/src/sudo/plugins/sudoers/alias.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * SPDX-License-Identifier: ISC |
3 | | * |
4 | | * Copyright (c) 2004-2005, 2007-2021, 2023 |
5 | | * Todd C. Miller <Todd.Miller@sudo.ws> |
6 | | * |
7 | | * Permission to use, copy, modify, and distribute this software for any |
8 | | * purpose with or without fee is hereby granted, provided that the above |
9 | | * copyright notice and this permission notice appear in all copies. |
10 | | * |
11 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
12 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
13 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
14 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
15 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
16 | | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
17 | | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | | */ |
19 | | |
20 | | /* |
21 | | * This is an open source non-commercial project. Dear PVS-Studio, please check it. |
22 | | * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com |
23 | | */ |
24 | | |
25 | | /* |
26 | | * This is an open source non-commercial project. Dear PVS-Studio, please check it. |
27 | | * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com |
28 | | */ |
29 | | |
30 | | #include <config.h> |
31 | | |
32 | | #include <stdio.h> |
33 | | #include <stdlib.h> |
34 | | #include <string.h> |
35 | | #include <errno.h> |
36 | | |
37 | | #include <sudoers.h> |
38 | | #include <redblack.h> |
39 | | #include <gram.h> |
40 | | |
41 | | /* |
42 | | * Comparison function for the red-black tree. |
43 | | * Aliases are sorted by name with the type used as a tie-breaker. |
44 | | */ |
45 | | static int |
46 | | alias_compare(const void *v1, const void *v2) |
47 | 0 | { |
48 | 0 | const struct alias *a1 = (const struct alias *)v1; |
49 | 0 | const struct alias *a2 = (const struct alias *)v2; |
50 | 0 | int res; |
51 | 0 | debug_decl(alias_compare, SUDOERS_DEBUG_ALIAS); |
52 | |
|
53 | 0 | if (a1 == NULL) |
54 | 0 | res = -1; |
55 | 0 | else if (a2 == NULL) |
56 | 0 | res = 1; |
57 | 0 | else if ((res = strcmp(a1->name, a2->name)) == 0) |
58 | 0 | res = a1->type - a2->type; |
59 | 0 | debug_return_int(res); |
60 | 0 | } |
61 | | |
62 | | /* |
63 | | * Search the tree for an alias with the specified name and type. |
64 | | * Returns a pointer to the alias structure or NULL if not found. |
65 | | * Caller is responsible for calling alias_put() on the returned |
66 | | * alias to mark it as unused. |
67 | | */ |
68 | | struct alias * |
69 | | alias_get(const struct sudoers_parse_tree *parse_tree, const char *name, |
70 | | short type) |
71 | 0 | { |
72 | 0 | struct alias key; |
73 | 0 | struct rbnode *node; |
74 | 0 | struct alias *a = NULL; |
75 | 0 | debug_decl(alias_get, SUDOERS_DEBUG_ALIAS); |
76 | |
|
77 | 0 | if (parse_tree->aliases == NULL) |
78 | 0 | debug_return_ptr(NULL); |
79 | | |
80 | 0 | key.name = (char *)name; |
81 | 0 | key.type = type; |
82 | 0 | if ((node = rbfind(parse_tree->aliases, &key)) != NULL) { |
83 | | /* |
84 | | * Check whether this alias is already in use. |
85 | | * If so, we've detected a loop. If not, set the flag, |
86 | | * which the caller should clear with a call to alias_put(). |
87 | | */ |
88 | 0 | a = node->data; |
89 | 0 | if (a->used) { |
90 | 0 | errno = ELOOP; |
91 | 0 | debug_return_ptr(NULL); |
92 | 0 | } |
93 | 0 | a->used = true; |
94 | 0 | } else { |
95 | 0 | errno = ENOENT; |
96 | 0 | } |
97 | 0 | debug_return_ptr(a); |
98 | 0 | } |
99 | | |
100 | | /* |
101 | | * Clear the "used" flag in an alias once the caller is done with it. |
102 | | */ |
103 | | void |
104 | | alias_put(struct alias *a) |
105 | 0 | { |
106 | 0 | debug_decl(alias_put, SUDOERS_DEBUG_ALIAS); |
107 | 0 | a->used = false; |
108 | 0 | debug_return; |
109 | 0 | } |
110 | | |
111 | | /* |
112 | | * Add an alias to the aliases redblack tree. |
113 | | * Note that "file" must be a reference-counted string. |
114 | | * Returns true on success and false on failure, setting errno. |
115 | | */ |
116 | | bool |
117 | | alias_add(struct sudoers_parse_tree *parse_tree, char *name, |
118 | | short type, char *file, int line, int column, |
119 | | struct member *members) |
120 | 0 | { |
121 | 0 | struct alias *a; |
122 | 0 | debug_decl(alias_add, SUDOERS_DEBUG_ALIAS); |
123 | |
|
124 | 0 | if (parse_tree->aliases == NULL) { |
125 | 0 | if ((parse_tree->aliases = alloc_aliases()) == NULL) |
126 | 0 | debug_return_bool(false); |
127 | 0 | } |
128 | | |
129 | 0 | a = calloc(1, sizeof(*a)); |
130 | 0 | if (a == NULL) |
131 | 0 | debug_return_bool(false); |
132 | | |
133 | | /* Only set elements used by alias_compare() in case there is a dupe. */ |
134 | 0 | a->name = name; |
135 | 0 | a->type = type; |
136 | 0 | switch (rbinsert(parse_tree->aliases, a, NULL)) { |
137 | 0 | case 1: |
138 | 0 | free(a); |
139 | 0 | errno = EEXIST; |
140 | 0 | debug_return_bool(false); |
141 | 0 | case -1: |
142 | 0 | free(a); |
143 | 0 | debug_return_bool(false); |
144 | 0 | } |
145 | | |
146 | | /* |
147 | | * It is now safe to fill in the rest of the alias. We do this last |
148 | | * since it modifies "file" (adds a ref) and "members" (tailq conversion). |
149 | | */ |
150 | | /* a->used = false; */ |
151 | 0 | a->file = sudo_rcstr_addref(file); |
152 | 0 | a->line = line; |
153 | 0 | a->column = column; |
154 | 0 | HLTQ_TO_TAILQ(&a->members, members, entries); |
155 | 0 | debug_return_bool(true); |
156 | 0 | } |
157 | | |
158 | | /* |
159 | | * Closure to adapt 2-arg rbapply() to 3-arg alias_apply(). |
160 | | */ |
161 | | struct alias_apply_closure { |
162 | | struct sudoers_parse_tree *parse_tree; |
163 | | int (*func)(struct sudoers_parse_tree *, struct alias *, void *); |
164 | | void *cookie; |
165 | | }; |
166 | | |
167 | | /* Adapt rbapply() to alias_apply() calling convention. */ |
168 | | static int |
169 | | alias_apply_func(void *v1, void *v2) |
170 | 0 | { |
171 | 0 | struct alias *a = v1; |
172 | 0 | struct alias_apply_closure *closure = v2; |
173 | |
|
174 | 0 | return closure->func(closure->parse_tree, a, closure->cookie); |
175 | 0 | } |
176 | | |
177 | | /* |
178 | | * Apply a function to each alias entry and pass in a cookie. |
179 | | */ |
180 | | bool |
181 | | alias_apply(struct sudoers_parse_tree *parse_tree, |
182 | | int (*func)(struct sudoers_parse_tree *, struct alias *, void *), |
183 | | void *cookie) |
184 | 0 | { |
185 | 0 | struct alias_apply_closure closure; |
186 | 0 | bool ret = true; |
187 | 0 | debug_decl(alias_apply, SUDOERS_DEBUG_ALIAS); |
188 | |
|
189 | 0 | if (parse_tree->aliases != NULL) { |
190 | 0 | closure.parse_tree = parse_tree; |
191 | 0 | closure.func = func; |
192 | 0 | closure.cookie = cookie; |
193 | 0 | if (rbapply(parse_tree->aliases, alias_apply_func, &closure, inorder) != 0) |
194 | 0 | ret = false; |
195 | 0 | } |
196 | |
|
197 | 0 | debug_return_bool(ret); |
198 | 0 | } |
199 | | |
200 | | /* |
201 | | * Returns true if there are no aliases in the parse_tree, else false. |
202 | | */ |
203 | | bool |
204 | | no_aliases(const struct sudoers_parse_tree *parse_tree) |
205 | 1 | { |
206 | 1 | debug_decl(no_aliases, SUDOERS_DEBUG_ALIAS); |
207 | 1 | debug_return_bool(parse_tree->aliases == NULL || |
208 | 1 | rbisempty(parse_tree->aliases)); |
209 | 1 | } |
210 | | |
211 | | /* |
212 | | * Free memory used by an alias struct and its members. |
213 | | */ |
214 | | void |
215 | | alias_free(void *v) |
216 | 0 | { |
217 | 0 | struct alias *a = (struct alias *)v; |
218 | 0 | debug_decl(alias_free, SUDOERS_DEBUG_ALIAS); |
219 | |
|
220 | 0 | if (a != NULL) { |
221 | 0 | free(a->name); |
222 | 0 | sudo_rcstr_delref(a->file); |
223 | 0 | free_members(&a->members); |
224 | 0 | free(a); |
225 | 0 | } |
226 | |
|
227 | 0 | debug_return; |
228 | 0 | } |
229 | | |
230 | | /* |
231 | | * Find the named alias, remove it from the tree and return it. |
232 | | */ |
233 | | struct alias * |
234 | | alias_remove(struct sudoers_parse_tree *parse_tree, const char *name, |
235 | | short type) |
236 | 0 | { |
237 | 0 | struct rbnode *node; |
238 | 0 | struct alias key; |
239 | 0 | debug_decl(alias_remove, SUDOERS_DEBUG_ALIAS); |
240 | |
|
241 | 0 | if (parse_tree->aliases != NULL) { |
242 | 0 | key.name = (char *)name; |
243 | 0 | key.type = type; |
244 | 0 | if ((node = rbfind(parse_tree->aliases, &key)) != NULL) |
245 | 0 | debug_return_ptr(rbdelete(parse_tree->aliases, node)); |
246 | 0 | } |
247 | 0 | errno = ENOENT; |
248 | 0 | debug_return_ptr(NULL); |
249 | 0 | } |
250 | | |
251 | | struct rbtree * |
252 | | alloc_aliases(void) |
253 | 1 | { |
254 | 1 | debug_decl(alloc_aliases, SUDOERS_DEBUG_ALIAS); |
255 | | |
256 | 1 | debug_return_ptr(rbcreate(alias_compare)); |
257 | 1 | } |
258 | | |
259 | | void |
260 | | free_aliases(struct rbtree *aliases) |
261 | 54.9k | { |
262 | 54.9k | debug_decl(free_aliases, SUDOERS_DEBUG_ALIAS); |
263 | | |
264 | 54.9k | if (aliases != NULL) |
265 | 1 | rbdestroy(aliases, alias_free); |
266 | 54.9k | } |
267 | | |
268 | | const char * |
269 | | alias_type_to_string(short alias_type) |
270 | 0 | { |
271 | 0 | return alias_type == HOSTALIAS ? "Host_Alias" : |
272 | 0 | alias_type == CMNDALIAS ? "Cmnd_Alias" : |
273 | 0 | alias_type == USERALIAS ? "User_Alias" : |
274 | 0 | alias_type == RUNASALIAS ? "Runas_Alias" : |
275 | 0 | "Invalid_Alias"; |
276 | 0 | } |
277 | | |
278 | | /* |
279 | | * Remove the alias of the specified type as well as any other aliases |
280 | | * referenced by that alias. Stores removed aliases in a freelist. |
281 | | */ |
282 | | static bool |
283 | | alias_remove_recursive(struct sudoers_parse_tree *parse_tree, char *name, |
284 | | short type, struct rbtree *freelist) |
285 | 0 | { |
286 | 0 | struct member *m; |
287 | 0 | struct alias *a; |
288 | 0 | bool ret = true; |
289 | 0 | debug_decl(alias_remove_recursive, SUDOERS_DEBUG_ALIAS); |
290 | |
|
291 | 0 | if ((a = alias_remove(parse_tree, name, type)) != NULL) { |
292 | 0 | TAILQ_FOREACH(m, &a->members, entries) { |
293 | 0 | if (m->type == ALIAS) { |
294 | 0 | if (!alias_remove_recursive(parse_tree, m->name, type, freelist)) |
295 | 0 | ret = false; |
296 | 0 | } |
297 | 0 | } |
298 | 0 | if (rbinsert(freelist, a, NULL) != 0) |
299 | 0 | ret = false; |
300 | 0 | } |
301 | 0 | debug_return_bool(ret); |
302 | 0 | } |
303 | | |
304 | | static int |
305 | | alias_find_used_members(struct sudoers_parse_tree *parse_tree, |
306 | | struct member_list *members, short atype, struct rbtree *used_aliases) |
307 | 0 | { |
308 | 0 | struct member *m; |
309 | 0 | int errors = 0; |
310 | 0 | debug_decl(alias_find_used_members, SUDOERS_DEBUG_ALIAS); |
311 | |
|
312 | 0 | if (members != NULL) { |
313 | 0 | TAILQ_FOREACH(m, members, entries) { |
314 | 0 | if (m->type != ALIAS) |
315 | 0 | continue; |
316 | 0 | if (!alias_remove_recursive(parse_tree, m->name, atype, used_aliases)) |
317 | 0 | errors++; |
318 | 0 | } |
319 | 0 | } |
320 | |
|
321 | 0 | debug_return_int(errors); |
322 | 0 | } |
323 | | |
324 | | /* |
325 | | * Move all aliases referenced by userspecs to used_aliases. |
326 | | */ |
327 | | bool |
328 | | alias_find_used(struct sudoers_parse_tree *parse_tree, struct rbtree *used_aliases) |
329 | 1 | { |
330 | 1 | struct privilege *priv; |
331 | 1 | struct userspec *us; |
332 | 1 | struct cmndspec *cs; |
333 | 1 | struct defaults *d; |
334 | 1 | struct member *m; |
335 | 1 | int errors = 0; |
336 | 1 | debug_decl(alias_find_used, SUDOERS_DEBUG_ALIAS); |
337 | | |
338 | | /* Move referenced aliases to used_aliases. */ |
339 | 1 | TAILQ_FOREACH(us, &parse_tree->userspecs, entries) { |
340 | 0 | errors += alias_find_used_members(parse_tree, &us->users, |
341 | 0 | USERALIAS, used_aliases); |
342 | 0 | TAILQ_FOREACH(priv, &us->privileges, entries) { |
343 | 0 | errors += alias_find_used_members(parse_tree, &priv->hostlist, |
344 | 0 | HOSTALIAS, used_aliases); |
345 | 0 | TAILQ_FOREACH(cs, &priv->cmndlist, entries) { |
346 | 0 | errors += alias_find_used_members(parse_tree, cs->runasuserlist, |
347 | 0 | RUNASALIAS, used_aliases); |
348 | 0 | errors += alias_find_used_members(parse_tree, cs->runasgrouplist, |
349 | 0 | RUNASALIAS, used_aliases); |
350 | 0 | if ((m = cs->cmnd)->type == ALIAS) { |
351 | 0 | if (!alias_remove_recursive(parse_tree, m->name, CMNDALIAS, |
352 | 0 | used_aliases)) |
353 | 0 | errors++; |
354 | 0 | } |
355 | 0 | } |
356 | 0 | } |
357 | 0 | } |
358 | 1 | TAILQ_FOREACH(d, &parse_tree->defaults, entries) { |
359 | 0 | switch (d->type) { |
360 | 0 | case DEFAULTS_HOST: |
361 | 0 | errors += alias_find_used_members(parse_tree, |
362 | 0 | &d->binding->members, HOSTALIAS, used_aliases); |
363 | 0 | break; |
364 | 0 | case DEFAULTS_USER: |
365 | 0 | errors += alias_find_used_members(parse_tree, |
366 | 0 | &d->binding->members, USERALIAS, used_aliases); |
367 | 0 | break; |
368 | 0 | case DEFAULTS_RUNAS: |
369 | 0 | errors += alias_find_used_members(parse_tree, |
370 | 0 | &d->binding->members, RUNASALIAS, used_aliases); |
371 | 0 | break; |
372 | 0 | case DEFAULTS_CMND: |
373 | 0 | errors += alias_find_used_members(parse_tree, |
374 | 0 | &d->binding->members, CMNDALIAS, used_aliases); |
375 | 0 | break; |
376 | 0 | default: |
377 | 0 | break; |
378 | 0 | } |
379 | 0 | } |
380 | | |
381 | 1 | debug_return_bool(errors ? false : true); |
382 | 1 | } |