From e28dc0f275d2d5df4dc97bf4887716d27274453b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 18 Sep 2023 12:42:51 -0600 Subject: [PATCH] Add parser_warnx() and parser_vwarnx() that displays file:line:col Used by defaults.c and check_aliases.c. --- MANIFEST | 1 + plugins/sudoers/Makefile.in | 30 ++++++++++-- plugins/sudoers/check_aliases.c | 44 +----------------- plugins/sudoers/defaults.c | 54 ++++++---------------- plugins/sudoers/parse.h | 4 ++ plugins/sudoers/parser_warnx.c | 82 +++++++++++++++++++++++++++++++++ 6 files changed, 131 insertions(+), 84 deletions(-) create mode 100644 plugins/sudoers/parser_warnx.c diff --git a/MANIFEST b/MANIFEST index af5321fcf..72f77c751 100644 --- a/MANIFEST +++ b/MANIFEST @@ -683,6 +683,7 @@ plugins/sudoers/match_command.c plugins/sudoers/match_digest.c plugins/sudoers/mkdefaults plugins/sudoers/parse.h +plugins/sudoers/parser_warnx.c plugins/sudoers/parse_ldif.c plugins/sudoers/pivot.c plugins/sudoers/pivot.h diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index ef186eb19..0834658ab 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -177,9 +177,9 @@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBPARSESUDOERS_OBJS = alias.lo b64_decode.lo canon_path.lo defaults.lo \ digestname.lo exptilde.lo filedigest.lo gentime.lo \ gram.lo match.lo match_addr.lo match_command.lo \ - match_digest.lo pwutil.lo pwutil_impl.lo \ - redblack.lo strlist.lo sudoers_debug.lo timeout.lo \ - timestr.lo toke.lo toke_util.lo + match_digest.lo parser_warnx.lo pwutil.lo \ + pwutil_impl.lo redblack.lo strlist.lo sudoers_debug.lo \ + timeout.lo timestr.lo toke.lo toke_util.lo LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i @@ -2509,6 +2509,30 @@ parse_ldif.i: $(srcdir)/parse_ldif.c $(devdir)/def_data.h $(devdir)/gram.h \ $(CC) -E -o $@ $(CPPFLAGS) $< parse_ldif.plog: parse_ldif.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parse_ldif.c --i-file $< --output-file $@ +parser_warnx.lo: $(srcdir)/parser_warnx.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/parser_warnx.c +parser_warnx.i: $(srcdir)/parser_warnx.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/pivot.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +parser_warnx.plog: parser_warnx.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parser_warnx.c --i-file $< --output-file $@ passwd.lo: $(authdir)/passwd.c $(authdir)/sudo_auth.h $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ diff --git a/plugins/sudoers/check_aliases.c b/plugins/sudoers/check_aliases.c index 6976b25f3..86c4fdd91 100644 --- a/plugins/sudoers/check_aliases.c +++ b/plugins/sudoers/check_aliases.c @@ -38,8 +38,6 @@ struct alias_warned { }; SLIST_HEAD(alias_warned_list, alias_warned); -static bool alias_warnx(const struct sudoers_context *ctx, const char *file, int line, int column, bool strict, bool quiet, const char * restrict fmt, ...) sudo_printflike(7, 8); - static bool alias_warned(struct alias_warned_list *warned, char *name) { @@ -69,44 +67,6 @@ alias_warned_add(struct alias_warned_list *warned, char *name) debug_return; } -static bool -alias_warnx(const struct sudoers_context *ctx, const char *file, int line, - int column, bool strict, bool quiet, const char * restrict fmt, ...) -{ - bool ret = true; - va_list ap; - debug_decl(alias_warnx, SUDOERS_DEBUG_ALIAS); - - if (strict && sudoers_error_hook != NULL) { - va_start(ap, fmt); - ret = sudoers_error_hook(ctx, file, line, column, fmt, ap); - va_end(ap); - } - - if (!quiet) { - int oldlocale; - char *errstr; - - sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); - va_start(ap, fmt); - if (vasprintf(&errstr, _(fmt), ap) == -1) { - errstr = NULL; - ret = false; - } else if (line > 0) { - sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%d: %s\n"), file, - line, column, errstr); - } else { - sudo_printf(SUDO_CONV_ERROR_MSG, _("%s: %s\n"), file, errstr); - } - va_end(ap); - sudoers_setlocale(oldlocale, NULL); - - free(errstr); - } - - debug_return_bool(ret); -} - static int check_alias(struct sudoers_parse_tree *parse_tree, struct alias_warned_list *warned, char *name, short type, @@ -129,10 +89,10 @@ check_alias(struct sudoers_parse_tree *parse_tree, } else { if (!alias_warned(warned, name)) { if (errno == ELOOP) { - alias_warnx(parse_tree->ctx, file, line, column, strict, quiet, + parser_warnx(parse_tree->ctx, file, line, column, strict, quiet, N_("cycle in %s \"%s\""), alias_type_to_string(type), name); } else { - alias_warnx(parse_tree->ctx, file, line, column, strict, quiet, + parser_warnx(parse_tree->ctx, file, line, column, strict, quiet, N_("%s \"%s\" referenced but not defined"), alias_type_to_string(type), name); } diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index c4dd4fb07..ef9700b09 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -73,7 +73,6 @@ static bool store_timespec(const char *str, struct sudo_defs_types *def); static bool store_rlimit(const char *str, struct sudo_defs_types *def); static bool list_op(const char *str, size_t, struct list_members *list, enum list_ops op); static bool valid_path(const struct sudoers_context *ctx, struct sudo_defs_types *def, const char *val, const char *file, int line, int column, bool quiet); -static bool defaults_warnx(const struct sudoers_context *ctx, const char *file, int line, int column, bool quiet, const char * restrict fmt, ...) sudo_printflike(6, 7); /* * Table describing compile-time and run-time options. @@ -172,6 +171,21 @@ dump_defaults(void) debug_return; } +static bool +defaults_warnx(const struct sudoers_context *ctx, const char *file, int line, + int column, bool quiet, const char * restrict fmt, ...) +{ + va_list ap; + bool ret; + debug_decl(defaults_warnx, SUDOERS_DEBUG_DEFAULTS); + + va_start(ap, fmt); + ret = parser_vwarnx(ctx, file, line, column, true, quiet, fmt, ap); + va_end(ap); + + debug_return_bool(ret); +} + /* * Find the index of the specified Defaults name in sudo_defs_table[] * On success, returns the matching index or -1 on failure. @@ -1262,41 +1276,3 @@ cb_passprompt_regex(struct sudoers_context *ctx, const char *file, debug_return_bool(true); } - -static bool -defaults_warnx(const struct sudoers_context *ctx, const char *file, int line, - int column, bool quiet, const char * restrict fmt, ...) -{ - bool ret = true; - va_list ap; - debug_decl(defaults_warnx, SUDOERS_DEBUG_DEFAULTS); - - if (sudoers_error_hook != NULL) { - va_start(ap, fmt); - ret = sudoers_error_hook(ctx, file, line, column, fmt, ap); - va_end(ap); - } - - if (!quiet) { - int oldlocale; - char *errstr; - - sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); - va_start(ap, fmt); - if (vasprintf(&errstr, _(fmt), ap) == -1) { - errstr = NULL; - ret = false; - } else if (line > 0) { - sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%d: %s\n"), file, - line, column, errstr); - } else { - sudo_printf(SUDO_CONV_ERROR_MSG, _("%s: %s\n"), file, errstr); - } - va_end(ap); - sudoers_setlocale(oldlocale, NULL); - - free(errstr); - } - - debug_return_bool(ret); -} diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index 80a9b8613..1d0660cf2 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -499,4 +499,8 @@ bool sudoers_format_userspec(struct sudo_lbuf *lbuf, const struct sudoers_parse_ bool sudoers_format_userspecs(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const char *separator, bool expand_aliases, bool flush); bool sudoers_format_default_line(struct sudo_lbuf *lbuf, const struct sudoers_parse_tree *parse_tree, const struct defaults *d, struct defaults **next, bool expand_aliases); +/* parser_warnx.c */ +bool parser_warnx(const struct sudoers_context *ctx, const char *file, int line, int column, bool strict, bool quiet, const char * restrict fmt, ...) sudo_printflike(7, 8); +bool parser_vwarnx(const struct sudoers_context *ctx, const char *file, int line, int column, bool strict, bool quiet, const char * restrict fmt, va_list ap) sudo_printflike(7, 0); + #endif /* SUDOERS_PARSE_H */ diff --git a/plugins/sudoers/parser_warnx.c b/plugins/sudoers/parser_warnx.c new file mode 100644 index 000000000..2a7b38078 --- /dev/null +++ b/plugins/sudoers/parser_warnx.c @@ -0,0 +1,82 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2022-2023 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include + +#include +#include +#include + +#include "sudoers.h" + +bool +parser_vwarnx(const struct sudoers_context *ctx, const char *file, int line, + int column, bool strict, bool quiet, const char * restrict fmt, va_list ap) +{ + bool ret = true; + debug_decl(parser_warnx, SUDOERS_DEBUG_DEFAULTS); + + if (strict && sudoers_error_hook != NULL) { + va_list ap2; + + va_copy(ap2, ap); + ret = sudoers_error_hook(ctx, file, line, column, fmt, ap2); + va_end(ap2); + } + + if (!quiet) { + int oldlocale; + char *errstr; + + sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + if (vasprintf(&errstr, _(fmt), ap) == -1) { + errstr = NULL; + ret = false; + } else if (line > 0) { + sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%d: %s\n"), file, + line, column, errstr); + } else { + sudo_printf(SUDO_CONV_ERROR_MSG, _("%s: %s\n"), file, errstr); + } + sudoers_setlocale(oldlocale, NULL); + + free(errstr); + } + + debug_return_bool(ret); +} + +bool +parser_warnx(const struct sudoers_context *ctx, const char *file, int line, + int column, bool strict, bool quiet, const char * restrict fmt, ...) +{ + va_list ap; + bool ret; + debug_decl(parser_warnx, SUDOERS_DEBUG_DEFAULTS); + + va_start(ap, fmt); + ret = parser_vwarnx(ctx, file, line, column, strict, quiet, fmt, ap); + va_end(ap); + + debug_return_bool(ret); +}