_un.ival = FALSE; - return TRUE; + debug_return_bool(TRUE); } #ifdef LOG_NFACILITIES if (!val) - return FALSE; + debug_return_bool(FALSE); for (fac = facilities; fac->name && strcmp(val, fac->name); fac++) ; if (fac->name == NULL) - return FALSE; /* not found */ + debug_return_bool(FALSE); /* not found */ def->sd_un.ival = fac->num; #else def->sd_un.ival = -1; #endif /* LOG_NFACILITIES */ - return TRUE; + debug_return_bool(TRUE); } static const char * @@ -681,10 +695,11 @@ logfac2str(int n) { #ifdef LOG_NFACILITIES struct strmap *fac; + debug_decl(logfac2str, SUDO_DEBUG_DEFAULTS) for (fac = facilities; fac->name && fac->num != n; fac++) ; - return fac->name; + debug_return_str(fac->name); #else return "default"; #endif /* LOG_NFACILITIES */ @@ -694,27 +709,29 @@ static int store_syslogpri(char *val, struct sudo_defs_types *def, int op) { struct strmap *pri; + debug_decl(store_syslogpri, SUDO_DEBUG_DEFAULTS) if (op == FALSE || !val) - return FALSE; + debug_return_bool(FALSE); for (pri = priorities; pri->name && strcmp(val, pri->name); pri++) ; if (pri->name == NULL) - return FALSE; /* not found */ + debug_return_bool(FALSE); /* not found */ def->sd_un.ival = pri->num; - return TRUE; + debug_return_bool(TRUE); } static const char * logpri2str(int n) { struct strmap *pri; + debug_decl(logpri2str, SUDO_DEBUG_DEFAULTS) for (pri = priorities; pri->name && pri->num != n; pri++) ; - return pri->name; + debug_return_str(pri->name); } static int @@ -722,24 +739,26 @@ store_mode(char *val, struct sudo_defs_types *def, int op) { char *endp; long l; + debug_decl(store_mode, SUDO_DEBUG_DEFAULTS) if (op == FALSE) { def->sd_un.mode = (mode_t)0777; } else { l = strtol(val, &endp, 8); if (*endp != '\0' || l < 0 || l > 0777) - return FALSE; + debug_return_bool(FALSE); def->sd_un.mode = (mode_t)l; } if (def->callback) - return def->callback(val); - return TRUE; + debug_return_bool(def->callback(val)); + debug_return_bool(TRUE); } static void list_op(char *val, size_t len, struct sudo_defs_types *def, enum list_ops op) { struct list_member *cur, *prev, *tmp; + debug_decl(list_op, SUDO_DEBUG_DEFAULTS) if (op == freeall) { for (cur = def->sd_un.list; cur; ) { @@ -749,14 +768,14 @@ list_op(char *val, size_t len, struct sudo_defs_types *def, enum list_ops op) efree(tmp); } def->sd_un.list = NULL; - return; + debug_return; } for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) { if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) { if (op == add) - return; /* already exists */ + debug_return; /* already exists */ /* Delete node */ if (prev != NULL) @@ -778,4 +797,5 @@ list_op(char *val, size_t len, struct sudo_defs_types *def, enum list_ops op) cur->next = def->sd_un.list; def->sd_un.list = cur; } + debug_return; } diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index d7c158290..f045a5193 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -216,6 +216,7 @@ env_init(char * const envp[]) { char * const *ep; size_t len; + debug_decl(env_init, SUDO_DEBUG_ENV) for (ep = envp; *ep != NULL; ep++) continue; @@ -229,6 +230,8 @@ env_init(char * const envp[]) #endif memcpy(env.envp, envp, len * sizeof(char *)); env.envp[len] = '\0'; + + debug_return; } char ** @@ -247,6 +250,7 @@ sudo_setenv(const char *var, const char *val, int dupcheck) { char *estring; size_t esize; + debug_decl(sudo_setenv, SUDO_DEBUG_ENV) esize = strlen(var) + 1 + strlen(val) + 1; estring = emalloc(esize); @@ -259,6 +263,8 @@ sudo_setenv(const char *var, const char *val, int dupcheck) errorx(1, _("internal error, sudo_setenv() overflow")); } sudo_putenv(estring, dupcheck, TRUE); + + debug_return; } /* @@ -273,6 +279,7 @@ sudo_putenv(char *str, int dupcheck, int overwrite) char **ep; size_t len; int found = FALSE; + debug_decl(sudo_putenv, SUDO_DEBUG_ENV) /* Make sure there is room for the new entry plus a NULL. */ if (env.env_len + 2 > env.env_size) { @@ -319,6 +326,7 @@ sudo_putenv(char *str, int dupcheck, int overwrite) *ep++ = str; *ep = NULL; } + debug_return; } /* @@ -331,6 +339,7 @@ matches_env_delete(const char *var) struct list_member *cur; size_t len; int iswild, match = FALSE; + debug_decl(matches_env_delete, SUDO_DEBUG_ENV) /* Skip anything listed in env_delete. */ for (cur = def_env_delete; cur; cur = cur->next) { @@ -347,7 +356,7 @@ matches_env_delete(const char *var) break; } } - return match; + debug_return_bool(match); } /* @@ -361,6 +370,7 @@ matches_env_check(const char *var) struct list_member *cur; size_t len; int iswild, keepit = -1; + debug_decl(matches_env_check, SUDO_DEBUG_ENV) for (cur = def_env_check; cur; cur = cur->next) { len = strlen(cur->value); @@ -376,7 +386,7 @@ matches_env_check(const char *var) break; } } - return keepit; + debug_return_bool(keepit); } /* diff --git a/plugins/sudoers/find_path.c b/plugins/sudoers/find_path.c index 4064248e3..a168234a2 100644 --- a/plugins/sudoers/find_path.c +++ b/plugins/sudoers/find_path.c @@ -63,6 +63,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, char *result = NULL; /* result of path/file lookup */ int checkdot = 0; /* check current dir? */ int len; /* length parameter */ + debug_decl(find_path, SUDO_DEBUG_UTIL) if (strlen(infile) >= PATH_MAX) errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG)); @@ -75,13 +76,13 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, strlcpy(command, infile, sizeof(command)); /* paranoia */ if (sudo_goodpath(command, sbp)) { *outfile = command; - return FOUND; + debug_return_int(FOUND); } else - return NOT_FOUND; + debug_return_int(NOT_FOUND); } if (path == NULL) - return NOT_FOUND; + debug_return_int(NOT_FOUND); path = estrdup(path); origpath = path; @@ -122,12 +123,12 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG)); result = sudo_goodpath(command, sbp); if (result && ignore_dot) - return NOT_FOUND_DOT; + debug_return_int(NOT_FOUND_DOT); } if (result) { *outfile = result; - return FOUND; + debug_return_int(FOUND); } else - return NOT_FOUND; + debug_return_int(NOT_FOUND); } diff --git a/plugins/sudoers/getspwuid.c b/plugins/sudoers/getspwuid.c index 01f488525..e98db8358 100644 --- a/plugins/sudoers/getspwuid.c +++ b/plugins/sudoers/getspwuid.c @@ -82,6 +82,7 @@ char * sudo_getepw(const struct passwd *pw) { char *epw = NULL; + debug_decl(sudo_getepw, SUDO_DEBUG_AUTH) /* If there is a function to check for shadow enabled, use it... */ #ifdef HAVE_ISCOMSEC @@ -142,12 +143,14 @@ sudo_getepw(const struct passwd *pw) done: #endif /* If no shadow password, fall back on regular password. */ - return estrdup(epw ? epw : pw->pw_passwd); + debug_return_str(estrdup(epw ? epw : pw->pw_passwd)); } void sudo_setspent(void) { + debug_decl(sudo_setspent, SUDO_DEBUG_AUTH) + #ifdef HAVE_GETPRPWNAM setprpwent(); #endif @@ -163,11 +166,14 @@ sudo_setspent(void) #ifdef HAVE_GETAUTHUID setauthent(); #endif + debug_return; } void sudo_endspent(void) { + debug_decl(sudo_endspent, SUDO_DEBUG_AUTH) + #ifdef HAVE_GETPRPWNAM endprpwent(); #endif @@ -183,4 +189,5 @@ sudo_endspent(void) #ifdef HAVE_GETAUTHUID endauthent(); #endif + debug_return; } diff --git a/plugins/sudoers/goodpath.c b/plugins/sudoers/goodpath.c index 8d0202819..08556102f 100644 --- a/plugins/sudoers/goodpath.c +++ b/plugins/sudoers/goodpath.c @@ -45,21 +45,23 @@ char * sudo_goodpath(const char *path, struct stat *sbp) { struct stat sb; + debug_decl(sudo_goodpath, SUDO_DEBUG_UTIL) /* Check for brain damage */ if (path == NULL || path[0] == '\0') - return NULL; + debug_return_str(NULL); if (stat(path, &sb)) - return NULL; + debug_return_str(NULL); /* Make sure path describes an executable regular file. */ if (!S_ISREG(sb.st_mode) || !(sb.st_mode & 0000111)) { errno = EACCES; - return NULL; + debug_return_str(NULL); } if (sbp != NULL) (void) memcpy(sbp, &sb, sizeof(struct stat)); - return (char *)path; + + debug_return_str((char *)path); } diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 8c0a73d62..f3282210e 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -104,6 +104,8 @@ static struct member *new_member(char *, int); void yyerror(const char *s) { + debug_decl(yyerror, SUDO_DEBUG_PARSER) + /* Save the line the first error occurred on. */ if (errorlineno == -1) { errorlineno = sudolineno ? sudolineno - 1 : 0; @@ -116,8 +118,9 @@ yyerror(const char *s) sudolineno ? sudolineno - 1 : 0); } parse_error = TRUE; + debug_return; } -#line 110 "gram.y" +#line 113 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -133,7 +136,7 @@ typedef union { int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -#line 136 "y.tab.c" +#line 139 "y.tab.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 @@ -631,11 +634,12 @@ short *yyss; short *yysslim; YYSTYPE *yyvs; int yystacksize; -#line 604 "gram.y" +#line 607 "gram.y" static struct defaults * new_default(char *var, char *val, int op) { struct defaults *d; + debug_decl(new_default, SUDO_DEBUG_PARSER) d = emalloc(sizeof(struct defaults)); d->var = var; @@ -646,13 +650,14 @@ new_default(char *var, char *val, int op) d->prev = d; d->next = NULL; - return d; + debug_return_ptr(d); } static struct member * new_member(char *name, int type) { struct member *m; + debug_decl(new_member, SUDO_DEBUG_PARSER) m = emalloc(sizeof(struct member)); m->name = name; @@ -660,7 +665,7 @@ new_member(char *name, int type) m->prev = m; m->next = NULL; - return m; + debug_return_ptr(m); } /* @@ -673,6 +678,7 @@ add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; struct member_list binding; + debug_decl(add_defaults, SUDO_DEBUG_PARSER) /* * We can only call list2tq once on bmem as it will zero @@ -688,6 +694,8 @@ add_defaults(int type, struct member *bmem, struct defaults *defs) d->binding = binding; } tq_append(&defaults, defs); + + debug_return; } /* @@ -698,6 +706,7 @@ static void add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; + debug_decl(add_userspec, SUDO_DEBUG_PARSER) u = emalloc(sizeof(*u)); list2tq(&u->users, members); @@ -705,6 +714,8 @@ add_userspec(struct member *members, struct privilege *privs) u->prev = u; u->next = NULL; tq_append(&userspecs, u); + + debug_return; } /* @@ -720,6 +731,7 @@ init_parser(const char *path, int quiet) struct privilege *priv; struct cmndspec *cs; struct sudo_command *c; + debug_decl(init_parser, SUDO_DEBUG_PARSER) while ((us = tq_pop(&userspecs)) != NULL) { while ((m = tq_pop(&us->users)) != NULL) { @@ -808,8 +820,10 @@ init_parser(const char *path, int quiet) errorlineno = -1; errorfile = NULL; verbose = !quiet; + + debug_return; } -#line 760 "y.tab.c" +#line 774 "y.tab.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -1015,127 +1029,127 @@ yyreduce: switch (yyn) { case 1: -#line 185 "gram.y" +#line 188 "gram.y" { ; } break; case 5: -#line 193 "gram.y" +#line 196 "gram.y" { ; } break; case 6: -#line 196 "gram.y" +#line 199 "gram.y" { yyerrok; } break; case 7: -#line 199 "gram.y" +#line 202 "gram.y" { add_userspec(yyvsp[-1].member, yyvsp[0].privilege); } break; case 8: -#line 202 "gram.y" -{ - ; - } -break; -case 9: #line 205 "gram.y" { ; } break; -case 10: +case 9: #line 208 "gram.y" { ; } break; -case 11: +case 10: #line 211 "gram.y" { ; } break; -case 12: +case 11: #line 214 "gram.y" +{ + ; + } +break; +case 12: +#line 217 "gram.y" { add_defaults(DEFAULTS, NULL, yyvsp[0].defaults); } break; case 13: -#line 217 "gram.y" +#line 220 "gram.y" { add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults); } break; case 14: -#line 220 "gram.y" +#line 223 "gram.y" { add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults); } break; case 15: -#line 223 "gram.y" +#line 226 "gram.y" { add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults); } break; case 16: -#line 226 "gram.y" +#line 229 "gram.y" { add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults); } break; case 18: -#line 232 "gram.y" +#line 235 "gram.y" { list_append(yyvsp[-2].defaults, yyvsp[0].defaults); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 238 "gram.y" +#line 241 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE); } break; case 20: -#line 241 "gram.y" +#line 244 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE); } break; case 21: -#line 244 "gram.y" +#line 247 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE); } break; case 22: -#line 247 "gram.y" +#line 250 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); } break; case 23: -#line 250 "gram.y" +#line 253 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); } break; case 25: -#line 256 "gram.y" +#line 259 "gram.y" { list_append(yyvsp[-2].privilege, yyvsp[0].privilege); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 262 "gram.y" +#line 265 "gram.y" { struct privilege *p = emalloc(sizeof(*p)); list2tq(&p->hostlist, yyvsp[-2].member); @@ -1146,51 +1160,51 @@ case 26: } break; case 27: -#line 272 "gram.y" +#line 275 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = FALSE; } break; case 28: -#line 276 "gram.y" +#line 279 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = TRUE; } break; case 29: -#line 282 "gram.y" +#line 285 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 30: -#line 285 "gram.y" +#line 288 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 31: -#line 288 "gram.y" +#line 291 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 32: -#line 291 "gram.y" +#line 294 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); } break; case 33: -#line 294 "gram.y" +#line 297 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 35: -#line 300 "gram.y" +#line 303 "gram.y" { list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec); #ifdef HAVE_SELINUX @@ -1223,7 +1237,7 @@ case 35: } break; case 36: -#line 332 "gram.y" +#line 335 "gram.y" { struct cmndspec *cs = emalloc(sizeof(*cs)); if (yyvsp[-3].runas != NULL) { @@ -1250,80 +1264,80 @@ case 36: } break; case 37: -#line 358 "gram.y" +#line 361 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = FALSE; } break; case 38: -#line 362 "gram.y" +#line 365 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = TRUE; } break; case 39: -#line 368 "gram.y" +#line 371 "gram.y" { yyval.string = yyvsp[0].string; } break; case 40: -#line 373 "gram.y" +#line 376 "gram.y" { yyval.string = yyvsp[0].string; } break; case 41: -#line 378 "gram.y" +#line 381 "gram.y" { yyval.seinfo.role = NULL; yyval.seinfo.type = NULL; } break; case 42: -#line 382 "gram.y" +#line 385 "gram.y" { yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.type = NULL; } break; case 43: -#line 386 "gram.y" +#line 389 "gram.y" { yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.role = NULL; } break; case 44: -#line 390 "gram.y" +#line 393 "gram.y" { yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.type = yyvsp[0].string; } break; case 45: -#line 394 "gram.y" +#line 397 "gram.y" { yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.role = yyvsp[0].string; } break; case 46: -#line 400 "gram.y" +#line 403 "gram.y" { yyval.runas = NULL; } break; case 47: -#line 403 "gram.y" +#line 406 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; case 48: -#line 408 "gram.y" +#line 411 "gram.y" { yyval.runas = emalloc(sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[0].member; @@ -1331,7 +1345,7 @@ case 48: } break; case 49: -#line 413 "gram.y" +#line 416 "gram.y" { yyval.runas = emalloc(sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[-2].member; @@ -1339,7 +1353,7 @@ case 49: } break; case 50: -#line 418 "gram.y" +#line 421 "gram.y" { yyval.runas = emalloc(sizeof(struct runascontainer)); yyval.runas->runasusers = NULL; @@ -1347,86 +1361,86 @@ case 50: } break; case 51: -#line 425 "gram.y" +#line 428 "gram.y" { yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.log_input = yyval.tag.log_output = UNSPEC; } break; case 52: -#line 429 "gram.y" +#line 432 "gram.y" { yyval.tag.nopasswd = TRUE; } break; case 53: -#line 432 "gram.y" +#line 435 "gram.y" { yyval.tag.nopasswd = FALSE; } break; case 54: -#line 435 "gram.y" +#line 438 "gram.y" { yyval.tag.noexec = TRUE; } break; case 55: -#line 438 "gram.y" +#line 441 "gram.y" { yyval.tag.noexec = FALSE; } break; case 56: -#line 441 "gram.y" +#line 444 "gram.y" { yyval.tag.setenv = TRUE; } break; case 57: -#line 444 "gram.y" +#line 447 "gram.y" { yyval.tag.setenv = FALSE; } break; case 58: -#line 447 "gram.y" +#line 450 "gram.y" { yyval.tag.log_input = TRUE; } break; case 59: -#line 450 "gram.y" +#line 453 "gram.y" { yyval.tag.log_input = FALSE; } break; case 60: -#line 453 "gram.y" +#line 456 "gram.y" { yyval.tag.log_output = TRUE; } break; case 61: -#line 456 "gram.y" +#line 459 "gram.y" { yyval.tag.log_output = FALSE; } break; case 62: -#line 461 "gram.y" +#line 464 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 63: -#line 464 "gram.y" +#line 467 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 64: -#line 467 "gram.y" +#line 470 "gram.y" { struct sudo_command *c = emalloc(sizeof(*c)); c->cmnd = yyvsp[0].command.cmnd; @@ -1435,7 +1449,7 @@ case 64: } break; case 67: -#line 479 "gram.y" +#line 482 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { @@ -1445,14 +1459,14 @@ case 67: } break; case 69: -#line 489 "gram.y" +#line 492 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 72: -#line 499 "gram.y" +#line 502 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { @@ -1462,14 +1476,14 @@ case 72: } break; case 74: -#line 509 "gram.y" +#line 512 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 77: -#line 519 "gram.y" +#line 522 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { @@ -1479,7 +1493,7 @@ case 77: } break; case 80: -#line 532 "gram.y" +#line 535 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { @@ -1489,96 +1503,96 @@ case 80: } break; case 82: -#line 542 "gram.y" +#line 545 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 83: -#line 548 "gram.y" +#line 551 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = FALSE; } break; case 84: -#line 552 "gram.y" +#line 555 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = TRUE; } break; case 85: -#line 558 "gram.y" +#line 561 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 86: -#line 561 "gram.y" +#line 564 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 87: -#line 564 "gram.y" +#line 567 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 88: -#line 567 "gram.y" +#line 570 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); } break; case 89: -#line 570 "gram.y" +#line 573 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 91: -#line 576 "gram.y" +#line 579 "gram.y" { list_append(yyvsp[-2].member, yyvsp[0].member); yyval.member = yyvsp[-2].member; } break; case 92: -#line 582 "gram.y" +#line 585 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = FALSE; } break; case 93: -#line 586 "gram.y" +#line 589 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = TRUE; } break; case 94: -#line 592 "gram.y" +#line 595 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 95: -#line 595 "gram.y" +#line 598 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 96: -#line 598 "gram.y" +#line 601 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; -#line 1529 "y.tab.c" +#line 1543 "y.tab.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index f3f0aace3..664d6efb0 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -92,6 +92,8 @@ static struct member *new_member(char *, int); void yyerror(const char *s) { + debug_decl(yyerror, SUDO_DEBUG_PARSER) + /* Save the line the first error occurred on. */ if (errorlineno == -1) { errorlineno = sudolineno ? sudolineno - 1 : 0; @@ -104,6 +106,7 @@ yyerror(const char *s) sudolineno ? sudolineno - 1 : 0); } parse_error = TRUE; + debug_return; } %} @@ -605,6 +608,7 @@ static struct defaults * new_default(char *var, char *val, int op) { struct defaults *d; + debug_decl(new_default, SUDO_DEBUG_PARSER) d = emalloc(sizeof(struct defaults)); d->var = var; @@ -615,13 +619,14 @@ new_default(char *var, char *val, int op) d->prev = d; d->next = NULL; - return d; + debug_return_ptr(d); } static struct member * new_member(char *name, int type) { struct member *m; + debug_decl(new_member, SUDO_DEBUG_PARSER) m = emalloc(sizeof(struct member)); m->name = name; @@ -629,7 +634,7 @@ new_member(char *name, int type) m->prev = m; m->next = NULL; - return m; + debug_return_ptr(m); } /* @@ -642,6 +647,7 @@ add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; struct member_list binding; + debug_decl(add_defaults, SUDO_DEBUG_PARSER) /* * We can only call list2tq once on bmem as it will zero @@ -657,6 +663,8 @@ add_defaults(int type, struct member *bmem, struct defaults *defs) d->binding = binding; } tq_append(&defaults, defs); + + debug_return; } /* @@ -667,6 +675,7 @@ static void add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; + debug_decl(add_userspec, SUDO_DEBUG_PARSER) u = emalloc(sizeof(*u)); list2tq(&u->users, members); @@ -674,6 +683,8 @@ add_userspec(struct member *members, struct privilege *privs) u->prev = u; u->next = NULL; tq_append(&userspecs, u); + + debug_return; } /* @@ -689,6 +700,7 @@ init_parser(const char *path, int quiet) struct privilege *priv; struct cmndspec *cs; struct sudo_command *c; + debug_decl(init_parser, SUDO_DEBUG_PARSER) while ((us = tq_pop(&userspecs)) != NULL) { while ((m = tq_pop(&us->users)) != NULL) { @@ -777,4 +789,6 @@ init_parser(const char *path, int quiet) errorlineno = -1; errorfile = NULL; verbose = !quiet; + + debug_return; } diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index a60a87dc7..133f4619e 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -73,6 +73,7 @@ group_plugin_load(char *plugin_info) char *args, path[PATH_MAX]; char **argv = NULL; int len, rc = -1; + debug_decl(group_plugin_load, SUDO_DEBUG_UTIL) /* * Fill in .so path and split out args (if any). @@ -162,12 +163,14 @@ done: } } - return rc; + debug_return_bool(rc); } void group_plugin_unload(void) { + debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL) + if (group_plugin != NULL) { (group_plugin->cleanup)(); group_plugin = NULL; @@ -176,15 +179,18 @@ group_plugin_unload(void) dlclose(group_handle); group_handle = NULL; } + debug_return; } int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { + debug_decl(group_plugin_query, SUDO_DEBUG_UTIL) + if (group_plugin == NULL) - return FALSE; - return (group_plugin->query)(user, group, pwd); + debug_return_bool(FALSE); + debug_return_bool((group_plugin->query)(user, group, pwd)); } #else /* !HAVE_DLOPEN && !HAVE_SHL_LOAD */ @@ -202,20 +208,23 @@ struct passwd; int group_plugin_load(char *plugin_info) { - return FALSE; + debug_decl(group_plugin_load, SUDO_DEBUG_UTIL) + debug_return_bool(FALSE); } void group_plugin_unload(void) { - return; + debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL) + debug_return_bool; } int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { - return FALSE; + debug_decl(group_plugin_query, SUDO_DEBUG_UTIL) + debug_return_bool(FALSE); } #endif /* HAVE_DLOPEN || HAVE_SHL_LOAD */ diff --git a/plugins/sudoers/interfaces.c b/plugins/sudoers/interfaces.c index 10963589a..a4c5b505c 100644 --- a/plugins/sudoers/interfaces.c +++ b/plugins/sudoers/interfaces.c @@ -61,6 +61,7 @@ set_interfaces(const char *ai) { char *addrinfo, *addr, *mask; struct interface *ifp; + debug_decl(set_interfaces, SUDO_DEBUG_NETIF) addrinfo = estrdup(ai); for (addr = strtok(addrinfo, " \t"); addr != NULL; addr = strtok(NULL, " \t")) { @@ -97,12 +98,14 @@ set_interfaces(const char *ai) interfaces = ifp; } efree(addrinfo); + debug_return; } void dump_interfaces(const char *ai) { char *cp, *addrinfo; + debug_decl(set_interfaces, SUDO_DEBUG_NETIF) addrinfo = estrdup(ai); @@ -111,4 +114,5 @@ dump_interfaces(const char *ai) sudo_printf(SUDO_CONV_INFO_MSG, "\t%s\n", cp); efree(addrinfo); + debug_return; } diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 00fd7ea80..028c846c3 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -112,6 +112,7 @@ mkdir_parents(char *path) { struct stat sb; char *slash = path; + debug_decl(mkdir_parents, SUDO_DEBUG_UTIL) for (;;) { if ((slash = strchr(slash + 1, '/')) == NULL) @@ -125,6 +126,7 @@ mkdir_parents(char *path) } *slash = '/'; } + debug_return; } /* @@ -143,6 +145,7 @@ io_nextid(char *iolog_dir, char sessid[7]) ssize_t nread; char pathbuf[PATH_MAX]; static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + debug_decl(io_nextid, SUDO_DEBUG_UTIL) /* * Create I/O log directory if it doesn't already exist. @@ -198,6 +201,8 @@ io_nextid(char *iolog_dir, char sessid[7]) if (lseek(fd, 0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7) log_error(USE_ERRNO, _("unable to write to %s"), pathbuf); close(fd); + + debug_return; } /* @@ -208,6 +213,7 @@ static size_t mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) { size_t len; + debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL) len = strlcpy(pathbuf, iolog_path, pathsize); if (len >= pathsize) { @@ -228,7 +234,7 @@ mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) log_error(USE_ERRNO, _("unable to create %s"), pathbuf); } - return len; + debug_return_size_t(len); } /* @@ -242,6 +248,7 @@ open_io_fd(char *pathbuf, size_t len, const char *suffix, int docompress) { void *vfd = NULL; int fd; + debug_decl(open_io_fd, SUDO_DEBUG_UTIL) pathbuf[len] = '\0'; strlcat(pathbuf, suffix, PATH_MAX); @@ -255,7 +262,7 @@ open_io_fd(char *pathbuf, size_t len, const char *suffix, int docompress) #endif vfd = fdopen(fd, "w"); } - return vfd; + debug_return_ptr(vfd); } /* @@ -272,6 +279,7 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], unsigned long ulval; uid_t runas_uid = 0; gid_t runas_gid = 0; + debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL) memset(details, 0, sizeof(*details)); @@ -402,6 +410,7 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], details->runas_gr = sudo_fakegrnam(id); } } + debug_return; } static int @@ -417,6 +426,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, FILE *io_logfile; size_t len; int rval = -1; + debug_decl(sudoers_io_open, SUDO_DEBUG_UTIL) if (!sudo_conv) sudo_conv = conversation; @@ -425,7 +435,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, /* If we have no command (because -V was specified) just return. */ if (argc == 0) - return TRUE; + debug_return_bool(TRUE); if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ @@ -550,17 +560,18 @@ done: gr_delref(details.runas_gr); sudo_endgrent(); - return rval; + debug_return_bool(rval); } static void sudoers_io_close(int exit_status, int error) { int i; + debug_decl(sudoers_io_close, SUDO_DEBUG_UTIL) if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ - return; + debug_return; } for (i = 0; i < IOFD_MAX; i++) { @@ -573,20 +584,23 @@ sudoers_io_close(int exit_status, int error) #endif fclose(io_fds[i].f); } + debug_return; } static int sudoers_io_version(int verbose) { + debug_decl(sudoers_io_version, SUDO_DEBUG_UTIL) + if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ - return -1; + debug_return_bool(-1); } sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n", PACKAGE_VERSION); - return TRUE; + debug_return_bool(TRUE); } /* @@ -596,12 +610,13 @@ static int sudoers_io_log(const char *buf, unsigned int len, int idx) { struct timeval now, delay; + debug_decl(sudoers_io_version, SUDO_DEBUG_UTIL) gettimeofday(&now, NULL); if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ - return -1; + debug_return_bool(-1); } #ifdef HAVE_ZLIB_H @@ -624,7 +639,7 @@ sudoers_io_log(const char *buf, unsigned int len, int idx) last_time.tv_sec = now.tv_sec; last_time.tv_usec = now.tv_usec; - return TRUE; + debug_return_bool(TRUE); } static int diff --git a/plugins/sudoers/iolog_path.c b/plugins/sudoers/iolog_path.c index 0f1044f20..55175fd54 100644 --- a/plugins/sudoers/iolog_path.c +++ b/plugins/sudoers/iolog_path.c @@ -73,6 +73,7 @@ fill_seq(char *str, size_t strsize) { static char sessid[7]; int len; + debug_decl(sudoers_io_version, SUDO_DEBUG_UTIL) if (sessid[0] == '\0') io_nextid(def_iolog_dir, sessid); @@ -81,14 +82,15 @@ fill_seq(char *str, size_t strsize) len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]); if (len < 0) - return strsize; /* handle non-standard snprintf() */ - return (size_t)len; + debug_return_size_t(strsize); /* handle non-standard snprintf() */ + debug_return_size_t(len); } static size_t fill_user(char *str, size_t strsize) { - return strlcpy(str, user_name, strsize); + debug_decl(fill_user, SUDO_DEBUG_UTIL) + debug_return_size_t(strlcpy(str, user_name, strsize)); } static size_t @@ -96,6 +98,7 @@ fill_group(char *str, size_t strsize) { struct group *grp; size_t len; + debug_decl(fill_group, SUDO_DEBUG_UTIL) if ((grp = sudo_getgrgid(user_gid)) != NULL) { len = strlcpy(str, grp->gr_name, strsize); @@ -105,13 +108,14 @@ fill_group(char *str, size_t strsize) len = snprintf(str + len, strsize - len, "#%u", (unsigned int) user_gid); } - return len; + debug_return_size_t(len); } static size_t fill_runas_user(char *str, size_t strsize) { - return strlcpy(str, runas_pw->pw_name, strsize); + debug_decl(fill_runas_user, SUDO_DEBUG_UTIL) + debug_return_size_t(strlcpy(str, runas_pw->pw_name, strsize)); } static size_t @@ -119,6 +123,7 @@ fill_runas_group(char *str, size_t strsize) { struct group *grp; size_t len; + debug_decl(fill_runas_group, SUDO_DEBUG_UTIL) if (runas_gr != NULL) { len = strlcpy(str, runas_gr->gr_name, strsize); @@ -132,19 +137,21 @@ fill_runas_group(char *str, size_t strsize) (unsigned int) runas_pw->pw_gid); } } - return len; + debug_return_size_t(len); } static size_t fill_hostname(char *str, size_t strsize) { - return strlcpy(str, user_shost, strsize); + debug_decl(fill_hostname, SUDO_DEBUG_UTIL) + debug_return_size_t(strlcpy(str, user_shost, strsize)); } static size_t fill_command(char *str, size_t strsize) { - return strlcpy(str, user_base, strsize); + debug_decl(fill_command, SUDO_DEBUG_UTIL) + debug_return_size_t(strlcpy(str, user_base, strsize)); } /* @@ -160,6 +167,7 @@ expand_iolog_path(const char *prefix, const char *dir, const char *file, char *dst, *dst0, *path, *pathend, tmpbuf[PATH_MAX]; const char *endbrace, *src = dir; int pass, strfit; + debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL) /* Expanded path must be <= PATH_MAX */ if (prefix != NULL) @@ -267,8 +275,8 @@ expand_iolog_path(const char *prefix, const char *dir, const char *file, } } - return path; + debug_return_str(path); bad: efree(path); - return NULL; + debug_return_str(NULL); } diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index e8e63117d..233bc1f49 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -362,6 +362,7 @@ sudo_ldap_conf_add_ports(void) char *host, *port, defport[13]; char hostbuf[LINE_MAX * 2]; + debug_decl(sudo_ldap_conf_add_ports, SUDO_DEBUG_LDAP) hostbuf[0] = '\0'; if (snprintf(defport, sizeof(defport), ":%d", ldap_conf.port) >= sizeof(defport)) @@ -385,7 +386,7 @@ sudo_ldap_conf_add_ports(void) efree(ldap_conf.host); ldap_conf.host = estrdup(hostbuf); - return; + debug_return; toobig: errorx(1, _("sudo_ldap_conf_add_ports: out of space expanding hostbuf")); @@ -405,6 +406,7 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list) char hostbuf[LINE_MAX]; int nldap = 0, nldaps = 0; int rc = -1; + debug_decl(sudo_ldap_parse_uri, SUDO_DEBUG_LDAP) do { buf = estrdup(uri_list->val); @@ -472,7 +474,7 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list) done: efree(buf); - return rc; + debug_return_int(rc); toobig: errorx(1, _("sudo_ldap_parse_uri: out of space building hostbuf")); @@ -484,10 +486,11 @@ sudo_ldap_join_uri(struct ldap_config_list_str *uri_list) struct ldap_config_list_str *uri; size_t len = 0; char *buf, *cp; + debug_decl(sudo_ldap_join_uri, SUDO_DEBUG_LDAP) /* Usually just a single entry. */ if (uri_list->next == NULL) - return estrdup(uri_list->val); + debug_return_str(estrdup(uri_list->val)); for (uri = uri_list; uri != NULL; uri = uri->next) { len += strlen(uri->val) + 1; @@ -499,7 +502,7 @@ sudo_ldap_join_uri(struct ldap_config_list_str *uri_list) *cp++ = ' '; } cp[-1] = '\0'; - return buf; + debug_return_str(buf); } #endif /* HAVE_LDAP_INITIALIZE */ @@ -508,6 +511,7 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) { LDAP *ld = NULL; int rc = LDAP_CONNECT_ERROR; + debug_decl(sudo_ldap_init, SUDO_DEBUG_LDAP) #ifdef HAVE_LDAPSSL_INIT if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) { @@ -565,7 +569,7 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) done: *ldp = ld; - return rc; + debug_return_int(rc); } /* @@ -578,14 +582,15 @@ sudo_ldap_check_user_netgroup(LDAP *ld, LDAPMessage *entry, char *user) struct berval **bv, **p; char *val; int ret = FALSE; + debug_decl(sudo_ldap_check_user_netgroup, SUDO_DEBUG_LDAP) if (!entry) - return ret; + debug_return_int(ret); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoUser"); if (bv == NULL) - return ret; + debug_return_int(ret); /* walk through values */ for (p = bv; *p != NULL && !ret; p++) { @@ -599,27 +604,28 @@ sudo_ldap_check_user_netgroup(LDAP *ld, LDAPMessage *entry, char *user) ldap_value_free_len(bv); /* cleanup */ - return ret; + debug_return_int(ret); } /* - * Walk through search results and return TRUE if we have a - * host match, else FALSE. - */ +* Walk through search results and return TRUE if we have a +* host match, else FALSE. +*/ static int sudo_ldap_check_host(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char *val; int ret = FALSE; + debug_decl(sudo_ldap_check_host, SUDO_DEBUG_LDAP) if (!entry) - return ret; + debug_return_int(ret); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoHost"); if (bv == NULL) - return ret; + debug_return_int(ret); /* walk through values */ for (p = bv; *p != NULL && !ret; p++) { @@ -635,7 +641,7 @@ sudo_ldap_check_host(LDAP *ld, LDAPMessage *entry) ldap_value_free_len(bv); /* cleanup */ - return ret; + debug_return_int(ret); } static int @@ -644,9 +650,10 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) struct berval **bv, **p; char *val; int ret = FALSE; + debug_decl(sudo_ldap_check_runas_user, SUDO_DEBUG_LDAP) if (!runas_pw) - return UNSPEC; + debug_return_int(UNSPEC); /* get the runas user from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsUser"); @@ -675,7 +682,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) * what the user specified on the command line. */ if (bv == NULL) - return !strcasecmp(runas_pw->pw_name, def_runas_default); + debug_return_int(!strcasecmp(runas_pw->pw_name, def_runas_default)); /* walk through values returned, looking for a match */ for (p = bv; *p != NULL && !ret; p++) { @@ -706,7 +713,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) ldap_value_free_len(bv); /* cleanup */ - return ret; + debug_return_int(ret); } static int @@ -715,15 +722,16 @@ sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) struct berval **bv, **p; char *val; int ret = FALSE; + debug_decl(sudo_ldap_check_runas_group, SUDO_DEBUG_LDAP) /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) - return UNSPEC; + debug_return_int(UNSPEC); /* get the values from the entry */ bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup"); if (bv == NULL) - return ret; + debug_return_int(ret); /* walk through values returned, looking for a match */ for (p = bv; *p != NULL && !ret; p++) { @@ -736,7 +744,7 @@ sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) ldap_value_free_len(bv); /* cleanup */ - return ret; + debug_return_int(ret); } /* @@ -747,14 +755,15 @@ static int sudo_ldap_check_runas(LDAP *ld, LDAPMessage *entry) { int ret; + debug_decl(sudo_ldap_check_runas, SUDO_DEBUG_LDAP) if (!entry) - return FALSE; + debug_return_bool(FALSE); ret = sudo_ldap_check_runas_user(ld, entry) != FALSE && sudo_ldap_check_runas_group(ld, entry) != FALSE; - return ret; + debug_return_bool(ret); } /* @@ -767,13 +776,14 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) struct berval **bv, **p; char *allowed_cmnd, *allowed_args, *val; int foundbang, ret = UNSPEC; + debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP) if (!entry) - return ret; + debug_return_bool(ret); bv = ldap_get_values_len(ld, entry, "sudoCommand"); if (bv == NULL) - return ret; + debug_return_bool(ret); for (p = bv; *p != NULL && ret != FALSE; p++) { val = (*p)->bv_val; @@ -816,7 +826,7 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) ldap_value_free_len(bv); /* more cleanup */ - return ret; + debug_return_bool(ret); } /* @@ -829,13 +839,14 @@ sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) struct berval **bv, **p; char ch, *var; int ret = UNSPEC; + debug_decl(sudo_ldap_check_bool, SUDO_DEBUG_LDAP) if (entry == NULL) - return UNSPEC; + debug_return_bool(ret); bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv == NULL) - return ret; + debug_return_bool(ret); /* walk through options */ for (p = bv; *p != NULL; p++) { @@ -850,7 +861,7 @@ sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) ldap_value_free_len(bv); - return ret; + debug_return_bool(ret); } /* @@ -862,13 +873,14 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char op, *var, *val; + debug_decl(sudo_ldap_parse_options, SUDO_DEBUG_LDAP) if (entry == NULL) - return; + debug_return; bv = ldap_get_values_len(ld, entry, "sudoOption"); if (bv == NULL) - return; + debug_return; /* walk through options */ for (p = bv; *p != NULL; p++) { @@ -899,6 +911,8 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry) } ldap_value_free_len(bv); + + debug_return; } /* @@ -930,6 +944,7 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize) time_t now; char timebuffer[16]; int bytes = 0; + debug_decl(sudo_ldap_timefilter, SUDO_DEBUG_LDAP) /* Make sure we have a formatted timestamp for __now__. */ time(&now); @@ -953,22 +968,23 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize) } done: - return bytes; + debug_return_int(bytes); } /* * Builds up a filter to search for default settings */ static char * -sudo_ldap_build_default_filter() +sudo_ldap_build_default_filter(void) { char *filt; + debug_decl(sudo_ldap_build_default_filter, SUDO_DEBUG_LDAP) if (ldap_conf.search_filter) easprintf(&filt, "(&%s(cn=defaults))", ldap_conf.search_filter); else filt = estrdup("cn=defaults"); - return filt; + debug_return_str(filt); } /* @@ -982,6 +998,7 @@ sudo_ldap_build_pass1(struct passwd *pw) struct group_list *grlist; size_t sz = 0; int i; + debug_decl(sudo_ldap_build_pass1, SUDO_DEBUG_LDAP) /* Start with LDAP search filter length + 3 */ if (ldap_conf.search_filter) @@ -1061,7 +1078,7 @@ sudo_ldap_build_pass1(struct passwd *pw) } strlcat(buf, ")", sz); /* closes the global OR or the global AND */ - return buf; + debug_return_str(buf); } /* @@ -1071,6 +1088,7 @@ static char * sudo_ldap_build_pass2(void) { char *filt, timebuffer[TIMEFILTER_LENGTH]; + debug_decl(sudo_ldap_build_pass2, SUDO_DEBUG_LDAP) if (ldap_conf.timed) sudo_ldap_timefilter(timebuffer, sizeof(timebuffer)); @@ -1086,7 +1104,7 @@ sudo_ldap_build_pass2(void) ldap_conf.timed ? timebuffer : "", (ldap_conf.timed || ldap_conf.search_filter) ? ")" : ""); - return filt; + debug_return_str(filt); } static void @@ -1094,6 +1112,7 @@ sudo_ldap_read_secret(const char *path) { FILE *fp; char buf[LINE_MAX], *cp; + debug_decl(sudo_ldap_read_secret, SUDO_DEBUG_LDAP) if ((fp = fopen(_PATH_LDAP_SECRET, "r")) != NULL) { if (fgets(buf, sizeof(buf), fp) != NULL) { @@ -1108,6 +1127,7 @@ sudo_ldap_read_secret(const char *path) } fclose(fp); } + debug_return; } static int @@ -1116,6 +1136,7 @@ sudo_ldap_read_config(void) FILE *fp; char *cp, *keyword, *value; struct ldap_config_table *cur; + debug_decl(sudo_ldap_read_config, SUDO_DEBUG_LDAP) /* defaults */ ldap_conf.version = 3; @@ -1129,7 +1150,7 @@ sudo_ldap_read_config(void) ldap_conf.deref = -1; if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL) - return FALSE; + debug_return_bool(FALSE); while ((cp = sudo_parseln(fp)) != NULL) { if (*cp == '\0') @@ -1294,7 +1315,7 @@ sudo_ldap_read_config(void) sudo_printf(SUDO_CONV_ERROR_MSG, "===================\n"); } if (!ldap_conf.base) - return FALSE; /* if no base is defined, ignore LDAP */ + debug_return_bool(FALSE); /* if no base is defined, ignore LDAP */ if (ldap_conf.bind_timelimit > 0) ldap_conf.bind_timelimit *= 1000; /* convert to ms */ @@ -1321,7 +1342,7 @@ sudo_ldap_read_config(void) if (ldap_conf.uri) { struct ldap_config_list_str *uri = ldap_conf.uri; if (sudo_ldap_parse_uri(uri) != 0) - return FALSE; + debug_return_bool(FALSE); do { ldap_conf.uri = uri->next; efree(uri); @@ -1383,7 +1404,7 @@ sudo_ldap_read_config(void) } } #endif - return TRUE; + debug_return_bool(TRUE); } /* @@ -1395,23 +1416,25 @@ sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry) #ifdef HAVE_LDAP_STR2DN char *dn, *rdn = NULL; LDAPDN tmpDN; + debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP) if ((dn = ldap_get_dn(ld, entry)) == NULL) - return NULL; + debug_return_str(NULL); if (ldap_str2dn(dn, &tmpDN, LDAP_DN_FORMAT_LDAP) == LDAP_SUCCESS) { ldap_rdn2str(tmpDN[0], &rdn, LDAP_DN_FORMAT_UFN); ldap_dnfree(tmpDN); } ldap_memfree(dn); - return rdn; + debug_return_str(rdn); #else char *dn, **edn; + debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP) if ((dn = ldap_get_dn(ld, entry)) == NULL) return NULL; edn = ldap_explode_dn(dn, 1); ldap_memfree(dn); - return edn ? edn[0] : NULL; + debug_return_str(edn ? edn[0] : NULL); #endif } @@ -1430,6 +1453,7 @@ sudo_ldap_display_defaults(struct sudo_nss *nss, struct passwd *pw, LDAPMessage *entry, *result; char *prefix, *filt; int rc, count = 0; + debug_decl(sudo_ldap_display_defaults, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) goto done; @@ -1465,7 +1489,7 @@ sudo_ldap_display_defaults(struct sudo_nss *nss, struct passwd *pw, } efree(filt); done: - return count; + debug_return_int(count); } /* @@ -1475,7 +1499,8 @@ static int sudo_ldap_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { - return 0; + debug_decl(sudo_ldap_display_bound_defaults, SUDO_DEBUG_LDAP) + debug_return_int(0); } /* @@ -1486,6 +1511,7 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) { struct berval **bv, **p; int count = 0; + debug_decl(sudo_ldap_display_entry_short, SUDO_DEBUG_LDAP) lbuf_append(lbuf, " ("); @@ -1543,7 +1569,7 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) } lbuf_append(lbuf, "\n"); - return count; + debug_return_int(count); } /* @@ -1555,6 +1581,7 @@ sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) struct berval **bv, **p; char *rdn; int count = 0; + debug_decl(sudo_ldap_display_entry_long, SUDO_DEBUG_LDAP) /* extract the dn, only show the first rdn */ rdn = sudo_ldap_get_first_rdn(ld, entry); @@ -1624,7 +1651,7 @@ sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct lbuf *lbuf) ldap_value_free_len(bv); } - return count; + debug_return_int(count); } /* @@ -1639,6 +1666,7 @@ sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw, struct ldap_result *lres; LDAPMessage *entry; int i, count = 0; + debug_decl(sudo_ldap_display_privs, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) goto done; @@ -1657,7 +1685,7 @@ sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw, } done: - return count; + debug_return_int(count); } static int @@ -1668,6 +1696,7 @@ sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw) struct ldap_result *lres; LDAPMessage *entry; int i, found = FALSE; + debug_decl(sudo_ldap_display_cmnd, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) goto done; @@ -1692,7 +1721,7 @@ done: if (found) printf("%s%s%s\n", safe_cmnd ? safe_cmnd : user_cmnd, user_args ? " " : "", user_args ? user_args : ""); - return !found; + debug_return_bool(!found); } #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S @@ -1702,10 +1731,11 @@ sudo_ldap_sasl_interact(LDAP *ld, unsigned int flags, void *_auth_id, { char *auth_id = (char *)_auth_id; sasl_interact_t *interact = (sasl_interact_t *)_interact; + debug_decl(sudo_ldap_sasl_interact, SUDO_DEBUG_LDAP) for (; interact->id != SASL_CB_LIST_END; interact++) { if (interact->id != SASL_CB_USER) - return LDAP_PARAM_ERROR; + debug_return_int(LDAP_PARAM_ERROR); if (auth_id != NULL) interact->result = auth_id; @@ -1719,7 +1749,7 @@ sudo_ldap_sasl_interact(LDAP *ld, unsigned int flags, void *_auth_id, interact->result = estrdup(interact->result); #endif /* SASL_VERSION_MAJOR < 2 */ } - return LDAP_SUCCESS; + debug_return_int(LDAP_SUCCESS); } #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */ @@ -1731,6 +1761,7 @@ sudo_ldap_set_options(LDAP *ld) { struct ldap_config_table *cur; int rc; + debug_decl(sudo_ldap_set_options, SUDO_DEBUG_LDAP) /* Set ber options */ #ifdef LBER_OPT_DEBUG_LEVEL @@ -1757,7 +1788,7 @@ sudo_ldap_set_options(LDAP *ld) if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option: %s -> %d: %s", cur->conf_str, ival, ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_set_option: %s -> %d", cur->conf_str, ival), 1); } @@ -1769,7 +1800,7 @@ sudo_ldap_set_options(LDAP *ld) if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option: %s -> %s: %s", cur->conf_str, sval, ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_set_option: %s -> %s", cur->conf_str, sval), 1); } @@ -1787,7 +1818,7 @@ sudo_ldap_set_options(LDAP *ld) if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option(TIMEOUT, %ld): %s", (long)tv.tv_sec, ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_set_option(LDAP_OPT_TIMEOUT, %ld)", (long)tv.tv_sec), 1); @@ -1803,7 +1834,7 @@ sudo_ldap_set_options(LDAP *ld) if (rc != LDAP_OPT_SUCCESS) { warningx("ldap_set_option(NETWORK_TIMEOUT, %ld): %s", (long)tv.tv_sec, ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %ld)", (long)tv.tv_sec), 1); @@ -1817,12 +1848,12 @@ sudo_ldap_set_options(LDAP *ld) if (rc != LDAP_SUCCESS) { warningx("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"), 1); } #endif - return 0; + debug_return_int(0); } /* @@ -1832,6 +1863,7 @@ static struct ldap_result * sudo_ldap_result_alloc(void) { struct ldap_result *result; + debug_decl(sudo_ldap_result_alloc, SUDO_DEBUG_LDAP) result = emalloc(sizeof(*result)); result->searches = NULL; @@ -1840,7 +1872,7 @@ sudo_ldap_result_alloc(void) result->allocated_entries = 0; result->user_matches = FALSE; result->host_matches = FALSE; - return result; + debug_return_ptr(result); } /* @@ -1850,6 +1882,7 @@ static void sudo_ldap_result_free(struct ldap_result *lres) { struct ldap_search_list *s; + debug_decl(sudo_ldap_result_free, SUDO_DEBUG_LDAP) if (lres != NULL) { if (lres->nentries) { @@ -1865,6 +1898,7 @@ sudo_ldap_result_free(struct ldap_result *lres) } efree(lres); } + debug_return; } /* @@ -1875,6 +1909,7 @@ sudo_ldap_result_add_search(struct ldap_result *lres, LDAP *ldap, LDAPMessage *searchresult) { struct ldap_search_list *s, *news; + debug_decl(sudo_ldap_result_add_search, SUDO_DEBUG_LDAP) news = emalloc(sizeof(struct ldap_search_list)); news->next = NULL; @@ -1889,7 +1924,7 @@ sudo_ldap_result_add_search(struct ldap_result *lres, LDAP *ldap, } else { lres->searches = news; } - return news; + debug_return_ptr(news); } /* @@ -1905,6 +1940,7 @@ sudo_ldap_bind_s(LDAP *ld) unsigned int status; # endif #endif + debug_decl(sudo_ldap_bind_s, SUDO_DEBUG_LDAP) #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S if (ldap_conf.rootuse_sasl == TRUE || @@ -1939,7 +1975,7 @@ sudo_ldap_bind_s(LDAP *ld) if (rc != LDAP_SUCCESS) { warningx("ldap_sasl_interactive_bind_s(): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_sasl_interactive_bind_s() ok"), 1); } else @@ -1955,7 +1991,7 @@ sudo_ldap_bind_s(LDAP *ld) NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_sasl_bind_s(): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_sasl_bind_s() ok"), 1); } @@ -1964,12 +2000,12 @@ sudo_ldap_bind_s(LDAP *ld) rc = ldap_simple_bind_s(ld, ldap_conf.binddn, ldap_conf.bindpw); if (rc != LDAP_SUCCESS) { warningx("ldap_simple_bind_s(): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_simple_bind_s() ok"), 1); } #endif - return 0; + debug_return_int(0); } /* @@ -1981,10 +2017,11 @@ sudo_ldap_open(struct sudo_nss *nss) { LDAP *ld; int rc, ldapnoinit = FALSE; - struct sudo_ldap_handle *handle; + struct sudo_ldap_handle *handle; + debug_decl(sudo_ldap_open, SUDO_DEBUG_LDAP) if (!sudo_ldap_read_config()) - return -1; + debug_return_int(-1); /* Prevent reading of user ldaprc and system defaults. */ if (getenv("LDAPNOINIT") == NULL) { @@ -2004,7 +2041,7 @@ sudo_ldap_open(struct sudo_nss *nss) rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); if (rc != LDAP_SUCCESS) { warningx(_("unable to initialize LDAP: %s"), ldap_err2string(rc)); - return -1; + debug_return_int(-1); } if (ldapnoinit) @@ -2012,25 +2049,25 @@ sudo_ldap_open(struct sudo_nss *nss) /* Set LDAP options */ if (sudo_ldap_set_options(ld) < 0) - return -1; + debug_return_int(-1); if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { #if defined(HAVE_LDAP_START_TLS_S) rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_start_tls_s(): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_start_tls_s() ok"), 1); #elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP) if (ldap_ssl_client_init(NULL, NULL, 0, &rc) != LDAP_SUCCESS) { warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } rc = ldap_start_tls_s_np(ld, NULL); if (rc != LDAP_SUCCESS) { warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc)); - return -1; + debug_return_int(-1); } DPRINTF(("ldap_start_tls_s_np() ok"), 1); #else @@ -2040,7 +2077,7 @@ sudo_ldap_open(struct sudo_nss *nss) /* Actually connect */ if (sudo_ldap_bind_s(ld) != 0) - return -1; + debug_return_int(-1); /* Create a handle container. */ handle = emalloc(sizeof(struct sudo_ldap_handle)); @@ -2050,7 +2087,7 @@ sudo_ldap_open(struct sudo_nss *nss) handle->grlist = NULL; nss->handle = handle; - return 0; + debug_return_int(0); } static int @@ -2063,9 +2100,10 @@ sudo_ldap_setdefs(struct sudo_nss *nss) LDAPMessage *entry, *result; char *filt; int rc; + debug_decl(sudo_ldap_setdefs, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) - return -1; + debug_return_int(-1); ld = handle->ld; filt = sudo_ldap_build_default_filter(); @@ -2091,7 +2129,7 @@ sudo_ldap_setdefs(struct sudo_nss *nss) } efree(filt); - return 0; + debug_return_int(0); } /* @@ -2105,9 +2143,10 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) LDAPMessage *entry; int i, rc, setenv_implied; struct ldap_result *lres = NULL; + debug_decl(sudo_ldap_lookup, SUDO_DEBUG_LDAP) if (handle == NULL || handle->ld == NULL) - return ret; + debug_return_int(ret); ld = handle->ld; /* Fetch list of sudoRole entries that match user and host. */ @@ -2212,7 +2251,7 @@ done: CLR(ret, FLAG_NO_HOST); DPRINTF(("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret), 1); - return ret; + debug_return_int(ret); } /* @@ -2223,9 +2262,10 @@ ldap_entry_compare(const void *a, const void *b) { const struct ldap_entry_wrapper *aw = a; const struct ldap_entry_wrapper *bw = b; + debug_decl(ldap_entry_compare, SUDO_DEBUG_LDAP) - return bw->order < aw->order ? -1 : - (bw->order > aw->order ? 1 : 0); + debug_return_int(bw->order < aw->order ? -1 : + (bw->order > aw->order ? 1 : 0)); } /* @@ -2237,12 +2277,13 @@ static struct ldap_search_list * sudo_ldap_result_last_search(struct ldap_result *lres) { struct ldap_search_list *result = lres->searches; + debug_decl(sudo_ldap_result_last_search, SUDO_DEBUG_LDAP) if (result) { while (result->next) result = result->next; } - return result; + debug_return_ptr(result); } /* @@ -2255,6 +2296,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry) struct berval **bv; double order = 0.0; char *ep; + debug_decl(sudo_ldap_result_add_entry, SUDO_DEBUG_LDAP) /* Determine whether the entry has the sudoOrder attribute. */ last = sudo_ldap_result_last_search(lres); @@ -2287,7 +2329,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry) lres->entries[lres->nentries - 1].entry = entry; lres->entries[lres->nentries - 1].order = order; - return &lres->entries[lres->nentries - 1]; + debug_return_ptr(&lres->entries[lres->nentries - 1]); } /* @@ -2297,6 +2339,7 @@ static void sudo_ldap_result_free_nss(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; + debug_decl(sudo_ldap_result_free_nss, SUDO_DEBUG_LDAP) if (handle->result != NULL) { DPRINTF(("removing reusable search result"), 1); @@ -2308,6 +2351,7 @@ sudo_ldap_result_free_nss(struct sudo_nss *nss) handle->grlist = NULL; handle->result = NULL; } + debug_return; } /* @@ -2325,6 +2369,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) LDAP *ld = handle->ld; int do_netgr, rc; char *filt; + debug_decl(sudo_ldap_result_get, SUDO_DEBUG_LDAP) /* * If we already have a cached result, return it so we don't have to @@ -2335,7 +2380,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) strcmp(pw->pw_name, handle->username) == 0) { DPRINTF(("reusing previous result (user %s) with %d entries", handle->username, handle->result->nentries), 1); - return handle->result; + debug_return_ptr(handle->result); } /* User mismatch, cached result cannot be used. */ DPRINTF(("removing result (user %s), new search (user %s)", @@ -2407,7 +2452,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) handle->username = estrdup(pw->pw_name); handle->grlist = user_group_list; - return lres; + debug_return_ptr(lres); } /* @@ -2417,6 +2462,7 @@ static int sudo_ldap_close(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; + debug_decl(sudo_ldap_close, SUDO_DEBUG_LDAP) if (handle != NULL) { /* Free the result before unbinding; it may use the LDAP connection. */ @@ -2432,7 +2478,7 @@ sudo_ldap_close(struct sudo_nss *nss) efree(nss->handle); nss->handle = NULL; } - return 0; + debug_return_int(0); } /* diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c index e8e25aab2..71f9e5e73 100644 --- a/plugins/sudoers/linux_audit.c +++ b/plugins/sudoers/linux_audit.c @@ -35,19 +35,21 @@ #include "error.h" #include "alloc.h" #include "gettext.h" +#include "sudo_debug.h" #include "linux_audit.h" /* * Open audit connection if possible. * Returns audit fd on success and -1 on failure. */ -static int -linux_audit_open(void) +int +static linux_audit_open(void) { static int au_fd = -1; + debug_decl(linux_audit_open, SUDO_DEBUG_AUDIT) if (au_fd != -1) - return au_fd; + debug_return_int(au_fd); au_fd = audit_open(); if (au_fd == -1) { /* Kernel may not have audit support. */ @@ -56,7 +58,7 @@ linux_audit_open(void) } else { (void)fcntl(au_fd, F_SETFD, FD_CLOEXEC); } - return au_fd; + debug_return_int(au_fd); } int @@ -65,9 +67,10 @@ linux_audit_command(char *argv[], int result) int au_fd, rc; char *command, *cp, **av; size_t size, n; + debug_decl(linux_audit_command, SUDO_DEBUG_AUDIT) if ((au_fd = linux_audit_open()) == -1) - return -1; + debug_return_int(-1); /* Convert argv to a flat string. */ for (size = 0, av = argv; *av != NULL; av++) @@ -89,5 +92,5 @@ linux_audit_command(char *argv[], int result) efree(command); - return rc; + debug_return_int(rc); } diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 35d6a00fd..1e866fc96 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -91,6 +91,7 @@ mysyslog(int pri, const char *fmt, ...) #endif char buf[MAXSYSLOGLEN+1]; va_list ap; + debug_decl(mysyslog, SUDO_DEBUG_LOGGING) va_start(ap, fmt); #ifdef LOG_NFACILITIES @@ -113,6 +114,7 @@ mysyslog(int pri, const char *fmt, ...) #endif /* BROKEN_SYSLOG */ va_end(ap); closelog(); + debug_return; } #define FMT_FIRST "%8s : %s" @@ -128,6 +130,7 @@ do_syslog(int pri, char *msg) size_t len, maxlen; char *p, *tmp, save; const char *fmt; + debug_decl(do_syslog, SUDO_DEBUG_LOGGING) #ifdef HAVE_SETLOCALE const char *old_locale = estrdup(setlocale(LC_ALL, NULL)); @@ -174,6 +177,8 @@ do_syslog(int pri, char *msg) setlocale(LC_ALL, old_locale); efree((void *)old_locale); #endif /* HAVE_SETLOCALE */ + + debug_return; } static void @@ -184,6 +189,7 @@ do_logfile(char *msg) mode_t oldmask; time_t now; FILE *fp; + debug_decl(do_logfile, SUDO_DEBUG_LOGGING) oldmask = umask(077); fp = fopen(def_logfile, "a"); @@ -233,6 +239,7 @@ do_logfile(char *msg) efree((void *)old_locale); #endif /* HAVE_SETLOCALE */ } + debug_return; } /* @@ -241,8 +248,8 @@ do_logfile(char *msg) void log_denial(int status, int inform_user) { - char *message; - char *logline; + char *logline, *message; + debug_decl(log_denial, SUDO_DEBUG_LOGGING) /* Set error message. */ if (ISSET(status, FLAG_NO_USER)) @@ -289,6 +296,7 @@ log_denial(int status, int inform_user) do_logfile(logline); efree(logline); + debug_return; } /* @@ -298,6 +306,7 @@ void log_allowed(int status) { char *logline; + debug_decl(log_allowed, SUDO_DEBUG_LOGGING) logline = new_logline(NULL, 0); @@ -313,15 +322,16 @@ log_allowed(int status) do_logfile(logline); efree(logline); + debug_return; } void log_error(int flags, const char *fmt, ...) { int serrno = errno; - char *message; - char *logline; + char *logline, *message; va_list ap; + debug_decl(log_error, SUDO_DEBUG_LOGGING) /* Expand printf-style format + args. */ va_start(ap, fmt); @@ -370,6 +380,7 @@ log_error(int flags, const char *fmt, ...) plugin_cleanup(0); siglongjmp(error_jmp, 1); } + debug_return; } #define MAX_MAILFLAGS 63 @@ -396,10 +407,11 @@ send_mail(const char *fmt, ...) NULL }; #endif /* NO_ROOT_MAILER */ + debug_decl(send_mail, SUDO_DEBUG_LOGGING) /* Just return if mailer is disabled. */ if (!def_mailerpath || !def_mailto) - return; + debug_return; /* Fork and return, child will daemonize. */ switch (pid = fork()) { @@ -413,6 +425,8 @@ send_mail(const char *fmt, ...) case -1: /* Error. */ mysyslog(LOG_ERR, _("unable to fork: %m")); + sudo_debug_printf(SUDO_DEBUG_SYSERR, "unable to fork: %s", + strerror(errno)); _exit(1); case 0: /* Grandchild continues below. */ @@ -427,7 +441,7 @@ send_mail(const char *fmt, ...) do { rv = waitpid(pid, &status, 0); } while (rv == -1 && errno == EINTR); - return; + return; /* not debug */ } /* Daemonize - disassociate from session/tty. */ @@ -463,6 +477,9 @@ send_mail(const char *fmt, ...) if (pipe(pfd) == -1) { mysyslog(LOG_ERR, _("unable to open pipe: %m")); + sudo_debug_printf(SUDO_DEBUG_SYSERR, "unable to open pipe: %s", + strerror(errno)); + sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(1); } @@ -470,6 +487,9 @@ send_mail(const char *fmt, ...) case -1: /* Error. */ mysyslog(LOG_ERR, _("unable to fork: %m")); + sudo_debug_printf(SUDO_DEBUG_SYSERR, "unable to fork: %s", + strerror(errno)); + sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(1); break; case 0: @@ -482,6 +502,8 @@ send_mail(const char *fmt, ...) if (pfd[0] != STDIN_FILENO) { if (dup2(pfd[0], STDIN_FILENO) == -1) { mysyslog(LOG_ERR, _("unable to dup stdin: %m")); + sudo_debug_printf(SUDO_DEBUG_SYSERR, + "unable to dup stdin: %s", strerror(errno)); _exit(127); } (void) close(pfd[0]); @@ -516,6 +538,8 @@ send_mail(const char *fmt, ...) execv(mpath, argv); #endif /* NO_ROOT_MAILER */ mysyslog(LOG_ERR, _("unable to execute %s: %m"), mpath); + sudo_debug_printf(SUDO_DEBUG_SYSERR, "unable to execute %s: %s", + mpath, strerror(errno)); _exit(127); } break; @@ -561,6 +585,7 @@ send_mail(const char *fmt, ...) do { rv = waitpid(pid, &status, 0); } while (rv == -1 && errno == EINTR); + sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); _exit(0); } @@ -570,11 +595,12 @@ send_mail(const char *fmt, ...) static int should_mail(int status) { + debug_decl(should_mail, SUDO_DEBUG_LOGGING) - return def_mail_always || ISSET(status, VALIDATE_ERROR) || + debug_return_bool(def_mail_always || ISSET(status, VALIDATE_ERROR) || (def_mail_no_user && ISSET(status, FLAG_NO_USER)) || (def_mail_no_host && ISSET(status, FLAG_NO_HOST)) || - (def_mail_no_perms && !ISSET(status, VALIDATE_OK)); + (def_mail_no_perms && !ISSET(status, VALIDATE_OK))); } #define LL_TTY_STR "TTY=" @@ -603,6 +629,7 @@ new_logline(const char *message, int serrno) char *errstr = NULL; char *evstr = NULL; char *line, sessid[7], *tsid = NULL; + debug_decl(new_logline, SUDO_DEBUG_LOGGING) /* A TSID may be a sudoers-style session ID or a free-form string. */ if (sudo_user.iolog_file != NULL) { @@ -723,7 +750,7 @@ new_logline(const char *message, int serrno) } } - return line; + debug_return_str(line); toobig: errorx(1, _("internal error: insufficient space for log line")); } diff --git a/plugins/sudoers/logwrap.c b/plugins/sudoers/logwrap.c index 054b9ac1a..4adfc94b9 100644 --- a/plugins/sudoers/logwrap.c +++ b/plugins/sudoers/logwrap.c @@ -41,6 +41,7 @@ writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen) char *indent = ""; char *beg = line; char *end; + debug_decl(writeln_wrap, SUDO_DEBUG_LOGGING) /* * Print out line with word wrap around maxlen characters. @@ -69,4 +70,6 @@ writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen) /* Print remainder, if any. */ if (len) fprintf(fp, "%s%s\n", indent, beg); + + debug_return; } diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index 9f15020de..269180011 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -107,6 +107,7 @@ _userlist_matches(struct passwd *pw, struct member_list *list) struct member *m; struct alias *a; int rval, matched = UNSPEC; + debug_decl(_userlist_matches, SUDO_DEBUG_MATCH) tq_foreach_rev(list, m) { switch (m->type) { @@ -137,7 +138,7 @@ _userlist_matches(struct passwd *pw, struct member_list *list) if (matched != UNSPEC) break; } - return matched; + debug_return_bool(matched); } int @@ -160,11 +161,12 @@ _runaslist_matches(struct member_list *user_list, struct member_list *group_list int rval; int user_matched = UNSPEC; int group_matched = UNSPEC; + debug_decl(_runaslist_matches, SUDO_DEBUG_MATCH) if (runas_pw != NULL) { /* If no runas user or runas group listed in sudoers, use default. */ if (tq_empty(user_list) && tq_empty(group_list)) - return userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw); + debug_return_int(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw)); tq_foreach_rev(user_list, m) { switch (m->type) { @@ -230,10 +232,10 @@ _runaslist_matches(struct member_list *user_list, struct member_list *group_list } if (user_matched == DENY || group_matched == DENY) - return DENY; + debug_return_int(DENY); if (user_matched == group_matched || runas_gr == NULL) - return user_matched; - return UNSPEC; + debug_return_int(user_matched); + debug_return_int(UNSPEC); } int @@ -254,6 +256,7 @@ _hostlist_matches(struct member_list *list) struct member *m; struct alias *a; int rval, matched = UNSPEC; + debug_decl(_hostlist_matches, SUDO_DEBUG_MATCH) tq_foreach_rev(list, m) { switch (m->type) { @@ -284,7 +287,7 @@ _hostlist_matches(struct member_list *list) if (matched != UNSPEC) break; } - return matched; + debug_return_bool(matched); } int @@ -303,13 +306,14 @@ _cmndlist_matches(struct member_list *list) { struct member *m; int matched = UNSPEC; + debug_decl(_cmndlist_matches, SUDO_DEBUG_MATCH) tq_foreach_rev(list, m) { matched = cmnd_matches(m); if (matched != UNSPEC) break; } - return matched; + debug_return_bool(matched); } int @@ -329,6 +333,7 @@ cmnd_matches(struct member *m) struct alias *a; struct sudo_command *c; int rval, matched = UNSPEC; + debug_decl(cmnd_matches, SUDO_DEBUG_MATCH) switch (m->type) { case ALL: @@ -348,7 +353,7 @@ cmnd_matches(struct member *m) matched = !m->negated; break; } - return matched; + debug_return_bool(matched); } static int @@ -357,6 +362,7 @@ command_args_match(sudoers_cmnd, sudoers_args) char *sudoers_args; { int flags = 0; + debug_decl(command_args_match, SUDO_DEBUG_MATCH) /* * If no args specified in sudoers, any user args are allowed. @@ -364,7 +370,7 @@ command_args_match(sudoers_cmnd, sudoers_args) */ if (!sudoers_args || (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args))) - return TRUE; + debug_return_bool(TRUE); /* * If args are specified in sudoers, they must match the user args. * If running as sudoedit, all args are assumed to be paths. @@ -374,9 +380,9 @@ command_args_match(sudoers_cmnd, sudoers_args) if (strcmp(sudoers_cmnd, "sudoedit") == 0) flags = FNM_PATHNAME; if (fnmatch(sudoers_args, user_args ? user_args : "", flags) == 0) - return TRUE; + debug_return_bool(TRUE); } - return FALSE; + debug_return_bool(FALSE); } /* @@ -386,6 +392,8 @@ command_args_match(sudoers_cmnd, sudoers_args) int command_matches(char *sudoers_cmnd, char *sudoers_args) { + debug_decl(command_matches, SUDO_DEBUG_MATCH) + /* Check for pseudo-commands */ if (sudoers_cmnd[0] != '/') { /* @@ -396,13 +404,13 @@ command_matches(char *sudoers_cmnd, char *sudoers_args) */ if (strcmp(sudoers_cmnd, "sudoedit") != 0 || strcmp(user_cmnd, "sudoedit") != 0) - return FALSE; + debug_return_bool(FALSE); if (command_args_match(sudoers_cmnd, sudoers_args)) { efree(safe_cmnd); safe_cmnd = estrdup(sudoers_cmnd); - return TRUE; + debug_return_bool(TRUE); } else - return FALSE; + debug_return_bool(FALSE); } if (has_meta(sudoers_cmnd)) { @@ -411,15 +419,17 @@ command_matches(char *sudoers_cmnd, char *sudoers_args) * use glob(3) and/or fnmatch(3) to do the matching. */ if (def_fast_glob) - return command_matches_fnmatch(sudoers_cmnd, sudoers_args); - return command_matches_glob(sudoers_cmnd, sudoers_args); + debug_return_bool(command_matches_fnmatch(sudoers_cmnd, sudoers_args)); + debug_return_bool(command_matches_glob(sudoers_cmnd, sudoers_args)); } - return command_matches_normal(sudoers_cmnd, sudoers_args); + debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args)); } static int command_matches_fnmatch(char *sudoers_cmnd, char *sudoers_args) { + debug_decl(command_matches_fnmatch, SUDO_DEBUG_MATCH) + /* * Return true if fnmatch(3) succeeds AND * a) there are no args in sudoers OR @@ -428,14 +438,14 @@ command_matches_fnmatch(char *sudoers_cmnd, char *sudoers_args) * else return false. */ if (fnmatch(sudoers_cmnd, user_cmnd, FNM_PATHNAME) != 0) - return FALSE; + debug_return_bool(FALSE); if (command_args_match(sudoers_cmnd, sudoers_args)) { if (safe_cmnd) free(safe_cmnd); safe_cmnd = estrdup(user_cmnd); - return TRUE; - } else - return FALSE; + debug_return_bool(TRUE); + } + debug_return_bool(FALSE); } static int @@ -445,6 +455,7 @@ command_matches_glob(char *sudoers_cmnd, char *sudoers_args) size_t dlen; char **ap, *base, *cp; glob_t gl; + debug_decl(command_matches_glob, SUDO_DEBUG_MATCH) /* * First check to see if we can avoid the call to glob(3). @@ -456,7 +467,7 @@ command_matches_glob(char *sudoers_cmnd, char *sudoers_args) if ((base = strrchr(sudoers_cmnd, '/')) != NULL) { base++; if (!has_meta(base) && strcmp(user_base, base) != 0) - return FALSE; + debug_return_bool(FALSE); } } /* @@ -469,7 +480,7 @@ command_matches_glob(char *sudoers_cmnd, char *sudoers_args) #define GLOB_FLAGS (GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE) if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0 || gl.gl_pathc == 0) { globfree(&gl); - return FALSE; + debug_return_bool(FALSE); } /* For each glob match, compare basename, st_dev and st_ino. */ for (ap = gl.gl_pathv; (cp = *ap) != NULL; ap++) { @@ -477,7 +488,7 @@ command_matches_glob(char *sudoers_cmnd, char *sudoers_args) dlen = strlen(cp); if (cp[dlen - 1] == '/') { if (command_matches_dir(cp, dlen)) - return TRUE; + debug_return_bool(TRUE); continue; } @@ -499,14 +510,14 @@ command_matches_glob(char *sudoers_cmnd, char *sudoers_args) } globfree(&gl); if (cp == NULL) - return FALSE; + debug_return_bool(FALSE); if (command_args_match(sudoers_cmnd, sudoers_args)) { efree(safe_cmnd); safe_cmnd = estrdup(user_cmnd); - return TRUE; + debug_return_bool(TRUE); } - return FALSE; + debug_return_bool(FALSE); } static int @@ -515,11 +526,12 @@ command_matches_normal(char *sudoers_cmnd, char *sudoers_args) struct stat sudoers_stat; char *base; size_t dlen; + debug_decl(command_matches_normal, SUDO_DEBUG_MATCH) /* If it ends in '/' it is a directory spec. */ dlen = strlen(sudoers_cmnd); if (sudoers_cmnd[dlen - 1] == '/') - return command_matches_dir(sudoers_cmnd, dlen); + debug_return_bool(command_matches_dir(sudoers_cmnd, dlen)); /* Only proceed if user_base and basename(sudoers_cmnd) match */ if ((base = strrchr(sudoers_cmnd, '/')) == NULL) @@ -528,7 +540,7 @@ command_matches_normal(char *sudoers_cmnd, char *sudoers_args) base++; if (strcmp(user_base, base) != 0 || stat(sudoers_cmnd, &sudoers_stat) == -1) - return FALSE; + debug_return_bool(FALSE); /* * Return true if inode/device matches AND @@ -539,13 +551,13 @@ command_matches_normal(char *sudoers_cmnd, char *sudoers_args) if (user_stat != NULL && (user_stat->st_dev != sudoers_stat.st_dev || user_stat->st_ino != sudoers_stat.st_ino)) - return FALSE; + debug_return_bool(FALSE); if (command_args_match(sudoers_cmnd, sudoers_args)) { efree(safe_cmnd); safe_cmnd = estrdup(sudoers_cmnd); - return TRUE; + debug_return_bool(TRUE); } - return FALSE; + debug_return_bool(FALSE); } /* @@ -558,17 +570,18 @@ command_matches_dir(char *sudoers_dir, size_t dlen) struct dirent *dent; char buf[PATH_MAX]; DIR *dirp; + debug_decl(command_matches_dir, SUDO_DEBUG_MATCH) /* * Grot through directory entries, looking for user_base. */ dirp = opendir(sudoers_dir); if (dirp == NULL) - return FALSE; + debug_return_bool(FALSE); if (strlcpy(buf, sudoers_dir, sizeof(buf)) >= sizeof(buf)) { closedir(dirp); - return FALSE; + debug_return_bool(FALSE); } while ((dent = readdir(dirp)) != NULL) { /* ignore paths > PATH_MAX (XXX - log) */ @@ -590,7 +603,7 @@ command_matches_dir(char *sudoers_dir, size_t dlen) } closedir(dirp); - return dent != NULL; + debug_return_bool(dent != NULL); } /* @@ -599,16 +612,18 @@ command_matches_dir(char *sudoers_dir, size_t dlen) int hostname_matches(char *shost, char *lhost, char *pattern) { + debug_decl(hostname_matches, SUDO_DEBUG_MATCH) + if (has_meta(pattern)) { if (strchr(pattern, '.')) - return !fnmatch(pattern, lhost, FNM_CASEFOLD); + debug_return_bool(!fnmatch(pattern, lhost, FNM_CASEFOLD)); else - return !fnmatch(pattern, shost, FNM_CASEFOLD); + debug_return_bool(!fnmatch(pattern, shost, FNM_CASEFOLD)); } else { if (strchr(pattern, '.')) - return !strcasecmp(lhost, pattern); + debug_return_bool(!strcasecmp(lhost, pattern)); else - return !strcasecmp(shost, pattern); + debug_return_bool(!strcasecmp(shost, pattern)); } } @@ -619,12 +634,14 @@ hostname_matches(char *shost, char *lhost, char *pattern) int userpw_matches(char *sudoers_user, char *user, struct passwd *pw) { + debug_decl(userpw_matches, SUDO_DEBUG_MATCH) + if (pw != NULL && *sudoers_user == '#') { uid_t uid = (uid_t) atoi(sudoers_user + 1); if (uid == pw->pw_uid) - return TRUE; + debug_return_bool(TRUE); } - return strcmp(sudoers_user, user) == 0; + debug_return_bool(strcmp(sudoers_user, user) == 0); } /* @@ -634,12 +651,14 @@ userpw_matches(char *sudoers_user, char *user, struct passwd *pw) int group_matches(char *sudoers_group, struct group *gr) { + debug_decl(group_matches, SUDO_DEBUG_MATCH) + if (*sudoers_group == '#') { gid_t gid = (gid_t) atoi(sudoers_group + 1); if (gid == gr->gr_gid) - return TRUE; + debug_return_bool(TRUE); } - return strcmp(gr->gr_name, sudoers_group) == 0; + debug_return_bool(strcmp(gr->gr_name, sudoers_group) == 0); } /* @@ -651,6 +670,7 @@ usergr_matches(char *group, char *user, struct passwd *pw) { int matched = FALSE; struct passwd *pw0 = NULL; + debug_decl(usergr_matches, SUDO_DEBUG_MATCH) /* make sure we have a valid usergroup, sudo style */ if (*group++ != '%') @@ -683,7 +703,7 @@ done: if (pw0 != NULL) pw_delref(pw0); - return matched; + debug_return_bool(matched); } /* @@ -700,10 +720,11 @@ netgr_matches(char *netgr, char *lhost, char *shost, char *user) #ifdef HAVE_GETDOMAINNAME static int initialized; #endif + debug_decl(netgr_matches, SUDO_DEBUG_MATCH) /* make sure we have a valid netgroup, sudo style */ if (*netgr++ != '+') - return FALSE; + debug_return_bool(FALSE); #ifdef HAVE_GETDOMAINNAME /* get the domain name (if any) */ @@ -719,10 +740,10 @@ netgr_matches(char *netgr, char *lhost, char *shost, char *user) #ifdef HAVE_INNETGR if (innetgr(netgr, lhost, user, domain)) - return TRUE; + debug_return_bool(TRUE); else if (lhost != shost && innetgr(netgr, shost, user, domain)) - return TRUE; + debug_return_bool(TRUE); #endif /* HAVE_INNETGR */ - return FALSE; + debug_return_bool(FALSE); } diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c index f4bc73150..df983d8ba 100644 --- a/plugins/sudoers/match_addr.c +++ b/plugins/sudoers/match_addr.c @@ -59,6 +59,7 @@ addr_matches_if(char *n) int j; #endif int family; + debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) #ifdef HAVE_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) > 0) { @@ -78,24 +79,24 @@ addr_matches_if(char *n) if (ifp->addr.ip4.s_addr == addr.ip4.s_addr || (ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr) == addr.ip4.s_addr) - return TRUE; + debug_return_bool(TRUE); break; #ifdef HAVE_IN6_ADDR case AF_INET6: if (memcmp(ifp->addr.ip6.s6_addr, addr.ip6.s6_addr, sizeof(addr.ip6.s6_addr)) == 0) - return TRUE; + debug_return_bool(TRUE); for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) { if ((ifp->addr.ip6.s6_addr[j] & ifp->netmask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j]) break; } if (j == sizeof(addr.ip6.s6_addr)) - return TRUE; + debug_return_bool(TRUE); #endif } } - return FALSE; + debug_return_bool(FALSE); } static int @@ -108,6 +109,7 @@ addr_matches_if_netmask(char *n, char *m) int j; #endif int family; + debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) #ifdef HAVE_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) > 0) @@ -157,7 +159,7 @@ addr_matches_if_netmask(char *n, char *m) switch(family) { case AF_INET: if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr) - return TRUE; + debug_return_bool(TRUE); #ifdef HAVE_IN6_ADDR case AF_INET6: for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) { @@ -165,12 +167,12 @@ addr_matches_if_netmask(char *n, char *m) break; } if (j == sizeof(addr.ip6.s6_addr)) - return TRUE; + debug_return_bool(TRUE); #endif /* HAVE_IN6_ADDR */ } } - return FALSE; + debug_return_bool(FALSE); } /* @@ -182,6 +184,7 @@ addr_matches(char *n) { char *m; int retval; + debug_decl(addr_matches, SUDO_DEBUG_MATCH) /* If there's an explicit netmask, use it. */ if ((m = strchr(n, '/'))) { @@ -191,5 +194,5 @@ addr_matches(char *n) } else retval = addr_matches_if(n); - return retval; + debug_return_bool(retval); } diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 8ce68584b..a045c6f92 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -81,15 +81,19 @@ static int display_bound_defaults(int, struct lbuf *); int sudo_file_open(struct sudo_nss *nss) { + debug_decl(sudo_file_open, SUDO_DEBUG_NSS) + if (def_ignore_local_sudoers) - return -1; + debug_return_int(-1); nss->handle = open_sudoers(sudoers_file, FALSE, NULL); - return nss->handle ? 0 : -1; + debug_return_int(nss->handle ? 0 : -1); } int sudo_file_close(struct sudo_nss *nss) { + debug_decl(sudo_file_close, SUDO_DEBUG_NSS) + /* Free parser data structures and close sudoers file. */ init_parser(NULL, 0); if (nss->handle != NULL) { @@ -97,7 +101,7 @@ sudo_file_close(struct sudo_nss *nss) nss->handle = NULL; yyin = NULL; } - return 0; + debug_return_int(0); } /* @@ -106,17 +110,19 @@ sudo_file_close(struct sudo_nss *nss) int sudo_file_parse(struct sudo_nss *nss) { + debug_decl(sudo_file_close, SUDO_DEBUG_NSS) + if (nss->handle == NULL) - return -1; + debug_return_int(-1); init_parser(sudoers_file, 0); yyin = nss->handle; if (yyparse() != 0 || parse_error) { log_error(NO_EXIT, _("parse error in %s near line %d"), errorfile, errorlineno); - return -1; + debug_return_int(-1); } - return 0; + debug_return_int(0); } /* @@ -125,12 +131,14 @@ sudo_file_parse(struct sudo_nss *nss) int sudo_file_setdefs(struct sudo_nss *nss) { + debug_decl(sudo_file_setdefs, SUDO_DEBUG_NSS) + if (nss->handle == NULL) - return -1; + debug_return_int(-1); if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER)) - return -1; - return 0; + debug_return_int(-1); + debug_return_int(0); } /* @@ -145,9 +153,10 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag) struct cmndtag *tags = NULL; struct privilege *priv; struct userspec *us; + debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS) if (nss->handle == NULL) - return validated; + debug_return_int(validated); /* * Only check the actual command if pwflag is not set. @@ -193,7 +202,7 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag) SET(validated, FLAG_CHECK_USER); else if (pwcheck == never || nopass == TRUE) def_authenticate = FALSE; - return validated; + debug_return_int(validated); } /* Need to be runas user while stat'ing things. */ @@ -254,7 +263,7 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag) def_authenticate = !tags->nopasswd; } restore_perms(); - return validated; + debug_return_int(validated); } #define TAG_CHANGED(t) \ @@ -265,6 +274,7 @@ sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags, struct lbuf *lbuf) { struct member *m; + debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS) #ifdef HAVE_SELINUX if (cs->role) @@ -295,6 +305,7 @@ sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags, m = cs->cmnd; print_member(lbuf, m->name, m->type, m->negated, CMNDALIAS); + debug_return; } static int @@ -306,6 +317,7 @@ sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, struct privilege *priv; struct cmndtag tags; int nfound = 0; + debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS) tq_foreach_fwd(&us->privileges, priv) { if (hostlist_matches(&priv->hostlist) != ALLOW) @@ -347,7 +359,7 @@ sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, } lbuf_append(lbuf, "\n"); } - return nfound; + debug_return_int(nfound); } static int @@ -359,6 +371,7 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, struct privilege *priv; struct cmndtag tags; int nfound = 0; + debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS) tq_foreach_fwd(&us->privileges, priv) { if (hostlist_matches(&priv->hostlist) != ALLOW) @@ -400,7 +413,7 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, nfound++; } } - return nfound; + debug_return_int(nfound); } int @@ -409,6 +422,7 @@ sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw, { struct userspec *us; int nfound = 0; + debug_decl(sudo_file_display_priv, SUDO_DEBUG_NSS) if (nss->handle == NULL) goto done; @@ -423,7 +437,7 @@ sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw, nfound += sudo_file_display_priv_short(pw, us, lbuf); } done: - return nfound; + debug_return_int(nfound); } /* @@ -436,6 +450,7 @@ sudo_file_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct defaults *d; char *prefix; int nfound = 0; + debug_decl(sudo_file_display_defaults, SUDO_DEBUG_NSS) if (nss->handle == NULL) goto done; @@ -475,7 +490,7 @@ sudo_file_display_defaults(struct sudo_nss *nss, struct passwd *pw, nfound++; } done: - return nfound; + debug_return_int(nfound); } /* @@ -486,12 +501,13 @@ sudo_file_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct lbuf *lbuf) { int nfound = 0; + debug_decl(sudo_file_display_bound_defaults, SUDO_DEBUG_NSS) /* XXX - should only print ones that match what the user can do. */ nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf); nfound += display_bound_defaults(DEFAULTS_CMND, lbuf); - return nfound; + debug_return_int(nfound); } /* @@ -504,6 +520,7 @@ display_bound_defaults(int dtype, struct lbuf *lbuf) struct member *m, *binding = NULL; char *dsep; int atype, nfound = 0; + debug_decl(display_bound_defaults, SUDO_DEBUG_NSS) switch (dtype) { case DEFAULTS_HOST: @@ -523,7 +540,7 @@ display_bound_defaults(int dtype, struct lbuf *lbuf) dsep = "!"; break; default: - return -1; + debug_return_int(-1); } tq_foreach_fwd(&defaults, d) { if (d->type != dtype) @@ -550,7 +567,7 @@ display_bound_defaults(int dtype, struct lbuf *lbuf) lbuf_append(lbuf, "%s%s", d->op == FALSE ? "!" : "", d->var); } - return nfound; + debug_return_int(nfound); } int @@ -562,6 +579,7 @@ sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw) struct userspec *us; int rval = 1; int host_match, runas_match, cmnd_match; + debug_decl(sudo_file_display_cmnd, SUDO_DEBUG_NSS) if (nss->handle == NULL) goto done; @@ -595,7 +613,7 @@ sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw) rval = 0; } done: - return rval; + debug_return_int(rval); } /* @@ -608,6 +626,7 @@ _print_member(struct lbuf *lbuf, char *name, int type, int negated, struct alias *a; struct member *m; struct sudo_command *c; + debug_decl(_print_member, SUDO_DEBUG_NSS) switch (type) { case ALL: @@ -638,6 +657,7 @@ _print_member(struct lbuf *lbuf, char *name, int type, int negated, lbuf_append(lbuf, "%s%s", negated ? "!" : "", name); break; } + debug_return; } static void diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index aac32325a..b368371ad 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -146,6 +146,7 @@ make_pwitem(const struct passwd *pw, const char *name) size_t nsize, psize, csize, gsize, dsize, ssize, total; struct cache_item *item; struct passwd *newpw; + debug_decl(make_pwitem, SUDO_DEBUG_NSS) /* If shell field is empty, expand to _PATH_BSHELL. */ pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0') @@ -200,28 +201,35 @@ make_pwitem(const struct passwd *pw, const char *name) item->d.pw = newpw; item->refcnt = 1; - return item; + debug_return_ptr(item); } void pw_addref(struct passwd *pw) { + debug_decl(pw_addref, SUDO_DEBUG_NSS) ptr_to_item(pw)->refcnt++; + debug_return; } static void pw_delref_item(void *v) { struct cache_item *item = v; + debug_decl(pw_delref_item, SUDO_DEBUG_NSS) if (--item->refcnt == 0) efree(item); + + debug_return; } void pw_delref(struct passwd *pw) { + debug_decl(pw_delref, SUDO_DEBUG_NSS) pw_delref_item(ptr_to_item(pw)); + debug_return; } /* @@ -233,6 +241,7 @@ sudo_getpwuid(uid_t uid) { struct cache_item key, *item; struct rbnode *node; + debug_decl(sudo_getpwuid, SUDO_DEBUG_NSS) key.k.uid = uid; if ((node = rbfind(pwcache_byuid, &key)) != NULL) { @@ -264,7 +273,7 @@ sudo_getpwuid(uid_t uid) #endif done: item->refcnt++; - return item->d.pw; + debug_return_ptr(item->d.pw); } /* @@ -277,6 +286,7 @@ sudo_getpwnam(const char *name) struct cache_item key, *item; struct rbnode *node; size_t len; + debug_decl(sudo_getpwnam, SUDO_DEBUG_NSS) key.k.name = (char *) name; if ((node = rbfind(pwcache_byname, &key)) != NULL) { @@ -308,7 +318,7 @@ sudo_getpwnam(const char *name) #endif done: item->refcnt++; - return item->d.pw; + debug_return_ptr(item->d.pw); } /* @@ -322,6 +332,7 @@ sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid) struct rbnode *node; size_t len, namelen; int i; + debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS) namelen = strlen(user); len = sizeof(*item) + sizeof(*pw) + namelen + 1 /* pw_name */ + @@ -364,7 +375,7 @@ sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid) } } item->refcnt++; - return pw; + debug_return_ptr(pw); } /* @@ -382,16 +393,22 @@ sudo_fakepwnam(const char *user, gid_t gid) void sudo_setpwent(void) { + debug_decl(sudo_setpwent, SUDO_DEBUG_NSS) + setpwent(); if (pwcache_byuid == NULL) pwcache_byuid = rbcreate(cmp_pwuid); if (pwcache_byname == NULL) pwcache_byname = rbcreate(cmp_pwnam); + + debug_return; } void sudo_freepwcache(void) { + debug_decl(sudo_freepwcache, SUDO_DEBUG_NSS) + if (pwcache_byuid != NULL) { rbdestroy(pwcache_byuid, pw_delref_item); pwcache_byuid = NULL; @@ -400,13 +417,19 @@ sudo_freepwcache(void) rbdestroy(pwcache_byname, pw_delref_item); pwcache_byname = NULL; } + + debug_return; } void sudo_endpwent(void) { + debug_decl(sudo_endpwent, SUDO_DEBUG_NSS) + endpwent(); sudo_freepwcache(); + + debug_return; } /* @@ -432,6 +455,7 @@ make_gritem(const struct group *gr, const char *name) size_t nsize, psize, nmem, total, len; struct cache_item *item; struct group *newgr; + debug_decl(make_gritem, SUDO_DEBUG_NSS) /* Allocate in one big chunk for easy freeing. */ nsize = psize = nmem = 0; @@ -482,7 +506,7 @@ make_gritem(const struct group *gr, const char *name) item->d.gr = newgr; item->refcnt = 1; - return item; + debug_return_ptr(item); } #ifdef HAVE_UTMPX_H @@ -507,6 +531,7 @@ make_grlist_item(const char *user, GETGROUPS_T *gids, int ngids) struct cache_item *item; struct group_list *grlist; struct group *grp; + debug_decl(make_grlist_item, SUDO_DEBUG_NSS) #ifdef HAVE_SETAUTHDB aix_setauthdb((char *) user); @@ -575,28 +600,35 @@ again: aix_restoreauthdb(); #endif - return item; + debug_return_ptr(item); } void gr_addref(struct group *gr) { + debug_decl(gr_addref, SUDO_DEBUG_NSS) ptr_to_item(gr)->refcnt++; + debug_return; } static void gr_delref_item(void *v) { struct cache_item *item = v; + debug_decl(gr_delref_item, SUDO_DEBUG_NSS) if (--item->refcnt == 0) efree(item); + + debug_return; } void gr_delref(struct group *gr) { + debug_decl(gr_delref, SUDO_DEBUG_NSS) gr_delref_item(ptr_to_item(gr)); + debug_return; } /* @@ -607,6 +639,7 @@ sudo_getgrgid(gid_t gid) { struct cache_item key, *item; struct rbnode *node; + debug_decl(sudo_getgrgid, SUDO_DEBUG_NSS) key.k.gid = gid; if ((node = rbfind(grcache_bygid, &key)) != NULL) { @@ -632,7 +665,7 @@ sudo_getgrgid(gid_t gid) } done: item->refcnt++; - return item->d.gr; + debug_return_ptr(item->d.gr); } /* @@ -644,6 +677,7 @@ sudo_getgrnam(const char *name) struct cache_item key, *item; struct rbnode *node; size_t len; + debug_decl(sudo_getgrnam, SUDO_DEBUG_NSS) key.k.name = (char *) name; if ((node = rbfind(grcache_byname, &key)) != NULL) { @@ -669,7 +703,7 @@ sudo_getgrnam(const char *name) } done: item->refcnt++; - return item->d.gr; + debug_return_ptr(item->d.gr); } /* @@ -683,6 +717,7 @@ sudo_fakegrnam(const char *group) struct rbnode *node; size_t len, namelen; int i; + debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS) namelen = strlen(group); len = sizeof(*item) + sizeof(*gr) + namelen + 1; @@ -714,33 +749,42 @@ sudo_fakegrnam(const char *group) } } item->refcnt++; - return gr; + debug_return_ptr(gr); } void grlist_addref(struct group_list *grlist) { + debug_decl(gr_addref, SUDO_DEBUG_NSS) ptr_to_item(grlist)->refcnt++; + debug_return; } static void grlist_delref_item(void *v) { struct cache_item *item = v; + debug_decl(gr_delref_item, SUDO_DEBUG_NSS) if (--item->refcnt == 0) efree(item); + + debug_return; } void grlist_delref(struct group_list *grlist) { + debug_decl(gr_delref, SUDO_DEBUG_NSS) grlist_delref_item(ptr_to_item(grlist)); + debug_return; } void sudo_setgrent(void) { + debug_decl(sudo_setgrent, SUDO_DEBUG_NSS) + setgrent(); if (grcache_bygid == NULL) grcache_bygid = rbcreate(cmp_grgid); @@ -748,11 +792,15 @@ sudo_setgrent(void) grcache_byname = rbcreate(cmp_grnam); if (grlist_cache == NULL) grlist_cache = rbcreate(cmp_grnam); + + debug_return; } void sudo_freegrcache(void) { + debug_decl(sudo_freegrcache, SUDO_DEBUG_NSS) + if (grcache_bygid != NULL) { rbdestroy(grcache_bygid, gr_delref_item); grcache_bygid = NULL; @@ -765,13 +813,19 @@ sudo_freegrcache(void) rbdestroy(grlist_cache, grlist_delref_item); grlist_cache = NULL; } + + debug_return; } void sudo_endgrent(void) { + debug_decl(sudo_endgrent, SUDO_DEBUG_NSS) + endgrent(); sudo_freegrcache(); + + debug_return; } struct group_list * @@ -782,6 +836,7 @@ get_group_list(struct passwd *pw) size_t len; GETGROUPS_T *gids; int ngids; + debug_decl(get_group_list, SUDO_DEBUG_NSS) key.k.name = pw->pw_name; if ((node = rbfind(grlist_cache, &key)) != NULL) { @@ -802,7 +857,7 @@ get_group_list(struct passwd *pw) gids = emalloc2(ngids, sizeof(GETGROUPS_T)); if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) { efree(gids); - return NULL; + debug_return_ptr(NULL); } } if (ngids > 0) { @@ -826,7 +881,7 @@ get_group_list(struct passwd *pw) } done: item->refcnt++; - return item->d.grlist; + debug_return_ptr(item->d.grlist); } void @@ -834,6 +889,7 @@ set_group_list(const char *user, GETGROUPS_T *gids, int ngids) { struct cache_item key, *item; struct rbnode *node; + debug_decl(set_group_list, SUDO_DEBUG_NSS) /* * Cache group db entry if it doesn't already exist @@ -846,6 +902,7 @@ set_group_list(const char *user, GETGROUPS_T *gids, int ngids) errorx(1, "unable to cache group list for %s, already exists", user); } + debug_return; } int @@ -854,6 +911,7 @@ user_in_group(struct passwd *pw, const char *group) struct group_list *grlist; struct group *grp = NULL; int i, matched = FALSE; + debug_decl(user_in_group, SUDO_DEBUG_NSS) if ((grlist = get_group_list(pw)) != NULL) { /* @@ -896,5 +954,5 @@ done: gr_delref(grp); grlist_delref(grlist); } - return matched; + debug_return_bool(matched); } diff --git a/plugins/sudoers/redblack.c b/plugins/sudoers/redblack.c index 23c74d3f1..584f2c0aa 100644 --- a/plugins/sudoers/redblack.c +++ b/plugins/sudoers/redblack.c @@ -57,6 +57,7 @@ #include "missing.h" #include "alloc.h" +#include "sudo_debug.h" #include "redblack.h" static void rbrepair(struct rbtree *, struct rbnode *); @@ -90,6 +91,7 @@ struct rbtree * rbcreate(int (*compar)(const void *, const void*)) { struct rbtree *tree; + debug_decl(rbcreate, SUDO_DEBUG_RBTREE) tree = (struct rbtree *) emalloc(sizeof(*tree)); tree->compar = compar; @@ -110,7 +112,7 @@ rbcreate(int (*compar)(const void *, const void*)) tree->root.color = black; tree->root.data = NULL; - return tree; + debug_return_ptr(tree); } /* @@ -120,6 +122,7 @@ static void rotate_left(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; + debug_decl(rotate_left, SUDO_DEBUG_RBTREE) child = node->right; node->right = child->left; @@ -134,6 +137,8 @@ rotate_left(struct rbtree *tree, struct rbnode *node) node->parent->right = child; child->left = node; node->parent = child; + + debug_return; } /* @@ -143,6 +148,7 @@ static void rotate_right(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; + debug_decl(rotate_right, SUDO_DEBUG_RBTREE) child = node->left; node->left = child->right; @@ -157,6 +163,8 @@ rotate_right(struct rbtree *tree, struct rbnode *node) node->parent->right = child; child->right = node; node->parent = child; + + debug_return; } /* @@ -170,12 +178,13 @@ rbinsert(struct rbtree *tree, void *data) struct rbnode *node = rbfirst(tree); struct rbnode *parent = rbroot(tree); int res; + debug_decl(rbinsert, SUDO_DEBUG_RBTREE) /* Find correct insertion point. */ while (node != rbnil(tree)) { parent = node; if ((res = tree->compar(data, node->data)) == 0) - return node; + debug_return_ptr(node); node = res < 0 ? node->left : node->right; } @@ -249,7 +258,7 @@ rbinsert(struct rbtree *tree, void *data) } } rbfirst(tree)->color = black; /* first node is always black */ - return NULL; + debug_return_ptr(NULL); } /* @@ -261,13 +270,14 @@ rbfind(struct rbtree *tree, void *key) { struct rbnode *node = rbfirst(tree); int res; + debug_decl(rbfind, SUDO_DEBUG_RBTREE) while (node != rbnil(tree)) { if ((res = tree->compar(key, node->data)) == 0) - return node; + debug_return_ptr(node); node = res < 0 ? node->left : node->right; } - return NULL; + debug_return_ptr(NULL); } /* @@ -280,23 +290,24 @@ rbapply_node(struct rbtree *tree, struct rbnode *node, int (*func)(void *, void *), void *cookie, enum rbtraversal order) { int error; + debug_decl(rbapply_node, SUDO_DEBUG_RBTREE) if (node != rbnil(tree)) { if (order == preorder) if ((error = func(node->data, cookie)) != 0) - return error; + debug_return_int(error); if ((error = rbapply_node(tree, node->left, func, cookie, order)) != 0) - return error; + debug_return_int(error); if (order == inorder) if ((error = func(node->data, cookie)) != 0) - return error; + debug_return_int(error); if ((error = rbapply_node(tree, node->right, func, cookie, order)) != 0) - return error; + debug_return_int(error); if (order == postorder) if ((error = func(node->data, cookie)) != 0) - return error; + debug_return_int(error); } - return 0; + debug_return_int(0); } /* @@ -306,6 +317,7 @@ static struct rbnode * rbsuccessor(struct rbtree *tree, struct rbnode *node) { struct rbnode *succ; + debug_decl(rbsuccessor, SUDO_DEBUG_RBTREE) if ((succ = node->right) != rbnil(tree)) { while (succ->left != rbnil(tree)) @@ -317,7 +329,7 @@ rbsuccessor(struct rbtree *tree, struct rbnode *node) if (succ == rbroot(tree)) succ = rbnil(tree); } - return succ; + debug_return_ptr(succ); } /* @@ -326,6 +338,7 @@ rbsuccessor(struct rbtree *tree, struct rbnode *node) static void _rbdestroy(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) { + debug_decl(_rbdestroy, SUDO_DEBUG_RBTREE) if (node != rbnil(tree)) { _rbdestroy(tree, node->left, destroy); _rbdestroy(tree, node->right, destroy); @@ -333,6 +346,7 @@ _rbdestroy(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) destroy(node->data); efree(node); } + debug_return; } /* @@ -342,8 +356,10 @@ _rbdestroy(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) void rbdestroy(struct rbtree *tree, void (*destroy)(void *)) { + debug_decl(rbdestroy, SUDO_DEBUG_RBTREE) _rbdestroy(tree, rbfirst(tree), destroy); efree(tree); + debug_return; } /* @@ -353,6 +369,7 @@ void *rbdelete(struct rbtree *tree, struct rbnode *z) { struct rbnode *x, *y; void *data = z->data; + debug_decl(rbdelete, SUDO_DEBUG_RBTREE) if (z->left == rbnil(tree) || z->right == rbnil(tree)) y = z; @@ -383,7 +400,7 @@ void *rbdelete(struct rbtree *tree, struct rbnode *z) } free(z); - return data; + debug_return_ptr(data); } /* @@ -394,6 +411,7 @@ static void rbrepair(struct rbtree *tree, struct rbnode *node) { struct rbnode *sibling; + debug_decl(rbrepair, SUDO_DEBUG_RBTREE) while (node->color == black && node != rbroot(tree)) { if (node == node->parent->left) { @@ -447,4 +465,6 @@ rbrepair(struct rbtree *tree, struct rbnode *node) } } node->color = black; + + debug_return; } diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c index 655ed2983..53c48dd3e 100644 --- a/plugins/sudoers/set_perms.c +++ b/plugins/sudoers/set_perms.c @@ -82,9 +82,13 @@ static int perm_stack_depth = 0; void rewind_perms(void) { + debug_decl(rewind_perms, SUDO_DEBUG_PERMS) + while (perm_stack_depth > 1) restore_perms(); grlist_delref(perm_stack[0].grlist); + + debug_return; } #ifdef HAVE_SETRESUID @@ -101,6 +105,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; const char *errstr; int noexit; + debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); @@ -279,13 +284,13 @@ set_perms(int perm) done: perm_stack_depth++; - return 1; + debug_return_bool(1); bad: /* XXX - better warnings inline */ warningx("%s: %s", errstr, errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) - return 0; + debug_return_bool(0); exit(1); } @@ -293,9 +298,10 @@ void restore_perms(void) { struct perm_state *state, *ostate; + debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) - return; + debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; @@ -329,7 +335,7 @@ restore_perms(void) } } grlist_delref(state->grlist); - return; + debug_return; bad: exit(1); @@ -350,6 +356,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; const char *errstr; int noexit; + debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); @@ -509,13 +516,13 @@ set_perms(int perm) done: perm_stack_depth++; - return 1; + debug_return_bool(1); bad: /* XXX - better warnings inline */ warningx("%s: %s", errstr, errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) - return 0; + debug_return_bool(0); exit(1); } @@ -523,9 +530,10 @@ void restore_perms(void) { struct perm_state *state, *ostate; + debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) - return; + debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; @@ -562,7 +570,7 @@ restore_perms(void) } } grlist_delref(state->grlist); - return; + debug_return; bad: exit(1); @@ -583,6 +591,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; const char *errstr; int noexit; + debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); @@ -747,13 +756,13 @@ set_perms(int perm) done: perm_stack_depth++; - return 1; + debug_return_bool(1); bad: /* XXX - better warnings inline */ warningx("%s: %s", errstr, errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) - return 0; + debug_return_bool(0); exit(1); } @@ -761,9 +770,10 @@ void restore_perms(void) { struct perm_state *state, *ostate; + debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) - return; + debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; @@ -798,7 +808,7 @@ restore_perms(void) goto bad; } grlist_delref(state->grlist); - return; + debug_return; bad: exit(1); @@ -817,6 +827,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; const char *errstr; int noexit; + debug_decl(set_perms, SUDO_DEBUG_PERMS) noexit = ISSET(perm, PERM_NOEXIT); CLR(perm, PERM_MASK); @@ -887,13 +898,13 @@ set_perms(int perm) done: perm_stack_depth++; - return 1; + debug_return_bool(1); bad: /* XXX - better warnings inline */ warningx("%s: %s", errstr, errno == EAGAIN ? _("too many processes") : strerror(errno)); if (noexit) - return 0; + debug_return_bool(0); exit(1); } @@ -901,9 +912,10 @@ void restore_perms(void) { struct perm_state *state, *ostate; + debug_decl(restore_perms, SUDO_DEBUG_PERMS) if (perm_stack_depth < 2) - return; + debug_return; state = &perm_stack[perm_stack_depth - 1]; ostate = &perm_stack[perm_stack_depth - 2]; @@ -924,7 +936,7 @@ restore_perms(void) warning("setuid(%d)", (int)ostate->ruid); goto bad; } - return; + debug_return; bad: exit(1); @@ -938,10 +950,11 @@ runas_setgroups(void) { struct passwd *pw; struct group_list *grlist; + debug_decl(runas_setgroups, SUDO_DEBUG_PERMS) if (def_preserve_groups) { grlist_addref(user_group_list); - return user_group_list; + debug_return_ptr(user_group_list); } pw = runas_pw ? runas_pw : sudo_user.pw; @@ -954,5 +967,5 @@ runas_setgroups(void) #endif if (sudo_setgroups(grlist->ngids, grlist->gids) < 0) log_error(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector")); - return grlist; + debug_return_ptr(grlist); } diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c index de0d5a6bb..a3f446545 100644 --- a/plugins/sudoers/sudo_nss.c +++ b/plugins/sudoers/sudo_nss.c @@ -62,6 +62,7 @@ sudo_read_nss(void) int saw_ldap = FALSE; int got_match = FALSE; static struct sudo_nss_list snl; + debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) goto nomatch; @@ -100,7 +101,7 @@ nomatch: if (tq_empty(&snl)) tq_append(&snl, &sudo_nss_file); - return &snl; + debug_return_ptr(&snl); } #else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */ @@ -120,6 +121,7 @@ sudo_read_nss(void) int saw_ldap = FALSE; int got_match = FALSE; static struct sudo_nss_list snl; + debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) goto nomatch; @@ -179,7 +181,7 @@ nomatch: if (tq_empty(&snl)) tq_append(&snl, &sudo_nss_file); - return &snl; + debug_return_ptr(&snl); } # else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */ @@ -191,13 +193,14 @@ struct sudo_nss_list * sudo_read_nss(void) { static struct sudo_nss_list snl; + debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) # ifdef HAVE_LDAP tq_append(&snl, &sudo_nss_ldap); # endif tq_append(&snl, &sudo_nss_file); - return &snl; + debug_return_ptr(&snl); } # endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */ @@ -209,6 +212,7 @@ output(const char *buf) { struct sudo_conv_message msg; struct sudo_conv_reply repl; + debug_decl(output, SUDO_DEBUG_NSS) /* Call conversation function */ memset(&msg, 0, sizeof(msg)); @@ -216,8 +220,8 @@ output(const char *buf) msg.msg = buf; memset(&repl, 0, sizeof(repl)); if (sudo_conv(1, &msg, &repl) == -1) - return 0; - return (int)strlen(buf); + debug_return_int(0); + debug_return_int(strlen(buf)); } /* @@ -230,6 +234,7 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw) struct sudo_nss *nss; struct lbuf defs, privs; int count, olen; + debug_decl(display_privs, SUDO_DEBUG_NSS) lbuf_init(&defs, output, 4, NULL, sudo_user.cols); lbuf_init(&privs, output, 4, NULL, sudo_user.cols); @@ -277,6 +282,8 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw) lbuf_destroy(&defs); lbuf_destroy(&privs); + + debug_return; } /* @@ -288,10 +295,11 @@ int display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) { struct sudo_nss *nss; + debug_decl(display_cmnd, SUDO_DEBUG_NSS) tq_foreach_fwd(snl, nss) { if (nss->display_cmnd(nss, pw) == 0) - return TRUE; + debug_return_bool(TRUE); } - return FALSE; + debug_return_bool(FALSE); } diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 8f3c54822..d317daf0e 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -107,7 +107,6 @@ struct sudo_user sudo_user; struct passwd *list_pw; struct interface *interfaces; int long_list; -int debug_level; uid_t timestamp_uid; extern int errorlineno; extern int parse_error; @@ -144,6 +143,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, volatile int sources = 0; sigaction_t sa; struct sudo_nss *nss; + debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN) if (!sudo_conv) sudo_conv = conversation; @@ -153,7 +153,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ rewind_perms(); - return -1; + debug_return_bool(-1); } bindtextdomain("sudoers", LOCALEDIR); @@ -203,7 +203,7 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, } if (sources == 0) { warningx(_("no valid sudoers sources found, quitting")); - return -1; + debug_return_bool(-1); } /* XXX - collect post-sudoers parse settings into a function */ @@ -239,15 +239,17 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, restore_perms(); - return TRUE; + debug_return_bool(TRUE); } static void sudoers_policy_close(int exit_status, int error_code) { + debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN) + if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ - return; + debug_return; } /* We do not currently log the exit status. */ @@ -265,6 +267,8 @@ sudoers_policy_close(int exit_status, int error_code) gr_delref(runas_gr); if (user_group_list != NULL) grlist_delref(user_group_list); + + debug_return; } /* @@ -274,12 +278,14 @@ sudoers_policy_close(int exit_status, int error_code) static int sudoers_policy_init_session(struct passwd *pwd) { + debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN) + if (sigsetjmp(error_jmp, 1)) { /* called via error(), errorx() or log_error() */ return -1; } - return sudo_auth_begin_session(pwd); + debug_return_bool(sudo_auth_begin_session(pwd)); } static int @@ -292,6 +298,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], int cmnd_status = -1, validated; volatile int info_len = 0; volatile int rval = TRUE; + debug_decl(sudoers_policy_main, SUDO_DEBUG_PLUGIN) if (sigsetjmp(error_jmp, 1)) { /* error recovery via error(), errorx() or log_error() */ @@ -694,37 +701,45 @@ done: sudo_endpwent(); sudo_endgrent(); - return rval; + debug_return_bool(rval); } static int sudoers_policy_check(int argc, char * const argv[], char *env_add[], char **command_infop[], char **argv_out[], char **user_env_out[]) { + debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN) + if (!ISSET(sudo_mode, MODE_EDIT)) SET(sudo_mode, MODE_RUN); - return sudoers_policy_main(argc, argv, 0, env_add, command_infop, - argv_out, user_env_out); + debug_return_bool(sudoers_policy_main(argc, argv, 0, env_add, command_infop, + argv_out, user_env_out)); } static int sudoers_policy_validate(void) { + debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN) + user_cmnd = "validate"; SET(sudo_mode, MODE_VALIDATE); - return sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL, NULL, NULL); + debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL, NULL, NULL)); } static void sudoers_policy_invalidate(int remove) { + debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN) + user_cmnd = "kill"; if (sigsetjmp(error_jmp, 1) == 0) { remove_timestamp(remove); plugin_cleanup(0); } + + debug_return; } static int @@ -732,6 +747,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, const char *list_user) { int rval; + debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN) user_cmnd = "list"; if (argc) @@ -744,7 +760,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, list_pw = sudo_getpwnam(list_user); if (list_pw == NULL) { warningx(_("unknown user: %s"), list_user); - return -1; + debug_return_bool(-1); } } rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL, NULL, NULL); @@ -753,7 +769,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, list_pw = NULL; } - return rval; + debug_return_bool(rval); } /* @@ -764,6 +780,7 @@ static void init_vars(char * const envp[]) { char * const * ep; + debug_decl(init_vars, SUDO_DEBUG_PLUGIN) #ifdef HAVE_TZSET (void) tzset(); /* set the timezone if applicable */ @@ -819,6 +836,7 @@ init_vars(char * const envp[]) sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default; /* It is now safe to use log_error() and set_perms() */ + debug_return; } /* @@ -830,6 +848,7 @@ set_cmnd(void) { int rval; char *path = user_path; + debug_decl(set_cmnd, SUDO_DEBUG_PLUGIN) /* Resolve the path and return. */ rval = FOUND; @@ -903,7 +922,7 @@ set_cmnd(void) if (!update_defaults(SETDEF_CMND)) log_error(NO_STDERR|NO_EXIT, _("problem with defaults entries")); - return rval; + debug_return_int(rval); } /* @@ -916,6 +935,7 @@ open_sudoers(const char *sudoers, int doedit, int *keepopen) struct stat statbuf; FILE *fp = NULL; int rootstat; + debug_decl(open_sudoers, SUDO_DEBUG_PLUGIN) /* * Fix the mode and group on sudoers file from old default. @@ -980,7 +1000,7 @@ open_sudoers(const char *sudoers, int doedit, int *keepopen) } restore_perms(); /* change back to root */ - return fp; + debug_return_ptr(fp); } #ifdef HAVE_LOGIN_CAP_H @@ -988,6 +1008,7 @@ static void set_loginclass(struct passwd *pw) { int errflags; + debug_decl(set_loginclass, SUDO_DEBUG_PLUGIN) /* * Don't make it a fatal error if the user didn't specify the login @@ -1016,6 +1037,7 @@ set_loginclass(struct passwd *pw) if (!lc) lc = login_getclass(NULL); /* needed for login_getstyle() later */ } + debug_return; } #else static void @@ -1036,6 +1058,7 @@ set_fqdn(void) struct hostent *hp; #endif char *p; + debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN) #ifdef HAVE_GETADDRINFO zero_bytes(&hint, sizeof(hint)); @@ -1062,15 +1085,18 @@ set_fqdn(void) user_shost = estrndup(user_host, (size_t)(p - user_host)); else user_shost = user_host; + debug_return; } /* * Get passwd entry for the user we are going to run commands as * and store it in runas_pw. By default, commands run as "root". */ -void +static void set_runaspw(const char *user) { + debug_decl(set_runaspw, SUDO_DEBUG_PLUGIN) + if (runas_pw != NULL) pw_delref(runas_pw); if (*user == '#') { @@ -1080,6 +1106,7 @@ set_runaspw(const char *user) if ((runas_pw = sudo_getpwnam(user)) == NULL) log_error(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user); } + debug_return; } /* @@ -1089,6 +1116,8 @@ set_runaspw(const char *user) static void set_runasgr(const char *group) { + debug_decl(set_runasgr, SUDO_DEBUG_PLUGIN) + if (runas_gr != NULL) gr_delref(runas_gr); if (*group == '#') { @@ -1098,6 +1127,7 @@ set_runasgr(const char *group) if ((runas_gr = sudo_getgrnam(group)) == NULL) log_error(NO_MAIL|MSG_ONLY, _("unknown group: %s"), group); } + debug_return; } /* @@ -1121,6 +1151,7 @@ plugin_cleanup(int gotsignal) struct sudo_nss *nss; if (!gotsignal) { + debug_decl(plugin_cleanup, SUDO_DEBUG_PLUGIN) if (snl != NULL) { tq_foreach_fwd(snl, nss) nss->close(nss); @@ -1129,15 +1160,18 @@ plugin_cleanup(int gotsignal) group_plugin_unload(); sudo_endpwent(); sudo_endgrent(); + debug_return; } } static int sudoers_policy_version(int verbose) { + debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN) + if (sigsetjmp(error_jmp, 1)) { /* error recovery via error(), errorx() or log_error() */ - return -1; + debug_return_bool(-1); } sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"), @@ -1160,7 +1194,7 @@ sudoers_policy_version(int verbose) dump_interfaces(interfaces_string); sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } - return TRUE; + debug_return_bool(TRUE); } static int @@ -1168,7 +1202,9 @@ deserialize_info(char * const settings[], char * const user_info[]) { char * const *cur; const char *p, *groups = NULL; + const char *debug_file = NULL, *debug_flags = NULL; int flags = 0; + debug_decl(deserialize_info, SUDO_DEBUG_PLUGIN) #define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) @@ -1179,8 +1215,12 @@ deserialize_info(char * const settings[], char * const user_info[]) user_closefrom = atoi(*cur + sizeof("closefrom=") - 1); continue; } - if (MATCHES(*cur, "debug_level=")) { - debug_level = atoi(*cur + sizeof("debug_level=") - 1); + if (MATCHES(*cur, "debug_file=")) { + debug_file = *cur + sizeof("debug_file=") - 1; + continue; + } + if (MATCHES(*cur, "debug_flags=")) { + debug_flags = *cur + sizeof("debug_flags=") - 1; continue; } if (MATCHES(*cur, "runas_user=")) { @@ -1372,6 +1412,15 @@ deserialize_info(char * const settings[], char * const user_info[]) efree(gids); } + /* Setup debugging if indicated. */ + if (debug_file != NULL && debug_flags != NULL) { + sudo_debug_init(debug_file, debug_flags); + for (cur = settings; *cur != NULL; cur++) + sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); + for (cur = user_info; *cur != NULL; cur++) + sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur); + } + #undef MATCHES return flags; } @@ -1381,6 +1430,7 @@ resolve_editor(char *editor, int nfiles, char **files, char ***argv_out) { char *cp, **nargv, *editor_path = NULL; int ac, i, nargc, wasblank; + debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN) editor = estrdup(editor); /* becomes part of argv_out */ @@ -1403,7 +1453,7 @@ resolve_editor(char *editor, int nfiles, char **files, char ***argv_out) if (cp == NULL || find_path(cp, &editor_path, NULL, getenv("PATH"), 0) != FOUND) { efree(editor); - return NULL; + debug_return_str(NULL); } nargv = (char **) emalloc2(nargc + 1 + nfiles + 1, sizeof(char *)); for (ac = 0; cp != NULL && ac < nargc; ac++) { @@ -1416,7 +1466,7 @@ resolve_editor(char *editor, int nfiles, char **files, char ***argv_out) nargv[ac] = NULL; *argv_out = nargv; - return editor_path; + debug_return_str(editor_path); } /* @@ -1428,6 +1478,7 @@ static char * find_editor(int nfiles, char **files, char ***argv_out) { char *cp, *editor, *editor_path = NULL, **ev, *ev0[4]; + debug_decl(find_editor, SUDO_DEBUG_PLUGIN) /* * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one. @@ -1458,7 +1509,7 @@ find_editor(int nfiles, char **files, char ***argv_out) audit_failure(NewArgv, _("%s: command not found"), editor); warningx(_("%s: command not found"), editor); } - return editor_path; + debug_return_str(editor_path); } #ifdef USE_ADMIN_FLAG @@ -1468,16 +1519,17 @@ create_admin_success_flag(void) struct stat statbuf; char flagfile[PATH_MAX]; int fd, n; + debug_decl(create_admin_success_flag, SUDO_DEBUG_PLUGIN) /* Check whether the user is in the admin group. */ if (!user_in_group(sudo_user.pw, "admin")) - return; + debug_return; /* Build path to flag file. */ n = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful", user_dir); if (n <= 0 || n >= sizeof(flagfile)) - return; + debug_return; /* Create admin flag file if it doesn't already exist. */ set_perms(PERM_USER); @@ -1486,6 +1538,7 @@ create_admin_success_flag(void) close(fd); } restore_perms(); + debug_return; } #else /* !USE_ADMIN_FLAG */ static void diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 8b51e1d33..fe9887a7c 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -34,6 +34,7 @@ #include "logging.h" #include "sudo_nss.h" #include "sudo_plugin.h" +#include "sudo_debug.h" #define DEFAULT_TEXT_DOMAIN "sudoers" #include "gettext.h" diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 7bb8eb310..6f7473a54 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -4,7 +4,7 @@ /* A lexical scanner generated by flex */ /* Scanner skeleton version: - * $Header: /cvs/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ + * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ */ #define FLEX_SCANNER @@ -3365,6 +3365,7 @@ switch_dir(struct include_stack *stack, char *dirpath) struct stat sb; struct path_list *pl, *first = NULL; struct path_list **sorted = NULL; + debug_decl(switch_dir, SUDO_DEBUG_PARSER) if (!(dir = opendir(dirpath))) { if (errno != ENOENT) { @@ -3435,7 +3436,7 @@ switch_dir(struct include_stack *stack, char *dirpath) } done: efree(dirpath); - return path; + debug_return_str(path); bad: while (first != NULL) { pl = first; @@ -3446,7 +3447,7 @@ bad: efree(sorted); efree(dirpath); efree(path); - return NULL; + debug_return_str(NULL); } #define MAX_SUDOERS_DEPTH 128 @@ -3460,6 +3461,7 @@ void init_lexer(void) { struct path_list *pl; + debug_decl(init_lexer, SUDO_DEBUG_PARSER) while (idepth) { idepth--; @@ -3481,6 +3483,8 @@ init_lexer(void) sawspace = FALSE; continued = FALSE; prev_state = INITIAL; + + debug_return; } static int @@ -3488,31 +3492,32 @@ _push_include(char *path, int isdir) { struct path_list *pl; FILE *fp; + debug_decl(_push_include, SUDO_DEBUG_PARSER) /* push current state onto stack */ if (idepth >= istacksize) { if (idepth > MAX_SUDOERS_DEPTH) { yyerror(_("too many levels of includes")); - return FALSE; + debug_return_bool(FALSE); } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, sizeof(*istack) * istacksize); if (istack == NULL) { yyerror(_("unable to allocate memory")); - return FALSE; + debug_return_bool(FALSE); } } if (isdir) { if (!(path = switch_dir(&istack[idepth], path))) { /* switch_dir() called yyerror() for us */ - return FALSE; + debug_return_bool(FALSE); } while ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) { /* Unable to open path in includedir, go to next one, if any. */ efree(path); if ((pl = istack[idepth].more) == NULL) - return FALSE; + debug_return_bool(FALSE); path = pl->path; istack[idepth].more = pl->next; efree(pl); @@ -3526,7 +3531,7 @@ _push_include(char *path, int isdir) } else { yyerror(_("unable to allocate memory")); } - return FALSE; + debug_return_bool(FALSE); } istack[idepth].more = NULL; } @@ -3540,7 +3545,7 @@ _push_include(char *path, int isdir) sudoers = path; yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE)); - return TRUE; + debug_return_bool(TRUE); } static int @@ -3548,9 +3553,10 @@ pop_include(void) { struct path_list *pl; FILE *fp; + debug_decl(pop_include, SUDO_DEBUG_PARSER) if (idepth == 0) - return FALSE; + debug_return_bool(FALSE); if (!keepopen) fclose(YY_CURRENT_BUFFER->yy_input_file); @@ -3581,7 +3587,7 @@ pop_include(void) sudolineno = istack[idepth].lineno; keepopen = istack[idepth].keepopen; } - return TRUE; + debug_return_bool(TRUE); } static char * @@ -3590,6 +3596,7 @@ parse_include(char *base) char *cp, *ep, *path; int len = 0, subst = 0; size_t shost_len = 0; + debug_decl(parse_include, SUDO_DEBUG_PARSER) /* Pull out path from #include line. */ cp = base + sizeof("#include"); @@ -3611,7 +3618,7 @@ parse_include(char *base) len += (int)(ep - cp); if ((path = malloc(len + 1)) == NULL) { yyerror(_("unable to allocate memory")); - return NULL; + debug_return_str(NULL); } if (subst) { /* substitute for %h */ @@ -3635,7 +3642,7 @@ parse_include(char *base) if (*ep != '\0') yyless((int)(ep - base)); - return path; + debug_return_str(path); } #ifdef TRACELEXER diff --git a/plugins/sudoers/toke.h b/plugins/sudoers/toke.h index 5e2a24a90..9947f80e1 100644 --- a/plugins/sudoers/toke.h +++ b/plugins/sudoers/toke.h @@ -33,9 +33,14 @@ extern int (*trace_print)(const char *msg); /* realloc() to size + COMMANDARGINC to make room for command args */ #define COMMANDARGINC 64 -#define LEXTRACE(msg) do { \ - if (trace_print != NULL) \ - (*trace_print)(msg); \ +/* + * XXX - want to use debug file for lexer tracing, e.g. + * sudo_debug_printf2(SUDO_DEBUG_PARSER|SUDO_DEBUG_DEBUG, "%s", msg); + * but need to add buffering so that it is line oriented. + */ +#define LEXTRACE(msg) do { \ + if (trace_print != NULL) \ + (*trace_print)(msg); \ } while (0); #endif /* _SUDO_TOKE_H */ diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index 398e1d135..5c214147b 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -656,6 +656,7 @@ switch_dir(struct include_stack *stack, char *dirpath) struct stat sb; struct path_list *pl, *first = NULL; struct path_list **sorted = NULL; + debug_decl(switch_dir, SUDO_DEBUG_PARSER) if (!(dir = opendir(dirpath))) { if (errno != ENOENT) { @@ -726,7 +727,7 @@ switch_dir(struct include_stack *stack, char *dirpath) } done: efree(dirpath); - return path; + debug_return_str(path); bad: while (first != NULL) { pl = first; @@ -737,7 +738,7 @@ bad: efree(sorted); efree(dirpath); efree(path); - return NULL; + debug_return_str(NULL); } #define MAX_SUDOERS_DEPTH 128 @@ -751,6 +752,7 @@ void init_lexer(void) { struct path_list *pl; + debug_decl(init_lexer, SUDO_DEBUG_PARSER) while (idepth) { idepth--; @@ -772,6 +774,8 @@ init_lexer(void) sawspace = FALSE; continued = FALSE; prev_state = INITIAL; + + debug_return; } static int @@ -779,31 +783,32 @@ _push_include(char *path, int isdir) { struct path_list *pl; FILE *fp; + debug_decl(_push_include, SUDO_DEBUG_PARSER) /* push current state onto stack */ if (idepth >= istacksize) { if (idepth > MAX_SUDOERS_DEPTH) { yyerror(_("too many levels of includes")); - return FALSE; + debug_return_bool(FALSE); } istacksize += SUDOERS_STACK_INCREMENT; istack = (struct include_stack *) realloc(istack, sizeof(*istack) * istacksize); if (istack == NULL) { yyerror(_("unable to allocate memory")); - return FALSE; + debug_return_bool(FALSE); } } if (isdir) { if (!(path = switch_dir(&istack[idepth], path))) { /* switch_dir() called yyerror() for us */ - return FALSE; + debug_return_bool(FALSE); } while ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) { /* Unable to open path in includedir, go to next one, if any. */ efree(path); if ((pl = istack[idepth].more) == NULL) - return FALSE; + debug_return_bool(FALSE); path = pl->path; istack[idepth].more = pl->next; efree(pl); @@ -817,7 +822,7 @@ _push_include(char *path, int isdir) } else { yyerror(_("unable to allocate memory")); } - return FALSE; + debug_return_bool(FALSE); } istack[idepth].more = NULL; } @@ -831,7 +836,7 @@ _push_include(char *path, int isdir) sudoers = path; yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE)); - return TRUE; + debug_return_bool(TRUE); } static int @@ -839,9 +844,10 @@ pop_include(void) { struct path_list *pl; FILE *fp; + debug_decl(pop_include, SUDO_DEBUG_PARSER) if (idepth == 0) - return FALSE; + debug_return_bool(FALSE); if (!keepopen) fclose(YY_CURRENT_BUFFER->yy_input_file); @@ -872,7 +878,7 @@ pop_include(void) sudolineno = istack[idepth].lineno; keepopen = istack[idepth].keepopen; } - return TRUE; + debug_return_bool(TRUE); } static char * @@ -881,6 +887,7 @@ parse_include(char *base) char *cp, *ep, *path; int len = 0, subst = 0; size_t shost_len = 0; + debug_decl(parse_include, SUDO_DEBUG_PARSER) /* Pull out path from #include line. */ cp = base + sizeof("#include"); @@ -902,7 +909,7 @@ parse_include(char *base) len += (int)(ep - cp); if ((path = malloc(len + 1)) == NULL) { yyerror(_("unable to allocate memory")); - return NULL; + debug_return_str(NULL); } if (subst) { /* substitute for %h */ @@ -926,7 +933,7 @@ parse_include(char *base) if (*ep != '\0') yyless((int)(ep - base)); - return path; + debug_return_str(path); } #ifdef TRACELEXER diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c index 9254c4571..dca7a48fe 100644 --- a/plugins/sudoers/toke_util.c +++ b/plugins/sudoers/toke_util.c @@ -48,6 +48,7 @@ # include #endif /* HAVE_MALLOC_H && !STDC_HEADERS */ #include + #include "sudoers.h" #include "parse.h" #include "toke.h" @@ -56,11 +57,11 @@ static int arg_len = 0; static int arg_size = 0; -static unsigned char +static int hexchar(const char *s) { - int i; - int result = 0; + int i, result = 0; + debug_decl(hexchar, SUDO_DEBUG_PARSER) s += 2; /* skip \\x */ for (i = 0; i < 2; i++) { @@ -98,18 +99,19 @@ hexchar(const char *s) s++; } } - return (unsigned char)result; + debug_return_int(result); } int fill_txt(const char *src, int len, int olen) { char *dst; + debug_decl(fill_txt, SUDO_DEBUG_PARSER) dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1); if (dst == NULL) { yyerror(_("unable to allocate memory")); - return FALSE; + debug_return_bool(FALSE); } yylval.string = dst; @@ -133,18 +135,19 @@ fill_txt(const char *src, int len, int olen) } } *dst = '\0'; - return TRUE; + debug_return_bool(TRUE); } int append(const char *src, int len) { int olen = 0; + debug_decl(append, SUDO_DEBUG_PARSER) if (yylval.string != NULL) olen = strlen(yylval.string); - return fill_txt(src, len, olen); + debug_return_bool(fill_txt(src, len, olen)); } #define SPECIAL(c) \ @@ -155,13 +158,14 @@ fill_cmnd(const char *src, int len) { char *dst; int i; + debug_decl(fill_cmnd, SUDO_DEBUG_PARSER) arg_len = arg_size = 0; dst = yylval.command.cmnd = (char *) malloc(len + 1); if (yylval.command.cmnd == NULL) { yyerror(_("unable to allocate memory")); - return FALSE; + debug_return_bool(FALSE); } /* Copy the string and collapse any escaped sudo-specific characters. */ @@ -174,7 +178,7 @@ fill_cmnd(const char *src, int len) *dst = '\0'; yylval.command.args = NULL; - return TRUE; + debug_return_bool(TRUE); } int @@ -182,6 +186,7 @@ fill_args(const char *s, int len, int addspace) { int new_len; char *p; + debug_decl(fill_args, SUDO_DEBUG_PARSER) if (yylval.command.args == NULL) { addspace = 0; @@ -200,7 +205,7 @@ fill_args(const char *s, int len, int addspace) if (p == NULL) { efree(yylval.command.args); yyerror(_("unable to allocate memory")); - return FALSE; + debug_return_bool(FALSE); } else yylval.command.args = p; } @@ -211,10 +216,10 @@ fill_args(const char *s, int len, int addspace) *p++ = ' '; if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) { yyerror(_("fill_args: buffer overflow")); /* paranoia */ - return FALSE; + debug_return_bool(FALSE); } arg_len = new_len; - return TRUE; + debug_return_bool(TRUE); } /* @@ -226,6 +231,7 @@ int ipv6_valid(const char *s) { int nmatch = 0; + debug_decl(ipv6_valid, SUDO_DEBUG_PARSER) for (; *s != '\0'; s++) { if (s[0] == ':' && s[1] == ':') { @@ -236,5 +242,5 @@ ipv6_valid(const char *s) nmatch = 0; /* reset if we hit netmask */ } - return nmatch <= 1; + debug_return_bool(nmatch <= 1); } diff --git a/src/Makefile.in b/src/Makefile.in index 49ed68e87..95c73d5e1 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -154,8 +154,8 @@ cleandir: realclean conversation.o: $(srcdir)/conversation.c $(top_builddir)/config.h \ $(srcdir)/sudo.h $(top_builddir)/pathnames.h \ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \ - $(incdir)/fileops.h $(incdir)/list.h $(incdir)/gettext.h \ - $(incdir)/sudo_plugin.h + $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(incdir)/sudo_plugin.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/conversation.c error.o: $(srcdir)/error.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/error.h $(incdir)/gettext.h @@ -163,41 +163,44 @@ error.o: $(srcdir)/error.c $(top_builddir)/config.h $(incdir)/missing.h \ exec.o: $(srcdir)/exec.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h $(srcdir)/sudo_exec.h $(incdir)/sudo_plugin.h \ - $(srcdir)/sudo_plugin_int.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/sudo_exec.h \ + $(incdir)/sudo_plugin.h $(srcdir)/sudo_plugin_int.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/exec.c exec_pty.o: $(srcdir)/exec_pty.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h $(srcdir)/sudo_exec.h $(incdir)/sudo_plugin.h \ - $(srcdir)/sudo_plugin_int.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/sudo_exec.h \ + $(incdir)/sudo_plugin.h $(srcdir)/sudo_plugin_int.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/exec_pty.c get_pty.o: $(srcdir)/get_pty.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/get_pty.c load_plugins.o: $(srcdir)/load_plugins.c $(top_builddir)/config.h \ $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h \ $(incdir)/alloc.h $(incdir)/error.h $(incdir)/fileops.h \ - $(incdir)/list.h $(incdir)/gettext.h $(incdir)/sudo_plugin.h \ - $(srcdir)/sudo_plugin_int.h + $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ + $(incdir)/sudo_plugin.h $(srcdir)/sudo_plugin_int.h \ + $(incdir)/sudo_debug.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/load_plugins.c net_ifs.o: $(srcdir)/net_ifs.c $(top_builddir)/config.h $(incdir)/missing.h \ - $(incdir)/alloc.h $(incdir)/error.h $(incdir)/gettext.h + $(incdir)/alloc.h $(incdir)/error.h $(incdir)/sudo_debug.h \ + $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/net_ifs.c parse_args.o: $(srcdir)/parse_args.c $(top_builddir)/config.h ./sudo_usage.h \ $(srcdir)/sudo.h $(top_builddir)/pathnames.h $(incdir)/missing.h \ $(incdir)/alloc.h $(incdir)/error.h $(incdir)/fileops.h \ - $(incdir)/list.h $(incdir)/gettext.h $(incdir)/lbuf.h + $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \ + $(incdir)/lbuf.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/parse_args.c preload.o: $(srcdir)/preload.c $(top_builddir)/config.h $(incdir)/sudo_plugin.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/preload.c selinux.o: $(srcdir)/selinux.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/selinux.c sesh.o: $(srcdir)/sesh.c $(top_builddir)/config.h $(incdir)/missing.h \ $(incdir)/gettext.h @@ -205,13 +208,13 @@ sesh.o: $(srcdir)/sesh.c $(top_builddir)/config.h $(incdir)/missing.h \ sudo.o: $(srcdir)/sudo.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(incdir)/sudo_plugin.h \ $(srcdir)/sudo_plugin_int.h ./sudo_usage.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/sudo.c sudo_edit.o: $(srcdir)/sudo_edit.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/sudo_edit.c sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(top_builddir)/config.h \ $(incdir)/missing.h @@ -219,12 +222,13 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c $(top_builddir)/config.h \ tgetpass.o: $(srcdir)/tgetpass.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/tgetpass.c -ttysize.o: $(srcdir)/ttysize.c $(top_builddir)/config.h $(incdir)/missing.h +ttysize.o: $(srcdir)/ttysize.c $(top_builddir)/config.h $(incdir)/missing.h \ + $(incdir)/sudo_debug.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/ttysize.c utmp.o: $(srcdir)/utmp.c $(top_builddir)/config.h $(srcdir)/sudo.h \ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/alloc.h \ $(incdir)/error.h $(incdir)/fileops.h $(incdir)/list.h \ - $(incdir)/gettext.h $(srcdir)/sudo_exec.h + $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/sudo_exec.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/utmp.c diff --git a/src/conversation.c b/src/conversation.c index 59b8e26e5..767b54450 100644 --- a/src/conversation.c +++ b/src/conversation.c @@ -47,7 +47,6 @@ #include "sudo.h" #include "sudo_plugin.h" -#include "sudo_debug.h" extern int tgetpass_flags; /* XXX */ diff --git a/src/exec.c b/src/exec.c index fab19803e..3853d347a 100644 --- a/src/exec.c +++ b/src/exec.c @@ -112,6 +112,7 @@ static int fork_cmnd(struct command_details *details, int sv[2]) struct command_status cstat; sigaction_t sa; pid_t child; + debug_decl(fork_cmnd, SUDO_DEBUG_EXEC) zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); @@ -133,6 +134,8 @@ static int fork_cmnd(struct command_details *details, int sv[2]) restore_signals(); if (exec_setup(details, NULL, -1) == TRUE) { /* headed for execve() */ + sudo_debug_execve(SUDO_DEBUG_INFO, details->command, + details->argv, details->envp); if (details->closefrom >= 0) closefrom(details->closefrom); #ifdef HAVE_SELINUX @@ -141,13 +144,16 @@ static int fork_cmnd(struct command_details *details, int sv[2]) else #endif my_execve(details->command, details->argv, details->envp); + sudo_debug_printf(SUDO_DEBUG_SYSERR, "unable to exec %s: %s", + details->command, strerror(errno)); } cstat.type = CMD_ERRNO; cstat.val = errno; send(sv[1], &cstat, sizeof(cstat), 0); + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); _exit(1); } - return child; + debug_return_int(child); } static struct signal_state { @@ -177,9 +183,12 @@ void save_signals(void) { struct signal_state *ss; + debug_decl(save_signals, SUDO_DEBUG_EXEC) for (ss = saved_signals; ss->signo != -1; ss++) sigaction(ss->signo, NULL, &ss->sa); + + debug_return; } /* @@ -189,9 +198,12 @@ void restore_signals(void) { struct signal_state *ss; + debug_decl(restore_signals, SUDO_DEBUG_EXEC) for (ss = saved_signals; ss->signo != -1; ss++) sigaction(ss->signo, &ss->sa, NULL); + + debug_return; } /* @@ -207,6 +219,7 @@ sudo_execve(struct command_details *details, struct command_status *cstat) fd_set *fdsr, *fdsw; sigaction_t sa; pid_t child; + debug_decl(sudo_execve, SUDO_DEBUG_EXEC) /* If running in background mode, fork and exit. */ if (ISSET(details->flags, CD_BACKGROUND)) { @@ -215,12 +228,15 @@ sudo_execve(struct command_details *details, struct command_status *cstat) cstat->type = CMD_ERRNO; cstat->val = errno; return -1; + debug_return_int(-1); case 0: /* child continues without controlling terminal */ (void)setpgid(0, 0); break; default: /* parent exits (but does not flush buffers) */ + sudo_debug_exit_int(__func__, __FILE__, __LINE__, + sudo_debug_subsys, 0); _exit(0); } } @@ -234,7 +250,7 @@ sudo_execve(struct command_details *details, struct command_status *cstat) log_io = TRUE; if (ISSET(details->flags, CD_SET_UTMP)) utmp_user = details->utmp_user ? details->utmp_user : user_details.username; - sudo_debug(8, "allocate pty for I/O logging"); + sudo_debug_printf(SUDO_DEBUG_INFO, "allocate pty for I/O logging"); pty_setup(details->euid, user_details.tty, utmp_user); } @@ -353,7 +369,8 @@ sudo_execve(struct command_details *details, struct command_status *cstat) if (cstat->type == CMD_WSTATUS) { if (WIFSTOPPED(cstat->val)) { /* Suspend parent and tell child how to resume on return. */ - sudo_debug(8, "child stopped, suspending parent"); + sudo_debug_printf(SUDO_DEBUG_INFO, + "child stopped, suspending parent"); n = suspend_parent(WSTOPSIG(cstat->val)); schedule_signal(n); continue; @@ -397,7 +414,7 @@ done: efree(sigfwd); } - return cstat->type == CMD_ERRNO ? -1 : 0; + debug_return_int(cstat->type == CMD_ERRNO ? -1 : 0); } /* @@ -411,6 +428,7 @@ handle_signals(int fd, pid_t child, int log_io, struct command_status *cstat) ssize_t nread; int status; pid_t pid; + debug_decl(handle_signals, SUDO_DEBUG_EXEC) for (;;) { /* read signal pipe */ @@ -425,12 +443,13 @@ handle_signals(int fd, pid_t child, int log_io, struct command_status *cstat) /* If pipe is empty, we are done. */ if (errno == EAGAIN) break; - sudo_debug(9, "error reading signal pipe %s", strerror(errno)); + sudo_debug_printf(SUDO_DEBUG_SYSERR, "error reading signal pipe %s", + strerror(errno)); cstat->type = CMD_ERRNO; cstat->val = errno; - return -1; + debug_return_int(-1); } - sudo_debug(9, "received signal %d", signo); + sudo_debug_printf(SUDO_DEBUG_DIAG, "received signal %d", signo); if (signo == SIGCHLD) { /* * If logging I/O, child is the intermediate process, @@ -464,7 +483,7 @@ handle_signals(int fd, pid_t child, int log_io, struct command_status *cstat) /* Child has exited, we are done. */ cstat->type = CMD_WSTATUS; cstat->val = status; - return 0; + debug_return_int(0); } } /* Else we get ECONNRESET on sv[0] if child dies. */ @@ -482,7 +501,7 @@ handle_signals(int fd, pid_t child, int log_io, struct command_status *cstat) } } } - return 1; + debug_return_int(1); } /* @@ -494,11 +513,12 @@ forward_signals(int sock) struct sigforward *sigfwd; struct command_status cstat; ssize_t nsent; + debug_decl(forward_signals, SUDO_DEBUG_EXEC) while (!tq_empty(&sigfwd_list)) { sigfwd = tq_first(&sigfwd_list); - sudo_debug(9, "sending signal %d to child over backchannel", - sigfwd->signo); + sudo_debug_printf(SUDO_DEBUG_INFO, + "sending signal %d to child over backchannel", sigfwd->signo); cstat.type = CMD_SIGNO; cstat.val = sigfwd->signo; do { @@ -518,6 +538,7 @@ forward_signals(int sock) break; } } + debug_return; } /* @@ -527,12 +548,17 @@ static void schedule_signal(int signo) { struct sigforward *sigfwd; + debug_decl(schedule_signal, SUDO_DEBUG_EXEC) + + sudo_debug_printf(SUDO_DEBUG_DIAG, "forwarding signal %d to child", signo); sigfwd = emalloc(sizeof(*sigfwd)); sigfwd->prev = sigfwd; sigfwd->next = NULL; sigfwd->signo = signo; tq_append(&sigfwd_list, sigfwd); + + debug_return; } /* @@ -560,6 +586,7 @@ int pipe_nonblock(int fds[2]) { int flags, rval; + debug_decl(pipe_nonblock, SUDO_DEBUG_EXEC) rval = pipe(fds); if (rval != -1) { @@ -577,5 +604,5 @@ pipe_nonblock(int fds[2]) } } - return rval; + debug_return_int(rval); } diff --git a/src/exec_pty.c b/src/exec_pty.c index 60ed7efc9..02fc30ca6 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -113,12 +113,16 @@ static int safe_close(int fd); void cleanup(int gotsignal) { + debug_decl(cleanup, SUDO_DEBUG_EXEC); + if (!tq_empty(&io_plugins)) term_restore(io_fds[SFD_USERTTY], 0); #ifdef HAVE_SELINUX selinux_restore_tty(); #endif utmp_logout(slavename, 0); /* XXX - only if CD_SET_UTMP */ + + debug_return; } /* @@ -129,6 +133,8 @@ cleanup(int gotsignal) void pty_setup(uid_t uid, const char *tty, const char *utmp_user) { + debug_decl(pty_setup, SUDO_DEBUG_EXEC); + io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0); if (io_fds[SFD_USERTTY] != -1) { if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE], @@ -138,6 +144,8 @@ pty_setup(uid_t uid, const char *tty, const char *utmp_user) if (utmp_user != NULL) utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user); } + + debug_return; } /* Call I/O plugin tty input log method. */ @@ -147,9 +155,9 @@ log_ttyin(const char *buf, unsigned int n) struct plugin_container *plugin; sigset_t omask; int rval = TRUE; + debug_decl(log_ttyin, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); - tq_foreach_fwd(&io_plugins, plugin) { if (plugin->u.io->log_ttyin) { if (!plugin->u.io->log_ttyin(buf, n)) { @@ -158,9 +166,9 @@ log_ttyin(const char *buf, unsigned int n) } } } - sigprocmask(SIG_SETMASK, &omask, NULL); - return rval; + + debug_return_int(rval); } /* Call I/O plugin stdin log method. */ @@ -170,9 +178,9 @@ log_stdin(const char *buf, unsigned int n) struct plugin_container *plugin; sigset_t omask; int rval = TRUE; + debug_decl(log_stdin, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); - tq_foreach_fwd(&io_plugins, plugin) { if (plugin->u.io->log_stdin) { if (!plugin->u.io->log_stdin(buf, n)) { @@ -181,9 +189,9 @@ log_stdin(const char *buf, unsigned int n) } } } - sigprocmask(SIG_SETMASK, &omask, NULL); - return rval; + + debug_return_int(rval); } /* Call I/O plugin tty output log method. */ @@ -193,9 +201,9 @@ log_ttyout(const char *buf, unsigned int n) struct plugin_container *plugin; sigset_t omask; int rval = TRUE; + debug_decl(log_ttyout, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); - tq_foreach_fwd(&io_plugins, plugin) { if (plugin->u.io->log_ttyout) { if (!plugin->u.io->log_ttyout(buf, n)) { @@ -204,9 +212,9 @@ log_ttyout(const char *buf, unsigned int n) } } } - sigprocmask(SIG_SETMASK, &omask, NULL); - return rval; + + debug_return_int(rval); } /* Call I/O plugin stdout log method. */ @@ -216,9 +224,9 @@ log_stdout(const char *buf, unsigned int n) struct plugin_container *plugin; sigset_t omask; int rval = TRUE; + debug_decl(log_stdout, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); - tq_foreach_fwd(&io_plugins, plugin) { if (plugin->u.io->log_stdout) { if (!plugin->u.io->log_stdout(buf, n)) { @@ -227,9 +235,9 @@ log_stdout(const char *buf, unsigned int n) } } } - sigprocmask(SIG_SETMASK, &omask, NULL); - return rval; + + debug_return_int(rval); } /* Call I/O plugin stderr log method. */ @@ -239,9 +247,9 @@ log_stderr(const char *buf, unsigned int n) struct plugin_container *plugin; sigset_t omask; int rval = TRUE; + debug_decl(log_stderr, SUDO_DEBUG_EXEC); sigprocmask(SIG_BLOCK, &ttyblock, &omask); - tq_foreach_fwd(&io_plugins, plugin) { if (plugin->u.io->log_stderr) { if (!plugin->u.io->log_stderr(buf, n)) { @@ -250,9 +258,9 @@ log_stderr(const char *buf, unsigned int n) } } } - sigprocmask(SIG_SETMASK, &omask, NULL); - return rval; + + debug_return_int(rval); } /* @@ -263,6 +271,8 @@ log_stderr(const char *buf, unsigned int n) static void check_foreground(void) { + debug_decl(check_foreground, SUDO_DEBUG_EXEC); + if (io_fds[SFD_USERTTY] != -1) { foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp; if (foreground && !tty_initialized) { @@ -272,6 +282,8 @@ check_foreground(void) } } } + + debug_return; } /* @@ -284,6 +296,7 @@ suspend_parent(int signo) { sigaction_t sa, osa; int n, oldmode = ttymode, rval = 0; + debug_decl(suspend_parent, SUDO_DEBUG_EXEC); switch (signo) { case SIGTTOU: @@ -321,7 +334,7 @@ suspend_parent(int signo) /* Suspend self and continue child when we resume. */ sa.sa_handler = SIG_DFL; sigaction(signo, &sa, &osa); - sudo_debug(8, "kill parent %d", signo); + sudo_debug_printf(SUDO_DEBUG_INFO, "kill parent %d", signo); if (killpg(ppgrp, signo) != 0) warning("killpg(%d, %d)", (int)ppgrp, signo); @@ -332,7 +345,7 @@ suspend_parent(int signo) * Only modify term if we are foreground process and either * the old tty mode was not cooked or child got SIGTT{IN,OU} */ - sudo_debug(8, "parent is in %s, ttymode %d -> %d", + sudo_debug_printf(SUDO_DEBUG_INFO, "parent is in %s, ttymode %d -> %d", foreground ? "foreground" : "background", oldmode, ttymode); if (ttymode != TERM_COOKED) { @@ -352,7 +365,7 @@ suspend_parent(int signo) break; } - return rval; + debug_return_int(rval); } /* @@ -361,20 +374,30 @@ suspend_parent(int signo) void terminate_child(pid_t pid, int use_pgrp) { + debug_decl(terminate_child, SUDO_DEBUG_EXEC); + /* * Note that SIGCHLD will interrupt the sleep() */ if (use_pgrp) { + sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGHUP", pid); killpg(pid, SIGHUP); + sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGTERM", pid); killpg(pid, SIGTERM); sleep(2); + sudo_debug_printf(SUDO_DEBUG_INFO, "killpg %d SIGKILL", pid); killpg(pid, SIGKILL); } else { + sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGHUP", pid); kill(pid, SIGHUP); + sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGTERM", pid); kill(pid, SIGTERM); sleep(2); + sudo_debug_printf(SUDO_DEBUG_INFO, "kill %d SIGKILL", pid); kill(pid, SIGKILL); } + + debug_return; } static struct io_buffer * @@ -382,6 +405,7 @@ io_buf_new(int rfd, int wfd, int (*action)(const char *, unsigned int), struct io_buffer *head) { struct io_buffer *iob; + debug_decl(io_buf_new, SUDO_DEBUG_EXEC); iob = emalloc(sizeof(*iob)); zero_bytes(iob, sizeof(*iob)); @@ -389,7 +413,8 @@ io_buf_new(int rfd, int wfd, int (*action)(const char *, unsigned int), iob->wfd = wfd; iob->action = action; iob->next = head; - return iob; + + debug_return_ptr(iob); } /* @@ -401,6 +426,7 @@ perform_io(fd_set *fdsr, fd_set *fdsw, struct command_status *cstat) { struct io_buffer *iob; int n, errors = 0; + debug_decl(perform_io, SUDO_DEBUG_EXEC); for (iob = iobufs; iob; iob = iob->next) { if (iob->rfd != -1 && FD_ISSET(iob->rfd, fdsr)) { @@ -413,6 +439,9 @@ perform_io(fd_set *fdsr, fd_set *fdsw, struct command_status *cstat) if (errno == EAGAIN) break; if (errno != ENXIO && errno != EBADF) { + sudo_debug_printf(SUDO_DEBUG_SYSERR, + "error reading fd %d: %s", iob->rfd, + strerror(errno)); errors++; break; } @@ -445,8 +474,11 @@ perform_io(fd_set *fdsr, fd_set *fdsw, struct command_status *cstat) iob->wfd = -1; continue; } - if (errno != EAGAIN) + if (errno != EAGAIN) { errors++; + sudo_debug_printf(SUDO_DEBUG_SYSERR, + "error writing fd %d: %s", iob->wfd, strerror(errno)); + } } else { iob->off += n; } @@ -456,7 +488,7 @@ perform_io(fd_set *fdsr, fd_set *fdsw, struct command_status *cstat) cstat->type = CMD_ERRNO; cstat->val = errno; } - return errors; + debug_return_int(errors); } /* @@ -471,6 +503,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd) struct io_buffer *iob; int io_pipe[3][2], n; sigaction_t sa; + debug_decl(fork_pty, SUDO_DEBUG_EXEC); ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */ @@ -618,13 +651,14 @@ fork_pty(struct command_details *details, int sv[], int *maxfd) (void) fcntl(iob->wfd, F_SETFL, n | O_NONBLOCK); } - return child; + debug_return_int(child); } void pty_close(struct command_status *cstat) { int n; + debug_decl(pty_close, SUDO_DEBUG_EXEC); /* Flush any remaining output (the plugin already got it) */ if (io_fds[SFD_USERTTY] != -1) { @@ -660,6 +694,7 @@ pty_close(struct command_status *cstat) } } utmp_logout(slavename, cstat->type == CMD_WSTATUS ? cstat->val : 0); /* XXX - only if CD_SET_UTMP */ + debug_return; } /* @@ -670,6 +705,7 @@ void fd_set_iobs(fd_set *fdsr, fd_set *fdsw) { struct io_buffer *iob; + debug_decl(fd_set_iobs, SUDO_DEBUG_EXEC); for (iob = iobufs; iob; iob = iob->next) { if (iob->rfd == -1 && iob->wfd == -1) @@ -694,15 +730,17 @@ fd_set_iobs(fd_set *fdsr, fd_set *fdsw) FD_SET(iob->wfd, fdsw); } } + debug_return; } static void deliver_signal(pid_t pid, int signo) { int status; + debug_decl(deliver_signal, SUDO_DEBUG_EXEC); /* Handle signal from parent. */ - sudo_debug(8, "signal %d from parent", signo); + sudo_debug_printf(SUDO_DEBUG_INFO, "received signal %d from parent", signo); switch (signo) { case SIGALRM: terminate_child(pid, TRUE); @@ -729,6 +767,7 @@ deliver_signal(pid_t pid, int signo) killpg(pid, signo); break; } + debug_return; } /* @@ -739,20 +778,22 @@ static int send_status(int fd, struct command_status *cstat) { int n = -1; + debug_decl(send_status, SUDO_DEBUG_EXEC); if (cstat->type != CMD_INVALID) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "sending status message to parent: [%d, %d]", + cstat->type, cstat->val); do { n = send(fd, cstat, sizeof(*cstat), 0); } while (n == -1 && errno == EINTR); if (n != sizeof(*cstat)) { - sudo_debug(8, "unable to send status to parent: %s", - strerror(errno)); - } else { - sudo_debug(8, "sent status to parent"); + sudo_debug_printf(SUDO_DEBUG_SYSERR, + "unable to send status to parent: %s", strerror(errno)); } cstat->type = CMD_INVALID; /* prevent re-sending */ } - return n; + debug_return_int(n); } /* @@ -766,6 +807,7 @@ handle_sigchld(int backchannel, struct command_status *cstat) { int status, alive = TRUE; pid_t pid; + debug_decl(handle_sigchld, SUDO_DEBUG_EXEC); /* read child status */ do { @@ -776,22 +818,25 @@ handle_sigchld(int backchannel, struct command_status *cstat) cstat->type = CMD_WSTATUS; cstat->val = status; if (WIFSTOPPED(status)) { - sudo_debug(8, "command stopped, signal %d", WSTOPSIG(status)); + sudo_debug_printf(SUDO_DEBUG_INFO, "command stopped, signal %d", + WSTOPSIG(status)); do { child_pgrp = tcgetpgrp(io_fds[SFD_SLAVE]); } while (child_pgrp == -1 && errno == EINTR); if (send_status(backchannel, cstat) == -1) return alive; /* XXX */ } else if (WIFSIGNALED(status)) { - sudo_debug(8, "command killed, signal %d", WTERMSIG(status)); + sudo_debug_printf(SUDO_DEBUG_INFO, "command killed, signal %d", + WTERMSIG(status)); } else { - sudo_debug(8, "command exited: %d", WEXITSTATUS(status)); + sudo_debug_printf(SUDO_DEBUG_INFO, "command exited: %d", + WEXITSTATUS(status)); } } if (!WIFSTOPPED(status)) alive = FALSE; } - return alive; + debug_return_int(alive); } /* @@ -811,6 +856,7 @@ exec_monitor(struct command_details *details, int backchannel) int errpipe[2], maxfd, n, status; int alive = TRUE; unsigned char signo; + debug_decl(exec_monitor, SUDO_DEBUG_EXEC); /* Close unused fds. */ if (io_fds[SFD_MASTER] != -1) @@ -1004,10 +1050,11 @@ done: /* Send parent status. */ send_status(backchannel, &cstat); } + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); _exit(1); bad: - return errno; + debug_return_int(errno); } /* @@ -1021,6 +1068,7 @@ flush_output(void) struct timeval tv; fd_set *fdsr, *fdsw; int nready, nwriters, maxfd = -1; + debug_decl(flush_output, SUDO_DEBUG_EXEC); /* Determine maxfd */ for (iob = iobufs; iob; iob = iob->next) { @@ -1030,7 +1078,7 @@ flush_output(void) maxfd = iob->wfd; } if (maxfd == -1) - return; + debug_return; fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); @@ -1081,6 +1129,7 @@ flush_output(void) } efree(fdsr); efree(fdsw); + debug_return; } /* @@ -1091,6 +1140,7 @@ static void exec_pty(struct command_details *details) { pid_t self = getpid(); + debug_decl(exec_pty, SUDO_DEBUG_EXEC); /* Set child process group here too to avoid a race. */ setpgid(0, self); @@ -1117,6 +1167,9 @@ exec_pty(struct command_details *details) if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE]) close(io_fds[SFD_STDERR]); + sudo_debug_execve(SUDO_DEBUG_INFO, details->command, + details->argv, details->envp); + if (details->closefrom >= 0) closefrom(details->closefrom); #ifdef HAVE_SELINUX @@ -1125,6 +1178,7 @@ exec_pty(struct command_details *details) else #endif my_execve(details->command, details->argv, details->envp); + debug_return; } /* @@ -1136,12 +1190,15 @@ sync_ttysize(int src, int dst) #ifdef TIOCGWINSZ struct winsize wsize; pid_t pgrp; + debug_decl(exec_pty, SUDO_DEBUG_EXEC); if (ioctl(src, TIOCGWINSZ, &wsize) == 0) { ioctl(dst, TIOCSWINSZ, &wsize); if ((pgrp = tcgetpgrp(dst)) != -1) killpg(pgrp, SIGWINCH); } + + debug_return; #endif } @@ -1164,10 +1221,12 @@ sigwinch(int s) static int safe_close(int fd) { + debug_decl(safe_close, SUDO_DEBUG_EXEC); + /* Avoid closing /dev/tty or std{in,out,err}. */ if (fd < 3 || fd == io_fds[SFD_USERTTY]) { errno = EINVAL; return -1; } - return close(fd); + debug_return_int(fd); } diff --git a/src/get_pty.c b/src/get_pty.c index f303721d2..21449cb91 100644 --- a/src/get_pty.c +++ b/src/get_pty.c @@ -63,15 +63,18 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { struct group *gr; gid_t ttygid = -1; + int rval = 0; + debug_decl(get_pty, SUDO_DEBUG_PTY) if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; - if (openpty(master, slave, name, NULL, NULL) != 0) - return 0; - if (chown(name, ttyuid, ttygid) != 0) - return 0; - return 1; + if (openpty(master, slave, name, NULL, NULL) == 0) { + if (chown(name, ttyuid, ttygid) == 0) + rval = 1; + } + + debug_return_bool(rval); } #elif defined(HAVE__GETPTY) @@ -79,19 +82,23 @@ int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *line; + int rval = 0; + debug_decl(get_pty, SUDO_DEBUG_PTY) /* IRIX-style dynamic ptys (may fork) */ line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0); - if (line == NULL) - return 0; - *slave = open(line, O_RDWR|O_NOCTTY, 0); - if (*slave == -1) { - close(*master); - return 0; + if (line != NULL) { + *slave = open(line, O_RDWR|O_NOCTTY, 0); + if (*slave != -1) { + (void) chown(line, ttyuid, -1); + strlcpy(name, line, namesz); + rval = 1; + } else { + close(*master); + *master = -1; + } } - (void) chown(line, ttyuid, -1); - strlcpy(name, line, namesz); - return 1; + debug_return_bool(rval); } #elif defined(HAVE_GRANTPT) # ifndef HAVE_POSIX_OPENPT @@ -113,33 +120,36 @@ int get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *line; + int rval = 0; + debug_decl(get_pty, SUDO_DEBUG_PTY) *master = posix_openpt(O_RDWR|O_NOCTTY); - if (*master == -1) - return 0; - - (void) grantpt(*master); /* may fork */ - if (unlockpt(*master) != 0) { - close(*master); - return 0; - } - line = ptsname(*master); - if (line == NULL) { - close(*master); - return 0; - } - *slave = open(line, O_RDWR|O_NOCTTY, 0); - if (*slave == -1) { - close(*master); - return 0; - } + if (*master != -1) { + (void) grantpt(*master); /* may fork */ + if (unlockpt(*master) != 0) { + close(*master); + goto done; + } + line = ptsname(*master); + if (line == NULL) { + close(*master); + goto done; + } + *slave = open(line, O_RDWR|O_NOCTTY, 0); + if (*slave == -1) { + close(*master); + goto done; + } # if defined(I_PUSH) && !defined(_AIX) - ioctl(*slave, I_PUSH, "ptem"); /* pseudo tty emulation module */ - ioctl(*slave, I_PUSH, "ldterm"); /* line discipline module */ + ioctl(*slave, I_PUSH, "ptem"); /* pseudo tty emulation module */ + ioctl(*slave, I_PUSH, "ldterm"); /* line discipline module */ # endif - (void) chown(line, ttyuid, -1); - strlcpy(name, line, namesz); - return 1; + (void) chown(line, ttyuid, -1); + strlcpy(name, line, namesz); + rval = 1; + } +done: + debug_return_bool(rval); } #else /* Old-style BSD ptys */ @@ -152,6 +162,8 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) char *bank, *cp; struct group *gr; gid_t ttygid = -1; + int rval = 0; + debug_decl(get_pty, SUDO_DEBUG_PTY) if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; @@ -163,7 +175,7 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) *master = open(line, O_RDWR|O_NOCTTY, 0); if (*master == -1) { if (errno == ENOENT) - return 0; /* out of ptys */ + goto done; /* out of ptys */ continue; /* already in use */ } line[sizeof("/dev/p") - 2] = 't'; @@ -175,11 +187,13 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) *slave = open(line, O_RDWR|O_NOCTTY, 0); if (*slave != -1) { strlcpy(name, line, namesz); - return 1; /* success */ + rval = 1; /* success */ + goto done; } (void) close(*master); } } - return 0; +done: + debug_return(rval); } #endif /* HAVE_OPENPTY */ diff --git a/src/load_plugins.c b/src/load_plugins.c index 8c8291c01..209bb796f 100644 --- a/src/load_plugins.c +++ b/src/load_plugins.c @@ -45,6 +45,8 @@ #include #include +#define SUDO_ERROR_WRAP 0 + #include "sudo.h" #include "sudo_plugin.h" #include "sudo_plugin_int.h" diff --git a/src/net_ifs.c b/src/net_ifs.c index 3dc1f4dfd..cd2867954 100644 --- a/src/net_ifs.c +++ b/src/net_ifs.c @@ -83,6 +83,7 @@ struct rtentry; #include "missing.h" #include "alloc.h" #include "error.h" +#include "sudo_debug.h" #define DEFAULT_TEXT_DOMAIN "sudo" #include "gettext.h" @@ -113,9 +114,10 @@ get_net_ifs(char **addrinfo) #endif int ailen, i, len, num_interfaces = 0; char *cp; + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) if (getifaddrs(&ifaddrs)) - return 0; + debug_return_int(0); /* Allocate space for the interfaces info string. */ for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) { @@ -134,7 +136,7 @@ get_net_ifs(char **addrinfo) } } if (num_interfaces == 0) - return 0; + debug_return_int(0); ailen = num_interfaces * 2 * INET6_ADDRSTRLEN; *addrinfo = cp = emalloc(ailen); @@ -197,7 +199,7 @@ done: #else efree(ifaddrs); #endif - return num_interfaces; + debug_return_int(num_interfaces); } #elif defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES) @@ -218,6 +220,7 @@ get_net_ifs(char **addrinfo) #ifdef _ISC struct strioctl strioctl; #endif /* _ISC */ + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) @@ -250,7 +253,7 @@ get_net_ifs(char **addrinfo) /* Allocate space for the maximum number of interfaces that could exist. */ if ((n = ifconf->ifc_len / sizeof(struct ifreq)) == 0) - return 0; + debug_return_int(0); ailen = n * 2 * INET6_ADDRSTRLEN; *addrinfo = cp = emalloc(ailen); @@ -327,7 +330,7 @@ done: efree(ifconf_buf); (void) close(sock); - return num_interfaces; + debug_return_int(num_interfaces); } #else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */ @@ -338,7 +341,8 @@ done: int get_net_ifs(char **addrinfo) { - return 0; + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_return_int(0); } #endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */ diff --git a/src/parse_args.c b/src/parse_args.c index f6a8a4646..fcd4f68a6 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -136,6 +136,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, char *cp, **env_add, **settings; int nenv = 0; int env_size = 32; + debug_decl(parse_args, SUDO_DEBUG_ARGS) env_add = emalloc2(env_size, sizeof(char *)); @@ -435,8 +436,8 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *)); for (i = 0, j = 0; i < NUM_SETTINGS; i++) { if (sudo_settings[i].value) { - sudo_debug(9, "settings: %s=%s", sudo_settings[i].name, - sudo_settings[i].value); + sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s=%s", + sudo_settings[i].name, sudo_settings[i].value); settings[j] = fmt_string(sudo_settings[i].name, sudo_settings[i].value); if (settings[j] == NULL) @@ -461,7 +462,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, *env_addp = env_add; *nargc = argc; *nargv = argv; - return mode | flags; + debug_return_int(mode | flags); } static int @@ -524,6 +525,8 @@ usage(int fatal) static void usage_excl(int fatal) { + debug_decl(usage_excl, SUDO_DEBUG_ARGS) + warningx(_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified")); usage(fatal); } @@ -534,6 +537,7 @@ help(void) struct lbuf lbuf; int indent = 16; const char *pname = getprogname(); + debug_decl(help, SUDO_DEBUG_ARGS) lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); if (strcmp(pname, "sudoedit") == 0) @@ -607,5 +611,6 @@ help(void) _("stop processing command line arguments\n")); lbuf_print(&lbuf); lbuf_destroy(&lbuf); + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 0); exit(0); } diff --git a/src/selinux.c b/src/selinux.c index dc519731a..a842aadcc 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -64,8 +64,9 @@ static int audit_role_change(const security_context_t old_context, const security_context_t new_context, const char *ttyn) { - int au_fd, rc; + int au_fd, rc = -1; char *message; + debug_decl(audit_role_change, SUDO_DEBUG_SELINUX) au_fd = audit_open(); if (au_fd == -1) { @@ -73,21 +74,19 @@ audit_role_change(const security_context_t old_context, if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT ) error(1, _("unable to open audit system")); - return -1; + } else { + /* audit role change using the same format as newrole(1) */ + easprintf(&message, "newrole: old-context=%s new-context=%s", + old_context, new_context); + rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, + message, NULL, NULL, ttyn, 1); + if (rc <= 0) + warning(_("unable to send audit message")); + efree(message); + close(au_fd); } - /* audit role change using the same format as newrole(1) */ - easprintf(&message, "newrole: old-context=%s new-context=%s", - old_context, new_context); - rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, - message, NULL, NULL, ttyn, 1); - if (rc <= 0) - warning(_("unable to send audit message")); - - efree(message); - close(au_fd); - - return rc; + debug_return_int(rc); } #endif @@ -103,6 +102,7 @@ selinux_restore_tty(void) { int retval = 0; security_context_t chk_tty_context = NULL; + debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX) if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL) goto skip_relabel; @@ -130,7 +130,7 @@ skip_relabel: freecon(chk_tty_context); chk_tty_context = NULL; } - return retval; + debug_return_int(retval); } /* @@ -147,12 +147,13 @@ relabel_tty(const char *ttyn, int ptyfd) security_context_t tty_con = NULL; security_context_t new_tty_con = NULL; int fd; + debug_decl(relabel_tty, SUDO_DEBUG_SELINUX) se_state.ttyfd = ptyfd; /* It is perfectly legal to have no tty. */ if (ptyfd == -1 && ttyn == NULL) - return 0; + debug_return_int(0); /* If sudo is not allocating a pty for the command, open current tty. */ if (ptyfd == -1) { @@ -222,7 +223,7 @@ relabel_tty(const char *ttyn, int ptyfd) se_state.ttyn = ttyn; se_state.tty_context = tty_con; se_state.new_tty_context = new_tty_con; - return 0; + debug_return_int(0); bad: if (se_state.ttyfd != -1 && se_state.ttyfd != ptyfd) { @@ -230,7 +231,7 @@ bad: se_state.ttyfd = -1; } freecon(tty_con); - return -1; + debug_return_int(-1); } /* @@ -243,18 +244,19 @@ get_exec_context(security_context_t old_context, const char *role, const char *t security_context_t new_context = NULL; context_t context = NULL; char *typebuf = NULL; + debug_decl(get_exec_context, SUDO_DEBUG_SELINUX) /* We must have a role, the type is optional (we can use the default). */ if (!role) { warningx(_("you must specify a role for type %s"), type); errno = EINVAL; - return NULL; + goto bad; } if (!type) { if (get_default_type(role, &typebuf)) { warningx(_("unable to get default type for role %s"), role); errno = EINVAL; - return NULL; + goto bad; } type = typebuf; } @@ -293,13 +295,13 @@ get_exec_context(security_context_t old_context, const char *role, const char *t #endif context_free(context); - return new_context; + debug_return_ptr(new_context); bad: - free(typebuf); + efree(typebuf); context_free(context); freecon(new_context); - return NULL; + debug_return_ptr(NULL); } /* @@ -314,6 +316,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn, int ptyfd) { int rval = -1; + debug_decl(selinux_setup, SUDO_DEBUG_SELINUX) /* Store the caller's SID in old_context. */ if (getprevcon(&se_state.old_context)) { @@ -354,7 +357,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn, rval = 0; done: - return rval; + debug_return_int(rval); } void @@ -362,18 +365,19 @@ selinux_execve(const char *path, char *argv[], char *envp[]) { char **nargv; int argc, serrno; + debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) if (setexeccon(se_state.new_context)) { warning(_("unable to set exec context to %s"), se_state.new_context); if (se_state.enforcing) - return; + debug_return; } #ifdef HAVE_SETKEYCREATECON if (setkeycreatecon(se_state.new_context)) { warning(_("unable to set key creation context to %s"), se_state.new_context); if (se_state.enforcing) - return; + debug_return; } #endif /* HAVE_SETKEYCREATECON */ @@ -390,4 +394,5 @@ selinux_execve(const char *path, char *argv[], char *envp[]) serrno = errno; free(nargv); errno = serrno; + debug_return; } diff --git a/src/sudo.c b/src/sudo.c index ee12e54db..01df18a4c 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -156,16 +156,19 @@ static struct rlimit nproclimit; int main(int argc, char *argv[], char *envp[]) { - int nargc, sudo_mode, exitcode = 0; + int nargc, ok, sudo_mode, exitcode = 0; char **nargv, **settings, **env_add; char **user_info, **command_info, **argv_out, **user_env_out; struct plugin_container *plugin, *next; struct command_details command_details; sigset_t mask; - int ok; + debug_decl(main, SUDO_DEBUG_MAIN) + #if defined(SUDO_DEVEL) && defined(__OpenBSD__) - extern char *malloc_options; - malloc_options = "AFGJPR"; + { + extern char *malloc_options; + malloc_options = "AFGJPR"; + } #endif #if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME) @@ -205,7 +208,7 @@ main(int argc, char *argv[], char *envp[]) /* Parse command line arguments. */ sudo_mode = parse_args(argc, argv, &nargc, &nargv, &settings, &env_add); - sudo_debug(9, "sudo_mode %d", sudo_mode); + sudo_debug_printf(SUDO_DEBUG_DEBUG, "sudo_mode %d", sudo_mode); /* Print sudo version early, in case of plugin init failure. */ if (ISSET(sudo_mode, MODE_VERSION)) { @@ -257,7 +260,7 @@ main(int argc, char *argv[], char *envp[]) case MODE_RUN: ok = policy_check(&policy_plugin, nargc, nargv, env_add, &command_info, &argv_out, &user_env_out); - sudo_debug(8, "policy plugin returns %d", ok); + sudo_debug_printf(SUDO_DEBUG_INFO, "policy plugin returns %d", ok); if (ok != TRUE) { if (ok == -2) usage(1); @@ -302,6 +305,7 @@ main(int argc, char *argv[], char *envp[]) default: errorx(1, _("unexpected sudo mode 0x%x"), sudo_mode); } + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); exit(exitcode); } @@ -313,6 +317,7 @@ static void fix_fds(void) { int miss[3], devnull = -1; + debug_decl(fix_fds, SUDO_DEBUG_UTIL) /* * stdin, stdout and stderr must be open; set them to /dev/null @@ -333,6 +338,7 @@ fix_fds(void) if (devnull > STDERR_FILENO) close(devnull); } + debug_return; } /* @@ -343,6 +349,7 @@ static int fill_group_list(struct user_details *ud) { int maxgroups, tries, rval = -1; + debug_decl(fill_group_list, SUDO_DEBUG_UTIL) #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) maxgroups = (int)sysconf(_SC_NGROUPS_MAX); @@ -363,7 +370,7 @@ fill_group_list(struct user_details *ud) ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T)); rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups); } - return rval; + debug_return_int(rval); } static char * @@ -372,6 +379,7 @@ get_user_groups(struct user_details *ud) char *cp, *gid_list = NULL; size_t glsize; int i, len; + debug_decl(get_user_groups, SUDO_DEBUG_UTIL) /* * Systems with mbr_check_membership() support more than NGROUPS_MAX @@ -405,7 +413,7 @@ get_user_groups(struct user_details *ud) i ? "," : "", (unsigned int)ud->groups[i]); cp += len; } - return gid_list; + debug_return_str(gid_list); } /* @@ -415,11 +423,10 @@ get_user_groups(struct user_details *ud) static char ** get_user_info(struct user_details *ud) { - char cwd[PATH_MAX]; - char host[MAXHOSTNAMELEN]; - char **user_info, *cp; + char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN]; struct passwd *pw; int i = 0; + debug_decl(get_user_info, SUDO_DEBUG_UTIL) /* XXX - bound check number of entries */ user_info = emalloc2(32, sizeof(char *)); @@ -482,7 +489,7 @@ get_user_info(struct user_details *ud) user_info[++i] = NULL; - return user_info; + debug_return_ptr(user_info); } /* @@ -495,6 +502,7 @@ command_info_to_details(char * const info[], struct command_details *details) long lval; unsigned long ulval; char *cp, *ep; + debug_decl(command_info_to_details, SUDO_DEBUG_UTIL) memset(details, 0, sizeof(*details)); details->closefrom = -1; @@ -505,8 +513,9 @@ command_info_to_details(char * const info[], struct command_details *details) break; \ } + sudo_debug_printf(SUDO_DEBUG_PCOMM, "command info from plugin:"); for (i = 0; info[i] != NULL; i++) { - sudo_debug(9, "command info: %s", info[i]); + sudo_debug_printf(SUDO_DEBUG_PCOMM, " %d: %s", i, info[i]); switch (info[i][0]) { case 'c': SET_STRING("chroot=", chroot) @@ -714,6 +723,7 @@ command_info_to_details(char * const info[], struct command_details *details) if (details->selinux_role != NULL && is_selinux_enabled() > 0) SET(details->flags, CD_RBAC_ENABLED); #endif + debug_return; } /* @@ -727,6 +737,7 @@ disable_coredumps(void) #if defined(__linux__) || (defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)) struct rlimit rl; #endif + debug_decl(disable_coredumps, SUDO_DEBUG_UTIL) #if defined(__linux__) /* @@ -751,6 +762,7 @@ disable_coredumps(void) rl.rlim_cur = 0; (void) setrlimit(RLIMIT_CORE, &rl); #endif /* RLIMIT_CORE && !SUDO_DEVEL */ + debug_return; } #ifdef HAVE_PROJECT_H @@ -760,6 +772,7 @@ set_project(struct passwd *pw) struct project proj; char buf[PROJECT_BUFSZ]; int errval; + debug_decl(set_project, SUDO_DEBUG_UTIL) /* * Collect the default project for the user and settaskid @@ -812,6 +825,7 @@ set_project(struct passwd *pw) warning("getdefaultproj"); } endprojent(); + debug_return; } #endif /* HAVE_PROJECT_H */ @@ -827,11 +841,12 @@ disable_execute(struct command_details *details) char *cp, **ev, **nenvp; int env_len = 0, env_size = 128; #endif /* _PATH_SUDO_NOEXEC */ + debug_decl(disable_execute, SUDO_DEBUG_UTIL) #ifdef HAVE_PRIV_SET /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) - return; + debug_return; warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); #endif /* HAVE_PRIV_SET */ @@ -886,6 +901,7 @@ disable_execute(struct command_details *details) details->envp = nenvp; #endif /* _PATH_SUDO_NOEXEC */ + debug_return; } /* @@ -897,6 +913,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd) { int rval = FALSE; struct passwd *pw; + debug_decl(exec_setup, SUDO_DEBUG_EXEC) #ifdef HAVE_SETAUTHDB aix_setauthdb(IDtouser(details->euid)); @@ -1049,7 +1066,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd) rval = TRUE; done: - return rval; + debug_return_bool(rval); } /* @@ -1061,6 +1078,7 @@ run_command(struct command_details *details) struct plugin_container *plugin; struct command_status cstat; int exitcode = 1; + debug_decl(run_command, SUDO_DEBUG_EXEC) cstat.type = CMD_INVALID; cstat.val = 0; @@ -1070,20 +1088,22 @@ run_command(struct command_details *details) switch (cstat.type) { case CMD_ERRNO: /* exec_setup() or execve() returned an error. */ - sudo_debug(9, "calling policy close with errno"); + sudo_debug_printf(SUDO_DEBUG_DEBUG, "calling policy close with errno"); policy_close(&policy_plugin, 0, cstat.val); tq_foreach_fwd(&io_plugins, plugin) { - sudo_debug(9, "calling I/O close with errno"); + sudo_debug_printf(SUDO_DEBUG_DEBUG, "calling I/O close with errno"); iolog_close(plugin, 0, cstat.val); } exitcode = 1; break; case CMD_WSTATUS: /* Command ran, exited or was killed. */ - sudo_debug(9, "calling policy close with wait status"); + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "calling policy close with wait status"); policy_close(&policy_plugin, cstat.val, 0); tq_foreach_fwd(&io_plugins, plugin) { - sudo_debug(9, "calling I/O close with wait status"); + sudo_debug_printf(SUDO_DEBUG_DEBUG, + "calling I/O close with wait status"); iolog_close(plugin, cstat.val, 0); } if (WIFEXITED(cstat.val)) @@ -1095,27 +1115,31 @@ run_command(struct command_details *details) warningx(_("unexpected child termination condition: %d"), cstat.type); break; } - return exitcode; + debug_return_int(exitcode); } static int policy_open(struct plugin_container *plugin, char * const settings[], char * const user_info[], char * const user_env[]) { - return plugin->u.policy->open(SUDO_API_VERSION, sudo_conversation, - _sudo_printf, settings, user_info, user_env); + debug_decl(policy_open, SUDO_DEBUG_PCOMM) + debug_return_bool(plugin->u.policy->open(SUDO_API_VERSION, + sudo_conversation, _sudo_printf, settings, user_info, user_env)); } static void policy_close(struct plugin_container *plugin, int exit_status, int error) { + debug_decl(policy_close, SUDO_DEBUG_PCOMM) plugin->u.policy->close(exit_status, error); + debug_return; } static int policy_show_version(struct plugin_container *plugin, int verbose) { - return plugin->u.policy->show_version(verbose); + debug_decl(policy_show_version, SUDO_DEBUG_PCOMM) + debug_return_bool(plugin->u.policy->show_version(verbose)); } static int @@ -1123,49 +1147,55 @@ policy_check(struct plugin_container *plugin, int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]) { - return plugin->u.policy->check_policy(argc, argv, env_add, command_info, - argv_out, user_env_out); + debug_decl(policy_check, SUDO_DEBUG_PCOMM) + debug_return_bool(plugin->u.policy->check_policy(argc, argv, env_add, + command_info, argv_out, user_env_out)); } static int policy_list(struct plugin_container *plugin, int argc, char * const argv[], int verbose, const char *list_user) { + debug_decl(policy_list, SUDO_DEBUG_PCOMM) if (plugin->u.policy->list == NULL) { warningx(_("policy plugin %s does not support listing privileges"), plugin->name); - return FALSE; + debug_return_bool(FALSE); } - return plugin->u.policy->list(argc, argv, verbose, list_user); + debug_return_bool(plugin->u.policy->list(argc, argv, verbose, list_user)); } static int policy_validate(struct plugin_container *plugin) { + debug_decl(policy_validate, SUDO_DEBUG_PCOMM) if (plugin->u.policy->validate == NULL) { warningx(_("policy plugin %s does not support the -v option"), plugin->name); - return FALSE; + debug_return_bool(FALSE); } - return plugin->u.policy->validate(); + debug_return_bool(plugin->u.policy->validate()); } static void policy_invalidate(struct plugin_container *plugin, int remove) { + debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM) if (plugin->u.policy->invalidate == NULL) { errorx(1, _("policy plugin %s does not support the -k/-K options"), plugin->name); } plugin->u.policy->invalidate(remove); + debug_return; } static int policy_init_session(struct plugin_container *plugin, struct passwd *pwd) { + debug_decl(policy_init_session, SUDO_DEBUG_PCOMM) if (plugin->u.policy->init_session) - return plugin->u.policy->init_session(pwd); - return TRUE; + debug_return_bool(plugin->u.policy->init_session(pwd)); + debug_return_bool(TRUE); } static int @@ -1174,6 +1204,7 @@ iolog_open(struct plugin_container *plugin, char * const settings[], int argc, char * const argv[], char * const user_env[]) { int rval; + debug_decl(iolog_open, SUDO_DEBUG_PCOMM) /* * Backwards compatibility for API major 1, minor 0 @@ -1189,37 +1220,20 @@ iolog_open(struct plugin_container *plugin, char * const settings[], _sudo_printf, settings, user_info, command_info, argc, argv, user_env); } - return rval; + debug_return_bool(rval); } static void iolog_close(struct plugin_container *plugin, int exit_status, int error) { + debug_decl(iolog_close, SUDO_DEBUG_PCOMM) plugin->u.io->close(exit_status, error); + debug_return; } static int iolog_show_version(struct plugin_container *plugin, int verbose) { - return plugin->u.io->show_version(verbose); -} - -/* - * Simple debugging/logging. - */ -void -sudo_debug(int level, const char *fmt, ...) -{ - va_list ap; - char *fmt2; - - if (level > debug_level) - return; - - /* Backet fmt with program name and a newline to make it a single write */ - easprintf(&fmt2, "%s: %s\n", getprogname(), fmt); - va_start(ap, fmt); - vfprintf(stderr, fmt2, ap); - va_end(ap); - efree(fmt2); + debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM) + debug_return_bool(plugin->u.io->show_version(verbose)); } diff --git a/src/sudo.h b/src/sudo.h index f3155059f..0892a7d94 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -32,6 +32,7 @@ #include "error.h" #include "fileops.h" #include "list.h" +#include "sudo_debug.h" #include "gettext.h" #ifdef __TANDEM @@ -202,7 +203,6 @@ void get_ttysize(int *rowp, int *colp); /* sudo.c */ int exec_setup(struct command_details *details, const char *ptyname, int ptyfd); int run_command(struct command_details *details); -void sudo_debug(int level, const char *format, ...) __printflike(2, 3); extern int debug_level; extern const char *list_user, *runas_user, *runas_group; extern struct user_details user_details; diff --git a/src/sudo_edit.c b/src/sudo_edit.c index af7f07192..1568219f7 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -58,6 +58,7 @@ static void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) { int serrno = errno; + debug_decl(switch_user, SUDO_DEBUG_EDIT) /* When restoring root, change euid first; otherwise change it last. */ if (euid == ROOT_UID) { @@ -74,8 +75,9 @@ switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) if (seteuid(euid) != 0) error(1, "seteuid(%d)", (int)euid); } - errno = serrno; + + debug_return; } /* @@ -99,6 +101,7 @@ sudo_edit(struct command_details *command_details) struct timeval omtim; off_t osize; } *tf; + debug_decl(sudo_edit, SUDO_DEBUG_EDIT) /* * Set real, effective and saved uids to root. @@ -106,7 +109,7 @@ sudo_edit(struct command_details *command_details) */ if (setuid(ROOT_UID) != 0) { warning(_("unable to change uid to root (%u)"), ROOT_UID); - return 1; + goto cleanup; } /* @@ -138,7 +141,7 @@ sudo_edit(struct command_details *command_details) } if (nfiles == 0) { warningx(_("plugin error: missing file list for sudoedit")); - return 1; + goto cleanup; } /* @@ -220,7 +223,7 @@ sudo_edit(struct command_details *command_details) j++; } if ((nfiles = j) == 0) - return 1; /* no files readable, you lose */ + goto cleanup; /* no files readable, you lose */ /* * Allocate space for the new argument vector and fill it in. @@ -317,15 +320,15 @@ sudo_edit(struct command_details *command_details) } close(ofd); } + debug_return_int(rval); - return rval; cleanup: /* Clean up temp files and return. */ for (i = 0; i < nfiles; i++) { if (tf[i].tfile != NULL) unlink(tf[i].tfile); } - return 1; + debug_return_int(1); } #else /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ @@ -336,7 +339,8 @@ cleanup: int sudo_edit(struct command_details *command_details) { - return 1; + debug_decl(sudo_edit, SUDO_DEBUG_EDIT) + debug_return_int(1); } #endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */ diff --git a/src/tgetpass.c b/src/tgetpass.c index f1e9dac34..f8a9d3e32 100644 --- a/src/tgetpass.c +++ b/src/tgetpass.c @@ -79,6 +79,7 @@ tgetpass(const char *prompt, int timeout, int flags) static const char *askpass; static char buf[SUDO_PASS_MAX + 1]; int i, input, output, save_errno, neednl = 0, need_restart; + debug_decl(tgetpass, SUDO_DEBUG_CONV) (void) fflush(stdout); @@ -93,7 +94,7 @@ tgetpass(const char *prompt, int timeout, int flags) !tty_present()) { if (askpass == NULL || getenv("DISPLAY") == NULL) { warningx(_("no tty present and no askpass program specified")); - return NULL; + debug_return_str(NULL); } SET(flags, TGP_ASKPASS); } @@ -102,7 +103,7 @@ tgetpass(const char *prompt, int timeout, int flags) if (ISSET(flags, TGP_ASKPASS)) { if (askpass == NULL || *askpass == '\0') errorx(1, _("no askpass program specified, try setting SUDO_ASKPASS")); - return sudo_askpass(askpass, prompt); + debug_return_str_masked(sudo_askpass(askpass, prompt)); } restart: @@ -203,7 +204,8 @@ restore: if (save_errno) errno = save_errno; - return pass; + + debug_return_str_masked(pass); } /* @@ -216,6 +218,7 @@ sudo_askpass(const char *askpass, const char *prompt) sigaction_t sa, saved_sa_pipe; int pfd[2]; pid_t pid; + debug_decl(sudo_askpass, SUDO_DEBUG_CONV) if (pipe(pfd) == -1) error(1, _("unable to create pipe")); @@ -257,7 +260,7 @@ sudo_askpass(const char *askpass, const char *prompt) (void) close(pfd[0]); (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL); - return pass; + debug_return_str_masked(pass); } extern int term_erase, term_kill; @@ -269,10 +272,11 @@ getln(int fd, char *buf, size_t bufsiz, int feedback) ssize_t nr = -1; char *cp = buf; char c = '\0'; + debug_decl(getln, SUDO_DEBUG_CONV) if (left == 0) { errno = EINVAL; - return NULL; /* sanity */ + debug_return_str(NULL); /* sanity */ } while (--left) { @@ -312,7 +316,7 @@ getln(int fd, char *buf, size_t bufsiz, int feedback) } } - return nr == 1 ? buf : NULL; + debug_return_str_masked(nr == 1 ? buf : NULL); } static void @@ -326,8 +330,9 @@ int tty_present(void) { int fd; + debug_decl(tty_present, SUDO_DEBUG_UTIL) if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) != -1) close(fd); - return fd != -1; + debug_return_bool(fd != -1); } diff --git a/src/ttysize.c b/src/ttysize.c index 81972d1ff..d3ac78ba0 100644 --- a/src/ttysize.c +++ b/src/ttysize.c @@ -35,6 +35,7 @@ #include #include "missing.h" +#include "sudo_debug.h" /* Compatibility with older tty systems. */ #if !defined(TIOCGWINSZ) && defined(TIOCGSIZE) @@ -44,24 +45,43 @@ # define ws_row ts_lines #endif -void -get_ttysize(int *rowp, int *colp) -{ - char *p; #ifdef TIOCGWINSZ +static int +get_ttysize_ioctl(int *rowp, int *colp) +{ struct winsize wsize; + debug_decl(get_ttysize_ioctl, SUDO_DEBUG_EXEC) if (ioctl(STDERR_FILENO, TIOCGWINSZ, &wsize) == 0 && wsize.ws_row != 0 && wsize.ws_col != 0) { *rowp = wsize.ws_row; *colp = wsize.ws_col; - return; + debug_return_int(0); } -#endif - - /* Fall back on $LINES and $COLUMNS. */ - if ((p = getenv("LINES")) == NULL || (*rowp = atoi(p)) <= 0) - *rowp = 24; - if ((p = getenv("COLUMNS")) == NULL || (*colp = atoi(p)) <= 0) - *colp = 80; + debug_return_int(-1); +} +#else +static int +get_ttysize_ioctl(int *rowp, int *colp) +{ + return -1; +} +#endif /* TIOCGWINSZ */ + +void +get_ttysize(int *rowp, int *colp) +{ + debug_decl(fork_cmnd, SUDO_DEBUG_EXEC) + + if (get_ttysize_ioctl(rowp, colp) == -1) { + char *p; + + /* Fall back on $LINES and $COLUMNS. */ + if ((p = getenv("LINES")) == NULL || (*rowp = atoi(p)) <= 0) + *rowp = 24; + if ((p = getenv("COLUMNS")) == NULL || (*colp = atoi(p)) <= 0) + *colp = 80; + } + + debug_return; } diff --git a/src/utmp.c b/src/utmp.c index e3d711bee..7650d3545 100644 --- a/src/utmp.c +++ b/src/utmp.c @@ -94,6 +94,7 @@ utmp_setid(sudo_utmp_t *old, sudo_utmp_t *new) { const char *line = new->ut_line; size_t idlen; + debug_decl(utmp_setid, SUDO_DEBUG_UTMP) /* Skip over "tty" in the id if old entry did too. */ if (old != NULL) { @@ -111,6 +112,8 @@ utmp_setid(sudo_utmp_t *old, sudo_utmp_t *new) idlen = sizeof(new->ut_id); } strncpy(new->ut_id, line, idlen); + + debug_return; } #endif /* HAVE_GETUTXID || HAVE_GETUTID */ @@ -121,6 +124,7 @@ static void utmp_settime(sudo_utmp_t *ut) { struct timeval tv; + debug_decl(utmp_settime, SUDO_DEBUG_UTMP) gettimeofday(&tv, NULL); @@ -130,6 +134,8 @@ utmp_settime(sudo_utmp_t *ut) #else ut->ut_time = tv.tv_sec; #endif + + debug_return; } /* @@ -139,6 +145,8 @@ static void utmp_fill(const char *line, const char *user, sudo_utmp_t *ut_old, sudo_utmp_t *ut_new) { + debug_decl(utmp_file, SUDO_DEBUG_UTMP) + if (ut_old == NULL) { memset(ut_new, 0, sizeof(*ut_new)); if (user == NULL) { @@ -161,6 +169,7 @@ utmp_fill(const char *line, const char *user, sudo_utmp_t *ut_old, #if defined(HAVE_STRUCT_UTMPX_UT_TYPE) || defined(HAVE_STRUCT_UTMP_UT_TYPE) ut_new->ut_type = USER_PROCESS; #endif + debug_return; } /* @@ -178,6 +187,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd, { sudo_utmp_t utbuf, *ut_old = NULL; int rval = FALSE; + debug_decl(utmp_login, SUDO_DEBUG_UTMP) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -197,7 +207,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd, rval = TRUE; endutxent(); - return rval; + debug_return_int(rval); } int @@ -205,6 +215,7 @@ utmp_logout(const char *line, int status) { int rval = FALSE; sudo_utmp_t *ut, utbuf; + debug_decl(utmp_logout, SUDO_DEBUG_UTMP) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -225,7 +236,7 @@ utmp_logout(const char *line, int status) if (pututxline(ut) != NULL) rval = TRUE; } - return rval; + debug_return_int(rval); } #else /* !HAVE_GETUTXID && !HAVE_GETUTID */ @@ -241,6 +252,7 @@ utmp_slot(const char *line, int ttyfd) { int slot = 1; struct ttyent *tty; + debug_decl(utmp_slot, SUDO_DEBUG_UTMP) setttyent(); while ((tty = getttyent()) != NULL) { @@ -249,13 +261,14 @@ utmp_slot(const char *line, int ttyfd) slot++; } endttyent(); - return tty ? slot : 0; + debug_return_int(tty ? slot : 0); } # else static int utmp_slot(const char *line, int ttyfd) { int sfd, slot; + debug_decl(utmp_slot, SUDO_DEBUG_UTMP) /* * Temporarily point stdin to the tty since ttyslot() @@ -270,7 +283,7 @@ utmp_slot(const char *line, int ttyfd) error(1, _("unable to restore stdin")); close(sfd); - return slot; + debug_return_int(slot); } # endif /* HAVE_GETTTYENT */ @@ -281,6 +294,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd, sudo_utmp_t utbuf, *ut_old = NULL; int slot, rval = FALSE; FILE *fp; + debug_decl(utmp_login, SUDO_DEBUG_UTMP) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -319,7 +333,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd, fclose(fp); done: - return rval; + debug_return_int(rval); } int @@ -328,9 +342,10 @@ utmp_logout(const char *line, int status) sudo_utmp_t utbuf; int rval = FALSE; FILE *fp; + debug_decl(utmp_logout, SUDO_DEBUG_UTMP) if ((fp = fopen(_PATH_UTMP, "r+")) == NULL) - return rval; + debug_return_int(rval); /* Strip off /dev/ prefix from line as needed. */ if (strncmp(line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -353,6 +368,6 @@ utmp_logout(const char *line, int status) } fclose(fp); - return rval; + debug_return_int(rval); } #endif /* HAVE_GETUTXID || HAVE_GETUTID */