src - OpenBSD base system

diff options


context:
space:
mode:

author	Todd C. Miller <millert@cvs.openbsd.org>	2008-11-22 16:33:43 +0000
committer	Todd C. Miller <millert@cvs.openbsd.org>	2008-11-22 16:33:43 +0000
commit	ad3f16accaeb6e4bdc9d163769405937f977144c (patch)
tree	3d10a3b84ec07793be9d7c696be0c3e14ce521b7 /usr.bin/sudo
parent	d240be81552782584f41049a9957e5d0cf7274b3 (diff)

sync with sudo repo

Diffstat (limited to 'usr.bin/sudo')

-rw-r--r--

usr.bin/sudo/auth/afs.c

-rw-r--r--

usr.bin/sudo/auth/aix_auth.c

-rw-r--r--

usr.bin/sudo/auth/bsdauth.c

-rw-r--r--

usr.bin/sudo/auth/fwtk.c

-rw-r--r--

usr.bin/sudo/auth/kerb4.c

-rw-r--r--

usr.bin/sudo/auth/kerb5.c

-rw-r--r--

usr.bin/sudo/auth/pam.c

-rw-r--r--

usr.bin/sudo/auth/securid.c

-rw-r--r--

usr.bin/sudo/auth/securid5.c

-rw-r--r--

usr.bin/sudo/auth/sia.c

-rw-r--r--

usr.bin/sudo/auth/sudo_auth.c

-rw-r--r--

usr.bin/sudo/auth/sudo_auth.h

-rw-r--r--

usr.bin/sudo/redblack.c

-rw-r--r--

usr.bin/sudo/sudo.c

-rw-r--r--

usr.bin/sudo/testsudoers.c

-rw-r--r--

usr.bin/sudo/visudo.c

16 files changed, 170 insertions, 124 deletions

diff --git a/usr.bin/sudo/auth/afs.c b/usr.bin/sudo/auth/afs.c
index 46951d68d23..fed48ba0673 100644
--- a/usr.bin/sudo/auth/afs.c
+++ b/usr.bin/sudo/auth/afs.c

@@ -1,5 +1,6 @@

+ * Todd C. Miller <Todd.Miller@courtesan.com>

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -50,7 +51,7 @@

#include <afs/kautils.h>

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: afs.c,v 1.14 2007/08/31 23:30:07 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: afs.c,v 1.15 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

int

diff --git a/usr.bin/sudo/auth/aix_auth.c b/usr.bin/sudo/auth/aix_auth.c
index 7b7eaedc5a1..14343efb014 100644
--- a/usr.bin/sudo/auth/aix_auth.c
+++ b/usr.bin/sudo/auth/aix_auth.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -47,7 +47,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.22 2007/06/21 22:28:40 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.25 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

@@ -75,3 +75,14 @@ aixauth_verify(pw, prompt, auth)

}

return(rval);

}

+int

+aixauth_cleanup(pw, auth)

+ struct passwd *pw;

+ sudo_auth *auth;

+ /* Unset AUTHSTATE as it may not be correct for the runas user. */

+ sudo_unsetenv("AUTHSTATE");

+ return(AUTH_SUCCESS);

diff --git a/usr.bin/sudo/auth/bsdauth.c b/usr.bin/sudo/auth/bsdauth.c
index e093e82ee81..aae7fd68991 100644
--- a/usr.bin/sudo/auth/bsdauth.c
+++ b/usr.bin/sudo/auth/bsdauth.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -52,7 +52,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: bsdauth.c,v 1.21 2008/03/30 21:36:51 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: bsdauth.c,v 1.23 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

extern char *login_style; /* from sudo.c */

@@ -104,7 +104,6 @@ bsdauth_verify(pw, prompt, auth)

int authok = 0;

sigaction_t sa, osa;

auth_session_t *as = (auth_session_t *) auth->data;

- extern int nil_pw;

/* save old signal handler */

sigemptyset(&sa.sa_mask);

@@ -142,9 +141,6 @@ bsdauth_verify(pw, prompt, auth)

}

- if (!pass || *pass == '\0') /* ^C or empty password */

- nil_pw = 1;

if (pass) {

authok = auth_userresponse(as, pass, 1);

zero_bytes(pass, strlen(pass));

@@ -156,6 +152,9 @@ bsdauth_verify(pw, prompt, auth)

if (authok)

return(AUTH_SUCCESS);

+ if (!pass)

+ return(AUTH_INTR);

if ((s = auth_getvalue(as, "errormsg")) != NULL)

log_error(NO_EXIT|NO_MAIL, "%s", s);

return(AUTH_FAILURE);

diff --git a/usr.bin/sudo/auth/fwtk.c b/usr.bin/sudo/auth/fwtk.c
index 8bbf5a3d9dc..d09b132d7fa 100644
--- a/usr.bin/sudo/auth/fwtk.c
+++ b/usr.bin/sudo/auth/fwtk.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -50,7 +50,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: fwtk.c,v 1.27 2005/02/12 22:56:07 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: fwtk.c,v 1.29 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

int

@@ -95,7 +95,6 @@ fwtk_verify(pw, prompt, auth)

char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */

char resp[128]; /* Response from the server */

int error;

- extern int nil_pw;

/* Send username to authentication server. */

(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);

@@ -127,10 +126,8 @@ restart:

return(AUTH_FATAL);

}

if (!pass) { /* ^C or error */

- nil_pw = 1;

- return(AUTH_FAILURE);

- } else if (*pass == '\0') /* empty password */

- nil_pw = 1;

+ return(AUTH_INTR);

+ }

/* Send the user's response to the server */

(void) snprintf(buf, sizeof(buf), "response '%s'", pass);

diff --git a/usr.bin/sudo/auth/kerb4.c b/usr.bin/sudo/auth/kerb4.c
index 9179ee33137..2f6c1099c9c 100644
--- a/usr.bin/sudo/auth/kerb4.c
+++ b/usr.bin/sudo/auth/kerb4.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -48,7 +48,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: kerb4.c,v 1.15 2007/08/31 23:30:07 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: kerb4.c,v 1.16 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

int

diff --git a/usr.bin/sudo/auth/kerb5.c b/usr.bin/sudo/auth/kerb5.c
index 72693a88df8..5e17685bc06 100644
--- a/usr.bin/sudo/auth/kerb5.c
+++ b/usr.bin/sudo/auth/kerb5.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -54,7 +54,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.34 2008/02/13 22:17:14 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.36 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

#ifdef HAVE_HEIMDAL

@@ -74,6 +74,24 @@ static struct _sudo_krb5_data {

} sudo_krb5_data = { NULL, NULL, NULL };

typedef struct _sudo_krb5_data *sudo_krb5_datap;

+#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC

+static krb5_error_code

+krb5_get_init_creds_opt_alloc(context, opts)

+ krb5_context context;

+ krb5_get_init_creds_opt **opts;

+ *opts = emalloc(sizeof(krb5_get_init_creds_opt));

+ return 0;

+static void

+krb5_get_init_creds_opt_free(opts)

+ krb5_get_init_creds_opt *opts;

+ free(opts);

+#endif

int

kerb5_init(pw, promptp, auth)

struct passwd *pw;

@@ -220,10 +238,10 @@ kerb5_verify(pw, pass, auth)

done:

if (opts) {

-#ifdef HAVE_HEIMDAL

- krb5_get_init_creds_opt_free(opts);

-#else

+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS

krb5_get_init_creds_opt_free(sudo_context, opts);

+#else

+ krb5_get_init_creds_opt_free(opts);

#endif

}

if (creds)

diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c
index e0dd059b011..af448de7071 100644
--- a/usr.bin/sudo/auth/pam.c
+++ b/usr.bin/sudo/auth/pam.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -72,12 +72,13 @@

#endif

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: pam.c,v 1.62 2008/02/22 20:19:34 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: pam.c,v 1.64 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

static int sudo_conv __P((int, PAM_CONST struct pam_message **,

struct pam_response **, void *));

static char *def_prompt;

+static int gotintr;

#ifndef PAM_DATA_SILENT

#define PAM_DATA_SILENT 0

@@ -162,6 +163,10 @@ pam_verify(pw, prompt, auth)

}

/* FALLTHROUGH */

case PAM_AUTH_ERR:

+ if (gotintr) {

+ /* error or ^C from tgetpass() */

+ return(AUTH_INTR);

+ }

case PAM_MAXTRIES:

case PAM_PERM_DENIED:

return(AUTH_FAILURE);

@@ -251,7 +256,6 @@ sudo_conv(num_msg, msg, response, appdata_ptr)

const char *prompt;

char *pass;

int n, flags, std_prompt;

- extern int nil_pw;

if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)

return(PAM_CONV_ERR);

@@ -286,14 +290,11 @@ sudo_conv(num_msg, msg, response, appdata_ptr)

pass = tgetpass(prompt, def_passwd_timeout * 60, flags);

if (pass == NULL) {

/* We got ^C instead of a password; abort quickly. */

- nil_pw = 1;

+ gotintr = 1;

goto err;

}

pr->resp = estrdup(pass);

- if (*pr->resp == '\0')

- nil_pw = 1; /* empty password */

- else

- zero_bytes(pass, strlen(pass));

+ zero_bytes(pass, strlen(pass));

break;

case PAM_TEXT_INFO:

if (pm->msg)

diff --git a/usr.bin/sudo/auth/securid.c b/usr.bin/sudo/auth/securid.c
index f70142b0a58..8ec7bbeff7c 100644
--- a/usr.bin/sudo/auth/securid.c
+++ b/usr.bin/sudo/auth/securid.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -54,7 +54,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: securid.c,v 1.17 2007/08/31 23:30:07 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: securid.c,v 1.18 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

union config_record configure;

diff --git a/usr.bin/sudo/auth/securid5.c b/usr.bin/sudo/auth/securid5.c
index 254211460d3..db254c2f51a 100644
--- a/usr.bin/sudo/auth/securid5.c
+++ b/usr.bin/sudo/auth/securid5.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

@@ -56,7 +56,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.12 2007/08/31 23:30:07 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.13 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

diff --git a/usr.bin/sudo/auth/sia.c b/usr.bin/sudo/auth/sia.c
index af379cac208..852e8c77dc5 100644
--- a/usr.bin/sudo/auth/sia.c
+++ b/usr.bin/sudo/auth/sia.c

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -50,7 +50,7 @@

#include "sudo_auth.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: sia.c,v 1.18 2007/08/31 23:30:07 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: sia.c,v 1.19 2008/11/09 14:13:13 millert Exp $";

#endif /* lint */

static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *));

diff --git a/usr.bin/sudo/auth/sudo_auth.c b/usr.bin/sudo/auth/sudo_auth.c
index eb0b04a8030..509f26ff5b0 100644
--- a/usr.bin/sudo/auth/sudo_auth.c
+++ b/usr.bin/sudo/auth/sudo_auth.c

@@ -53,7 +53,7 @@

#include "insults.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.37 2008/03/02 14:31:57 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.38 2008/11/07 17:45:52 millert Exp $";

#endif /* lint */

sudo_auth auth_switch[] = {

@@ -88,8 +88,6 @@ sudo_auth auth_switch[] = {

AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)

};

-int nil_pw; /* I hate resorting to globals like this... */

void

verify_user(pw, prompt)

struct passwd *pw;

@@ -156,14 +154,11 @@ verify_user(pw, prompt)

}

/* Get the password unless the auth function will do it for us */

- nil_pw = 0;

#ifdef AUTH_STANDALONE

p = prompt;

#else

p = (char *) tgetpass(prompt, def_passwd_timeout * 60,

tgetpass_flags);

- if (!p || *p == '\0')

- nil_pw = 1;

#endif /* AUTH_STANDALONE */

/* Call authentication functions. */

@@ -186,15 +181,6 @@ verify_user(pw, prompt)

if (p)

zero_bytes(p, strlen(p));

#endif

- /* Exit loop on nil password, but give it a chance to match first. */

- if (nil_pw) {

- if (counter == def_passwd_tries)

- exit(1);

- else

- break;

- }

if (!ISSET(tgetpass_flags, TGP_ASKPASS))

pass_warn(stderr);

}

@@ -219,14 +205,18 @@ cleanup:

case AUTH_SUCCESS:

(void) sigaction(SIGTSTP, &osa, NULL);

return;

+ case AUTH_INTR:

case AUTH_FAILURE:

- if (def_mail_badpass || def_mail_always)

- flags = 0;

- else

- flags = NO_MAIL;

- log_error(flags, "%d incorrect password attempt%s",

- def_passwd_tries - counter,

- (def_passwd_tries - counter == 1) ? "" : "s");

+ if (counter != def_passwd_tries) {

+ if (def_mail_badpass || def_mail_always)

+ flags = 0;

+ else

+ flags = NO_MAIL;

+ log_error(flags, "%d incorrect password attempt%s",

+ def_passwd_tries - counter,

+ (def_passwd_tries - counter == 1) ? "" : "s");

+ }

+ /* FALLTHROUGH */

case AUTH_FATAL:

exit(1);

}

diff --git a/usr.bin/sudo/auth/sudo_auth.h b/usr.bin/sudo/auth/sudo_auth.h
index 74b82f4a9f5..5214fb1a57d 100644
--- a/usr.bin/sudo/auth/sudo_auth.h
+++ b/usr.bin/sudo/auth/sudo_auth.h

@@ -1,5 +1,5 @@

* Permission to use, copy, modify, and distribute this software for any

* purpose with or without fee is hereby granted, provided that the above

@@ -13,7 +13,7 @@

* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

- * $Sudo: sudo_auth.h,v 1.23 2007/08/31 23:30:07 millert Exp $

+ * $Sudo: sudo_auth.h,v 1.27 2008/11/18 12:54:51 millert Exp $

#ifndef SUDO_AUTH_H

@@ -22,7 +22,8 @@

/* Auth function return values. */

#define AUTH_SUCCESS 0

#define AUTH_FAILURE 1

-#define AUTH_FATAL 2

+#define AUTH_INTR 2

+#define AUTH_FATAL 3

typedef struct sudo_auth {

short flags; /* various flags, see below */

@@ -57,6 +58,7 @@ int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));

int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));

int sia_cleanup __P((struct passwd *pw, sudo_auth *auth));

int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));

+int aixauth_cleanup __P((struct passwd *pw, sudo_auth *auth));

int bsdauth_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));

int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));

int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth));

@@ -99,7 +101,7 @@ int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));

#elif defined(HAVE_AIXAUTH)

# define AUTH_STANDALONE \

AUTH_ENTRY(0, "aixauth", \

- NULL, NULL, aixauth_verify, NULL)

+ NULL, NULL, aixauth_verify, aixauth_cleanup)

#elif defined(HAVE_FWTK)

# define AUTH_STANDALONE \

AUTH_ENTRY(0, "fwtk", \

diff --git a/usr.bin/sudo/redblack.c b/usr.bin/sudo/redblack.c
index eba310a4427..555e9385f30 100644
--- a/usr.bin/sudo/redblack.c
+++ b/usr.bin/sudo/redblack.c

@@ -18,6 +18,8 @@

* Adapted from the following code written by Emin Martinian:

* http://web.mit.edu/~emin/www/source_code/red_black_tree/index.html

+ *

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that neither the name of Emin

* Martinian nor the names of any contributors are be used to endorse or

@@ -56,7 +58,7 @@

#include "redblack.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: redblack.c,v 1.8 2008/11/09 14:13:12 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: redblack.c,v 1.10 2008/11/22 15:01:25 millert Exp $";

#endif /* lint */

static void rbrepair __P((struct rbtree *, struct rbnode *));

@@ -367,59 +369,45 @@ rbdestroy(tree, destroy)

}

- * Delete victim from tree and return its data pointer.

+ * Delete node 'z' from the tree and return its data pointer.

-void *

-rbdelete(tree, victim)

- struct rbtree *tree;

- struct rbnode *victim;

+void *rbdelete(tree, z)

+ struct rbtree* tree;

+ struct rbnode* z;

{

- struct rbnode *pred, *succ;

- void *data;

+ struct rbnode *x, *y;

+ void *data = z->data;

- if (victim->left != rbnil(tree) && victim->right != rbnil(tree)) {

- succ = rbsuccessor(tree, victim);

- pred = succ->left == rbnil(tree) ? succ->right : succ->left;

- if (succ->parent == rbroot(tree)) {

- pred->parent = rbroot(tree);

- rbfirst(tree) = pred;

- } else {

- if (succ == succ->parent->left)

- succ->parent->left = pred;

- else

- succ->parent->right = pred;

- }

- if ((succ->color == black))

- rbrepair(tree, pred);

- succ->left = victim->left;

- succ->right = victim->right;

- succ->parent = victim->parent;

- succ->color = victim->color;

- victim->left->parent = victim->right->parent = succ;

- if (victim == victim->parent->left)

- victim->parent->left = succ;

- else

- victim->parent->right = succ;

- data = victim->data;

- efree(victim);

+ if (z->left == rbnil(tree) || z->right == rbnil(tree))

+ y = z;

+ else

+ y = rbsuccessor(tree, z);

+ x = (y->left == rbnil(tree)) ? y->right : y->left;

+ if ((x->parent = y->parent) == rbroot(tree)) {

+ rbfirst(tree) = x;

} else {

- pred = victim->left == rbnil(tree) ? victim->right : victim->left;

- if (victim->parent == rbroot(tree)) {

- pred->parent = rbroot(tree);

- rbfirst(tree) = pred;

- } else {

- if (victim == victim->parent->left)

- victim->parent->left = pred;

- else

- victim->parent->right = pred;

- }

- if (victim->color == black)

- rbrepair(tree, pred);

- data = victim->data;

- efree(victim);

+ if (y == y->parent->left)

+ y->parent->left = x;

+ else

+ y->parent->right = x;

+ }

+ if (y->color == black)

+ rbrepair(tree, x);

+ if (y != z) {

+ y->left = z->left;

+ y->right = z->right;

+ y->parent = z->parent;

+ y->color = z->color;

+ z->left->parent = z->right->parent = y;

+ if (z == z->parent->left)

+ z->parent->left = y;

+ else

+ z->parent->right = y;

}

- return(data);

+ free(z);

+ return (data);

}

@@ -433,7 +421,7 @@ rbrepair(tree, node)

{

struct rbnode *sibling;

- while (node->color == black && node != rbfirst(tree)) {

+ while (node->color == black) {

if (node == node->parent->left) {

sibling = node->parent->right;

if (sibling->color == red) {

@@ -456,7 +444,7 @@ rbrepair(tree, node)

node->parent->color = black;

sibling->right->color = black;

rotate_left(tree, node->parent);

- return; /* XXX */

+ break;

}

} else { /* if (node == node->parent->right) */

sibling = node->parent->left;

@@ -480,9 +468,8 @@ rbrepair(tree, node)

node->parent->color = black;

sibling->left->color = black;

rotate_right(tree, node->parent);

- return; /* XXX */

+ break;

}

- node->color = black;

}

diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c
index e8c6b0c7ba9..7191ee14a68 100644
--- a/usr.bin/sudo/sudo.c
+++ b/usr.bin/sudo/sudo.c

@@ -102,7 +102,7 @@

#include "version.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.499 2008/11/11 18:28:08 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.500 2008/11/18 15:57:09 millert Exp $";

#endif /* lint */

diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c
index e75994a2cfd..0eaf1d737cf 100644
--- a/usr.bin/sudo/testsudoers.c
+++ b/usr.bin/sudo/testsudoers.c

@@ -71,7 +71,7 @@

#endif /* HAVE_FNMATCH */

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.127 2008/11/09 14:13:12 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.128 2008/11/19 17:01:20 millert Exp $";

#endif /* lint */

@@ -100,6 +100,13 @@ struct passwd *(*my_getpwuid) __P((uid_t)) = getpwuid;

extern char *optarg;

extern int optind;

+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)

+extern char *malloc_options;

+#endif

+#ifdef YYDEBUG

+extern int yydebug;

+#endif

int print_alias __P((void *, void *));

void dump_sudoers __P((void));

void print_defaults __P((void));

@@ -133,8 +140,11 @@ main(argc, argv)

char *p, *grfile, *pwfile, *runas_group, *runas_user;

char hbuf[MAXHOSTNAMELEN + 1];

int ch, dflag, rval, matched;

-#ifdef YYDEBUG

- extern int yydebug;

+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)

+ malloc_options = "AFGJPR";

+#endif

+#ifdef YYDEBUG

yydebug = 1;

#endif

diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c
index 73919a1e9d6..81b57185395 100644
--- a/usr.bin/sudo/visudo.c
+++ b/usr.bin/sudo/visudo.c

@@ -87,7 +87,7 @@

#include "version.h"

#ifndef lint

-__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.221 2008/11/18 15:50:53 millert Exp $";

+__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.223 2008/11/22 15:12:26 millert Exp $";

#endif /* lint */

struct sudoersfile {

@@ -150,6 +150,10 @@ main(argc, argv)

struct sudoersfile *sp;

char *args, *editor, *sudoers_path;

int ch, checkonly, quiet, strict, oldperms;

+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)

+ extern char *malloc_options;

+ malloc_options = "AFGJPR";

+#endif

Argv = argv;

if ((Argc = argc) < 1)

@@ -913,10 +917,11 @@ check_aliases(strict)

int strict;

{

struct cmndspec *cs;

- struct member *m;

+ struct member *m, *binding;

struct privilege *priv;

struct userspec *us;

- int error = 0;

+ struct defaults *d;

+ int atype, error = 0;

/* Forward check. */

tq_foreach_fwd(&userspecs, us) {

@@ -985,6 +990,31 @@ check_aliases(strict)

}

+ tq_foreach_fwd(&defaults, d) {

+ switch (d->type) {

+ case DEFAULTS_HOST:

+ atype = HOSTALIAS;

+ break;

+ case DEFAULTS_USER:

+ atype = USERALIAS;

+ break;

+ case DEFAULTS_RUNAS:

+ atype = RUNASALIAS;

+ break;

+ case DEFAULTS_CMND:

+ atype = CMNDALIAS;

+ break;

+ default:

+ continue; /* not an alias */

+ }

+ tq_foreach_fwd(&d->binding, binding) {

+ for (m = binding; m != NULL; m = m->next) {

+ if (m->type == ALIAS)

+ (void) alias_remove(m->name, atype);

+ }

/* If all aliases were referenced we will have an empty tree. */

if (no_aliases())

return(0);