diff options
-rw-r--r-- | usr.bin/sudo/auth/afs.c | 5 | ||||
-rw-r--r-- | usr.bin/sudo/auth/aix_auth.c | 15 | ||||
-rw-r--r-- | usr.bin/sudo/auth/bsdauth.c | 11 | ||||
-rw-r--r-- | usr.bin/sudo/auth/fwtk.c | 11 | ||||
-rw-r--r-- | usr.bin/sudo/auth/kerb4.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/auth/kerb5.c | 28 | ||||
-rw-r--r-- | usr.bin/sudo/auth/pam.c | 17 | ||||
-rw-r--r-- | usr.bin/sudo/auth/securid.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/auth/securid5.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/auth/sia.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/auth/sudo_auth.c | 34 | ||||
-rw-r--r-- | usr.bin/sudo/auth/sudo_auth.h | 10 | ||||
-rw-r--r-- | usr.bin/sudo/redblack.c | 93 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.c | 2 | ||||
-rw-r--r-- | usr.bin/sudo/testsudoers.c | 16 | ||||
-rw-r--r-- | usr.bin/sudo/visudo.c | 36 |
16 files changed, 170 insertions, 124 deletions
diff --git a/usr.bin/sudo/auth/afs.c b/usr.bin/sudo/auth/afs.c index 46951d68d23..fed48ba0673 100644 --- a/usr.bin/sudo/auth/afs.c +++ b/usr.bin/sudo/auth/afs.c @@ -1,5 +1,6 @@ /* - * Copyright (c) 1999, 2001-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999, 2001-2005, 2007 + * Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -50,7 +51,7 @@ #include <afs/kautils.h> #ifndef lint -__unused static const char rcsid[] = "$Sudo: afs.c,v 1.14 2007/08/31 23:30:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: afs.c,v 1.15 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ int diff --git a/usr.bin/sudo/auth/aix_auth.c b/usr.bin/sudo/auth/aix_auth.c index 7b7eaedc5a1..14343efb014 100644 --- a/usr.bin/sudo/auth/aix_auth.c +++ b/usr.bin/sudo/auth/aix_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -47,7 +47,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.22 2007/06/21 22:28:40 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: aix_auth.c,v 1.25 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ /* @@ -75,3 +75,14 @@ aixauth_verify(pw, prompt, auth) } return(rval); } + +int +aixauth_cleanup(pw, auth) + struct passwd *pw; + sudo_auth *auth; +{ + /* Unset AUTHSTATE as it may not be correct for the runas user. */ + sudo_unsetenv("AUTHSTATE"); + + return(AUTH_SUCCESS); +} diff --git a/usr.bin/sudo/auth/bsdauth.c b/usr.bin/sudo/auth/bsdauth.c index e093e82ee81..aae7fd68991 100644 --- a/usr.bin/sudo/auth/bsdauth.c +++ b/usr.bin/sudo/auth/bsdauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 2000-2005, 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -52,7 +52,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: bsdauth.c,v 1.21 2008/03/30 21:36:51 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: bsdauth.c,v 1.23 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ extern char *login_style; /* from sudo.c */ @@ -104,7 +104,6 @@ bsdauth_verify(pw, prompt, auth) int authok = 0; sigaction_t sa, osa; auth_session_t *as = (auth_session_t *) auth->data; - extern int nil_pw; /* save old signal handler */ sigemptyset(&sa.sa_mask); @@ -142,9 +141,6 @@ bsdauth_verify(pw, prompt, auth) } } - if (!pass || *pass == '\0') /* ^C or empty password */ - nil_pw = 1; - if (pass) { authok = auth_userresponse(as, pass, 1); zero_bytes(pass, strlen(pass)); @@ -156,6 +152,9 @@ bsdauth_verify(pw, prompt, auth) if (authok) return(AUTH_SUCCESS); + if (!pass) + return(AUTH_INTR); + if ((s = auth_getvalue(as, "errormsg")) != NULL) log_error(NO_EXIT|NO_MAIL, "%s", s); return(AUTH_FAILURE); diff --git a/usr.bin/sudo/auth/fwtk.c b/usr.bin/sudo/auth/fwtk.c index 8bbf5a3d9dc..d09b132d7fa 100644 --- a/usr.bin/sudo/auth/fwtk.c +++ b/usr.bin/sudo/auth/fwtk.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2008 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -50,7 +50,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: fwtk.c,v 1.27 2005/02/12 22:56:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: fwtk.c,v 1.29 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ int @@ -95,7 +95,6 @@ fwtk_verify(pw, prompt, auth) char buf[SUDO_PASS_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; - extern int nil_pw; /* Send username to authentication server. */ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); @@ -127,10 +126,8 @@ restart: return(AUTH_FATAL); } if (!pass) { /* ^C or error */ - nil_pw = 1; - return(AUTH_FAILURE); - } else if (*pass == '\0') /* empty password */ - nil_pw = 1; + return(AUTH_INTR); + } /* Send the user's response to the server */ (void) snprintf(buf, sizeof(buf), "response '%s'", pass); diff --git a/usr.bin/sudo/auth/kerb4.c b/usr.bin/sudo/auth/kerb4.c index 9179ee33137..2f6c1099c9c 100644 --- a/usr.bin/sudo/auth/kerb4.c +++ b/usr.bin/sudo/auth/kerb4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -48,7 +48,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb4.c,v 1.15 2007/08/31 23:30:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: kerb4.c,v 1.16 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ int diff --git a/usr.bin/sudo/auth/kerb5.c b/usr.bin/sudo/auth/kerb5.c index 72693a88df8..5e17685bc06 100644 --- a/usr.bin/sudo/auth/kerb5.c +++ b/usr.bin/sudo/auth/kerb5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -54,7 +54,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.34 2008/02/13 22:17:14 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: kerb5.c,v 1.36 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ #ifdef HAVE_HEIMDAL @@ -74,6 +74,24 @@ static struct _sudo_krb5_data { } sudo_krb5_data = { NULL, NULL, NULL }; typedef struct _sudo_krb5_data *sudo_krb5_datap; +#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC +static krb5_error_code +krb5_get_init_creds_opt_alloc(context, opts) + krb5_context context; + krb5_get_init_creds_opt **opts; +{ + *opts = emalloc(sizeof(krb5_get_init_creds_opt)); + return 0; +} + +static void +krb5_get_init_creds_opt_free(opts) + krb5_get_init_creds_opt *opts; +{ + free(opts); +} +#endif + int kerb5_init(pw, promptp, auth) struct passwd *pw; @@ -220,10 +238,10 @@ kerb5_verify(pw, pass, auth) done: if (opts) { -#ifdef HAVE_HEIMDAL - krb5_get_init_creds_opt_free(opts); -#else +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS krb5_get_init_creds_opt_free(sudo_context, opts); +#else + krb5_get_init_creds_opt_free(opts); #endif } if (creds) diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c index e0dd059b011..af448de7071 100644 --- a/usr.bin/sudo/auth/pam.c +++ b/usr.bin/sudo/auth/pam.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -72,12 +72,13 @@ #endif #ifndef lint -__unused static const char rcsid[] = "$Sudo: pam.c,v 1.62 2008/02/22 20:19:34 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: pam.c,v 1.64 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ static int sudo_conv __P((int, PAM_CONST struct pam_message **, struct pam_response **, void *)); static char *def_prompt; +static int gotintr; #ifndef PAM_DATA_SILENT #define PAM_DATA_SILENT 0 @@ -162,6 +163,10 @@ pam_verify(pw, prompt, auth) } /* FALLTHROUGH */ case PAM_AUTH_ERR: + if (gotintr) { + /* error or ^C from tgetpass() */ + return(AUTH_INTR); + } case PAM_MAXTRIES: case PAM_PERM_DENIED: return(AUTH_FAILURE); @@ -251,7 +256,6 @@ sudo_conv(num_msg, msg, response, appdata_ptr) const char *prompt; char *pass; int n, flags, std_prompt; - extern int nil_pw; if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL) return(PAM_CONV_ERR); @@ -286,14 +290,11 @@ sudo_conv(num_msg, msg, response, appdata_ptr) pass = tgetpass(prompt, def_passwd_timeout * 60, flags); if (pass == NULL) { /* We got ^C instead of a password; abort quickly. */ - nil_pw = 1; + gotintr = 1; goto err; } pr->resp = estrdup(pass); - if (*pr->resp == '\0') - nil_pw = 1; /* empty password */ - else - zero_bytes(pass, strlen(pass)); + zero_bytes(pass, strlen(pass)); break; case PAM_TEXT_INFO: if (pm->msg) diff --git a/usr.bin/sudo/auth/securid.c b/usr.bin/sudo/auth/securid.c index f70142b0a58..8ec7bbeff7c 100644 --- a/usr.bin/sudo/auth/securid.c +++ b/usr.bin/sudo/auth/securid.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -54,7 +54,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: securid.c,v 1.17 2007/08/31 23:30:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: securid.c,v 1.18 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ union config_record configure; diff --git a/usr.bin/sudo/auth/securid5.c b/usr.bin/sudo/auth/securid5.c index 254211460d3..db254c2f51a 100644 --- a/usr.bin/sudo/auth/securid5.c +++ b/usr.bin/sudo/auth/securid5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 2002 Michael Stroucken <michael@stroucken.org> * * Permission to use, copy, modify, and distribute this software for any @@ -56,7 +56,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.12 2007/08/31 23:30:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: securid5.c,v 1.13 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ /* diff --git a/usr.bin/sudo/auth/sia.c b/usr.bin/sudo/auth/sia.c index af379cac208..852e8c77dc5 100644 --- a/usr.bin/sudo/auth/sia.c +++ b/usr.bin/sudo/auth/sia.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -50,7 +50,7 @@ #include "sudo_auth.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: sia.c,v 1.18 2007/08/31 23:30:07 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: sia.c,v 1.19 2008/11/09 14:13:13 millert Exp $"; #endif /* lint */ static int sudo_collect __P((int, int, uchar_t *, int, prompt_t *)); diff --git a/usr.bin/sudo/auth/sudo_auth.c b/usr.bin/sudo/auth/sudo_auth.c index eb0b04a8030..509f26ff5b0 100644 --- a/usr.bin/sudo/auth/sudo_auth.c +++ b/usr.bin/sudo/auth/sudo_auth.c @@ -53,7 +53,7 @@ #include "insults.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.37 2008/03/02 14:31:57 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: sudo_auth.c,v 1.38 2008/11/07 17:45:52 millert Exp $"; #endif /* lint */ sudo_auth auth_switch[] = { @@ -88,8 +88,6 @@ sudo_auth auth_switch[] = { AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL) }; -int nil_pw; /* I hate resorting to globals like this... */ - void verify_user(pw, prompt) struct passwd *pw; @@ -156,14 +154,11 @@ verify_user(pw, prompt) } /* Get the password unless the auth function will do it for us */ - nil_pw = 0; #ifdef AUTH_STANDALONE p = prompt; #else p = (char *) tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags); - if (!p || *p == '\0') - nil_pw = 1; #endif /* AUTH_STANDALONE */ /* Call authentication functions. */ @@ -186,15 +181,6 @@ verify_user(pw, prompt) if (p) zero_bytes(p, strlen(p)); #endif - - /* Exit loop on nil password, but give it a chance to match first. */ - if (nil_pw) { - if (counter == def_passwd_tries) - exit(1); - else - break; - } - if (!ISSET(tgetpass_flags, TGP_ASKPASS)) pass_warn(stderr); } @@ -219,14 +205,18 @@ cleanup: case AUTH_SUCCESS: (void) sigaction(SIGTSTP, &osa, NULL); return; + case AUTH_INTR: case AUTH_FAILURE: - if (def_mail_badpass || def_mail_always) - flags = 0; - else - flags = NO_MAIL; - log_error(flags, "%d incorrect password attempt%s", - def_passwd_tries - counter, - (def_passwd_tries - counter == 1) ? "" : "s"); + if (counter != def_passwd_tries) { + if (def_mail_badpass || def_mail_always) + flags = 0; + else + flags = NO_MAIL; + log_error(flags, "%d incorrect password attempt%s", + def_passwd_tries - counter, + (def_passwd_tries - counter == 1) ? "" : "s"); + } + /* FALLTHROUGH */ case AUTH_FATAL: exit(1); } diff --git a/usr.bin/sudo/auth/sudo_auth.h b/usr.bin/sudo/auth/sudo_auth.h index 74b82f4a9f5..5214fb1a57d 100644 --- a/usr.bin/sudo/auth/sudo_auth.h +++ b/usr.bin/sudo/auth/sudo_auth.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com> + * Copyright (c) 1999-2005, 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * $Sudo: sudo_auth.h,v 1.23 2007/08/31 23:30:07 millert Exp $ + * $Sudo: sudo_auth.h,v 1.27 2008/11/18 12:54:51 millert Exp $ */ #ifndef SUDO_AUTH_H @@ -22,7 +22,8 @@ /* Auth function return values. */ #define AUTH_SUCCESS 0 #define AUTH_FAILURE 1 -#define AUTH_FATAL 2 +#define AUTH_INTR 2 +#define AUTH_FATAL 3 typedef struct sudo_auth { short flags; /* various flags, see below */ @@ -57,6 +58,7 @@ int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); int sia_cleanup __P((struct passwd *pw, sudo_auth *auth)); int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); +int aixauth_cleanup __P((struct passwd *pw, sudo_auth *auth)); int bsdauth_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth)); @@ -99,7 +101,7 @@ int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); #elif defined(HAVE_AIXAUTH) # define AUTH_STANDALONE \ AUTH_ENTRY(0, "aixauth", \ - NULL, NULL, aixauth_verify, NULL) + NULL, NULL, aixauth_verify, aixauth_cleanup) #elif defined(HAVE_FWTK) # define AUTH_STANDALONE \ AUTH_ENTRY(0, "fwtk", \ diff --git a/usr.bin/sudo/redblack.c b/usr.bin/sudo/redblack.c index eba310a4427..555e9385f30 100644 --- a/usr.bin/sudo/redblack.c +++ b/usr.bin/sudo/redblack.c @@ -18,6 +18,8 @@ * Adapted from the following code written by Emin Martinian: * http://web.mit.edu/~emin/www/source_code/red_black_tree/index.html * + * Copyright (c) 2001 Emin Martinian + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that neither the name of Emin * Martinian nor the names of any contributors are be used to endorse or @@ -56,7 +58,7 @@ #include "redblack.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: redblack.c,v 1.8 2008/11/09 14:13:12 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: redblack.c,v 1.10 2008/11/22 15:01:25 millert Exp $"; #endif /* lint */ static void rbrepair __P((struct rbtree *, struct rbnode *)); @@ -367,59 +369,45 @@ rbdestroy(tree, destroy) } /* - * Delete victim from tree and return its data pointer. + * Delete node 'z' from the tree and return its data pointer. */ -void * -rbdelete(tree, victim) - struct rbtree *tree; - struct rbnode *victim; +void *rbdelete(tree, z) + struct rbtree* tree; + struct rbnode* z; { - struct rbnode *pred, *succ; - void *data; + struct rbnode *x, *y; + void *data = z->data; - if (victim->left != rbnil(tree) && victim->right != rbnil(tree)) { - succ = rbsuccessor(tree, victim); - pred = succ->left == rbnil(tree) ? succ->right : succ->left; - if (succ->parent == rbroot(tree)) { - pred->parent = rbroot(tree); - rbfirst(tree) = pred; - } else { - if (succ == succ->parent->left) - succ->parent->left = pred; - else - succ->parent->right = pred; - } - if ((succ->color == black)) - rbrepair(tree, pred); - - succ->left = victim->left; - succ->right = victim->right; - succ->parent = victim->parent; - succ->color = victim->color; - victim->left->parent = victim->right->parent = succ; - if (victim == victim->parent->left) - victim->parent->left = succ; - else - victim->parent->right = succ; - data = victim->data; - efree(victim); + if (z->left == rbnil(tree) || z->right == rbnil(tree)) + y = z; + else + y = rbsuccessor(tree, z); + x = (y->left == rbnil(tree)) ? y->right : y->left; + + if ((x->parent = y->parent) == rbroot(tree)) { + rbfirst(tree) = x; } else { - pred = victim->left == rbnil(tree) ? victim->right : victim->left; - if (victim->parent == rbroot(tree)) { - pred->parent = rbroot(tree); - rbfirst(tree) = pred; - } else { - if (victim == victim->parent->left) - victim->parent->left = pred; - else - victim->parent->right = pred; - } - if (victim->color == black) - rbrepair(tree, pred); - data = victim->data; - efree(victim); + if (y == y->parent->left) + y->parent->left = x; + else + y->parent->right = x; + } + if (y->color == black) + rbrepair(tree, x); + if (y != z) { + y->left = z->left; + y->right = z->right; + y->parent = z->parent; + y->color = z->color; + z->left->parent = z->right->parent = y; + if (z == z->parent->left) + z->parent->left = y; + else + z->parent->right = y; } - return(data); + free(z); + + return (data); } /* @@ -433,7 +421,7 @@ rbrepair(tree, node) { struct rbnode *sibling; - while (node->color == black && node != rbfirst(tree)) { + while (node->color == black) { if (node == node->parent->left) { sibling = node->parent->right; if (sibling->color == red) { @@ -456,7 +444,7 @@ rbrepair(tree, node) node->parent->color = black; sibling->right->color = black; rotate_left(tree, node->parent); - return; /* XXX */ + break; } } else { /* if (node == node->parent->right) */ sibling = node->parent->left; @@ -480,9 +468,8 @@ rbrepair(tree, node) node->parent->color = black; sibling->left->color = black; rotate_right(tree, node->parent); - return; /* XXX */ + break; } } } - node->color = black; } diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index e8c6b0c7ba9..7191ee14a68 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -102,7 +102,7 @@ #include "version.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.499 2008/11/11 18:28:08 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.500 2008/11/18 15:57:09 millert Exp $"; #endif /* lint */ /* diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c index e75994a2cfd..0eaf1d737cf 100644 --- a/usr.bin/sudo/testsudoers.c +++ b/usr.bin/sudo/testsudoers.c @@ -71,7 +71,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.127 2008/11/09 14:13:12 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: testsudoers.c,v 1.128 2008/11/19 17:01:20 millert Exp $"; #endif /* lint */ @@ -100,6 +100,13 @@ struct passwd *(*my_getpwuid) __P((uid_t)) = getpwuid; extern char *optarg; extern int optind; +#if defined(SUDO_DEVEL) && defined(__OpenBSD__) +extern char *malloc_options; +#endif +#ifdef YYDEBUG +extern int yydebug; +#endif + int print_alias __P((void *, void *)); void dump_sudoers __P((void)); void print_defaults __P((void)); @@ -133,8 +140,11 @@ main(argc, argv) char *p, *grfile, *pwfile, *runas_group, *runas_user; char hbuf[MAXHOSTNAMELEN + 1]; int ch, dflag, rval, matched; -#ifdef YYDEBUG - extern int yydebug; + +#if defined(SUDO_DEVEL) && defined(__OpenBSD__) + malloc_options = "AFGJPR"; +#endif +#ifdef YYDEBUG yydebug = 1; #endif diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c index 73919a1e9d6..81b57185395 100644 --- a/usr.bin/sudo/visudo.c +++ b/usr.bin/sudo/visudo.c @@ -87,7 +87,7 @@ #include "version.h" #ifndef lint -__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.221 2008/11/18 15:50:53 millert Exp $"; +__unused static const char rcsid[] = "$Sudo: visudo.c,v 1.223 2008/11/22 15:12:26 millert Exp $"; #endif /* lint */ struct sudoersfile { @@ -150,6 +150,10 @@ main(argc, argv) struct sudoersfile *sp; char *args, *editor, *sudoers_path; int ch, checkonly, quiet, strict, oldperms; +#if defined(SUDO_DEVEL) && defined(__OpenBSD__) + extern char *malloc_options; + malloc_options = "AFGJPR"; +#endif Argv = argv; if ((Argc = argc) < 1) @@ -913,10 +917,11 @@ check_aliases(strict) int strict; { struct cmndspec *cs; - struct member *m; + struct member *m, *binding; struct privilege *priv; struct userspec *us; - int error = 0; + struct defaults *d; + int atype, error = 0; /* Forward check. */ tq_foreach_fwd(&userspecs, us) { @@ -985,6 +990,31 @@ check_aliases(strict) } } } + tq_foreach_fwd(&defaults, d) { + switch (d->type) { + case DEFAULTS_HOST: + atype = HOSTALIAS; + break; + case DEFAULTS_USER: + atype = USERALIAS; + break; + case DEFAULTS_RUNAS: + atype = RUNASALIAS; + break; + case DEFAULTS_CMND: + atype = CMNDALIAS; + break; + default: + continue; /* not an alias */ + } + tq_foreach_fwd(&d->binding, binding) { + for (m = binding; m != NULL; m = m->next) { + if (m->type == ALIAS) + (void) alias_remove(m->name, atype); + } + } + } + /* If all aliases were referenced we will have an empty tree. */ if (no_aliases()) return(0); |