/src/sudo/plugins/sudoers/regress/fuzz/fuzz_sudoers.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2021-2023 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <config.h>

#include <sys/socket.h>

#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <pwd.h>
#include <unistd.h>
#if defined(HAVE_STDINT_H)
# include <stdint.h>
#elif defined(HAVE_INTTYPES_H)
# include <inttypes.h>
#endif
#include <netinet/in.h>
#include <arpa/inet.h>
#ifdef NEED_RESOLV_H
# include <arpa/nameser.h>
# include <resolv.h>
#endif /* NEED_RESOLV_H */
#include <netdb.h>

#include <sudoers.h>
#include <interfaces.h>

static int fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback);
static int fuzz_printf(int msg_type, const char * restrict fmt, ...);
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

/* For set_cmnd_path() */
static const char *orig_cmnd;

/* Required to link with parser. */
sudo_conv_t sudo_conv = fuzz_conversation;
sudo_printf_t sudo_printf = fuzz_printf;

FILE *
open_sudoers(const char *file, char **outfile, bool doedit, bool *keepopen)
{
    /*
     * If we allow the fuzzer to choose include paths it will
     * include random files in the file system.
     * This leads to bug reports that cannot be reproduced.
     */
    return NULL;
}

static int
fuzz_printf(int msg_type, const char * restrict fmt, ...)
{
    return 0;
}

static int
fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[],
    struct sudo_conv_reply replies[], struct sudo_conv_callback *callback)
{
    int n;

    for (n = 0; n < num_msgs; n++) {
  const struct sudo_conv_message *msg = &msgs[n];

  switch (msg->msg_type & 0xff) {
      case SUDO_CONV_PROMPT_ECHO_ON:
      case SUDO_CONV_PROMPT_MASK:
      case SUDO_CONV_PROMPT_ECHO_OFF:
    /* input not supported */
    return -1;
      case SUDO_CONV_ERROR_MSG:
      case SUDO_CONV_INFO_MSG:
    /* no output for fuzzers */
    break;
      default:
    return -1;
  }
    }
    return 0;
}

bool
init_envtables(void)
{
    return true;
}

int
set_cmnd_path(struct sudoers_context *ctx, const char *runchroot)
{
    /* Reallocate ctx->user.cmnd to catch bugs in command_matches(). */
    char *new_cmnd = strdup(orig_cmnd);
    if (new_cmnd == NULL)
        return NOT_FOUND_ERROR;
    free(ctx->user.cmnd);
    ctx->user.cmnd = new_cmnd;
    return FOUND;
}

/* STUB */
bool
mail_parse_errors(const struct sudoers_context *ctx)
{
    return true;
}

/* STUB */
bool
log_warningx(const struct sudoers_context *ctx, unsigned int flags,
    const char * restrict fmt, ...)
{
    return true;
}

static int
sudo_fuzz_query(struct sudoers_context *ctx, const struct sudo_nss *nss,
    struct passwd *pw)
{
    return 0;
}

static int
cb_unused(struct sudoers_parse_tree *parse_tree, struct alias *a, void *v)
{
    return 0;
}

bool
cb_log_input(struct sudoers_context *ctx, const char *file,
    int line, int column, const union sudo_defs_val *sd_un, int op)
{
    return 0;
}

bool
cb_log_output(struct sudoers_context *ctx, const char *file,
    int line, int column, const union sudo_defs_val *sd_un, int op)
{
    return 0;
}

static FILE *
open_data(const uint8_t *data, size_t size)
{
#ifdef HAVE_FMEMOPEN
    /* Operate in-memory. */
    return fmemopen((void *)data, size, "r");
#else
    char tempfile[] = "/tmp/sudoers.XXXXXX";
    size_t nwritten;
    int fd;

    /* Use (unlinked) temporary file. */
    fd = mkstemp(tempfile);
    if (fd == -1)
  return NULL;
    unlink(tempfile);
    nwritten = write(fd, data, size);
    if (nwritten != size) {
  close(fd);
  return NULL;
    }
    lseek(fd, 0, SEEK_SET);
    return fdopen(fd, "r");
#endif
}

static struct user_data {
    const char *user;
    const char *runuser;
    const char *rungroup;
} user_data[] = {
    { "root", NULL, NULL },
    { "millert", "operator", NULL },
    { "millert", NULL, "wheel" },
    { "operator", NULL, NULL },
    { NULL }
};

int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    struct sudoers_context ctx = { { NULL } };
    struct user_data *ud;
    struct sudo_nss sudo_nss_fuzz;
    struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl);
    struct sudoers_parse_tree parse_tree;
    struct interface_list *interfaces;
    struct passwd *pw;
    struct group *gr;
    const char *gids[10];
    time_t now;
    FILE *fp;

    /* Don't waste time fuzzing tiny inputs. */
    if (size < 5)
        return 0;

    fp = open_data(data, size);
    if (fp == NULL)
        return 0;

    initprogname("fuzz_sudoers");
    sudoers_debug_register(getprogname(), NULL);
    if (getenv("SUDO_FUZZ_VERBOSE") == NULL)
  sudo_warn_set_conversation(fuzz_conversation);

    /* Sudoers locale setup. */
    sudoers_initlocale(setlocale(LC_ALL, ""), "C");
    sudo_warn_set_locale_func(sudoers_warn_setlocale);
    bindtextdomain("sudoers", LOCALEDIR);
    textdomain("sudoers");

    /* Use the sudoers locale for everything. */
    sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL);

    /* Prime the group cache */
    gr = sudo_mkgrent("wheel", 0, "millert", "root", (char *)NULL);
    if (gr == NULL)
  goto done;
    sudo_gr_delref(gr);

    gr = sudo_mkgrent("operator", 5, "operator", "root", "millert", (char *)NULL);
    if (gr == NULL)
  goto done;
    sudo_gr_delref(gr);

    gr = sudo_mkgrent("staff", 20, "root", "millert", (char *)NULL);
    if (gr == NULL)
  goto done;
    sudo_gr_delref(gr);

    gr = sudo_mkgrent("sudo", 100, "root", "millert", (char *)NULL);
    if (gr == NULL)
  goto done;
    sudo_gr_delref(gr);

    /* Prime the passwd cache */
    pw = sudo_mkpwent("root", 0, 0, "/", "/bin/sh");
    if (pw == NULL)
  goto done;
    gids[0] = "0";
    gids[1] = "20";
    gids[2] = "5";
    gids[3] = NULL;
    if (sudo_set_gidlist(pw, -1, NULL, (char **)gids, ENTRY_TYPE_FRONTEND) == -1)
  goto done;
    sudo_pw_delref(pw);

    pw = sudo_mkpwent("operator", 2, 5, "/operator", "/sbin/nologin");
    if (pw == NULL)
  goto done;
    gids[0] = "5";
    gids[1] = NULL;
    if (sudo_set_gidlist(pw, -1, NULL, (char **)gids, ENTRY_TYPE_FRONTEND) == -1)
  goto done;
    sudo_pw_delref(pw);

    pw = sudo_mkpwent("millert", 8036, 20, "/home/millert", "/bin/tcsh");
    if (pw == NULL)
  goto done;
    gids[0] = "0";
    gids[1] = "20";
    gids[2] = "5";
    gids[3] = "100";
    gids[4] = NULL;
    if (sudo_set_gidlist(pw, -1, NULL, (char **)gids, ENTRY_TYPE_FRONTEND) == -1)
  goto done;
    sudo_pw_delref(pw);

    /* The minimum needed to perform matching. */
    ctx.user.host = ctx.user.shost = strdup("localhost");
    ctx.runas.host = ctx.runas.shost = strdup("localhost");
    orig_cmnd = (char *)"/usr/bin/id";
    ctx.user.cmnd = strdup(orig_cmnd);
    ctx.user.cmnd_args = strdup("-u");
    if (ctx.user.host == NULL || ctx.runas.host == NULL ||
      ctx.user.cmnd == NULL || ctx.user.cmnd_args == NULL)
  goto done;
    ctx.user.cmnd_base = sudo_basename(ctx.user.cmnd);
    time(&now);

    /* Add a fake network interfaces. */
    interfaces = get_interfaces();
    if (SLIST_EMPTY(interfaces)) {
  static struct interface interface;

  interface.family = AF_INET;
  inet_pton(AF_INET, "128.138.243.151", &interface.addr.ip4);
  inet_pton(AF_INET, "255.255.255.0", &interface.netmask.ip4);
  SLIST_INSERT_HEAD(interfaces, &interface, entries);
    }

    /* Only one sudoers source, the sudoers file itself. */
    init_parse_tree(&parse_tree, NULL, NULL, &ctx, NULL);
    memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz));
    sudo_nss_fuzz.parse_tree = &parse_tree;
    sudo_nss_fuzz.query = sudo_fuzz_query;
    TAILQ_INSERT_TAIL(&snl, &sudo_nss_fuzz, entries);

    /* Initialize defaults and parse sudoers. */
    init_defaults();
    init_parser(&ctx, "sudoers");
    sudoersrestart(fp);
    sudoersparse();
    reparent_parse_tree(&parse_tree);

    if (!parse_error) {
  /* Match user/host/command against parsed policy. */
  for (ud = user_data; ud->user != NULL; ud++) {
      int cmnd_status;

      /* Invoking user. */
      free(ctx.user.name);
      ctx.user.name = strdup(ud->user);
      if (ctx.user.name == NULL)
    goto done;
      if (ctx.user.pw != NULL)
    sudo_pw_delref(ctx.user.pw);
      ctx.user.pw = sudo_getpwnam(ctx.user.name);
      if (ctx.user.pw == NULL) {
    sudo_warnx_nodebug("unknown user %s", ctx.user.name);
    continue;
      }

      /* Run user. */
      if (ctx.runas.pw != NULL)
    sudo_pw_delref(ctx.runas.pw);
      if (ud->runuser != NULL) {
    ctx.runas.user = (char *)ud->runuser;
    SET(ctx.settings.flags, RUNAS_USER_SPECIFIED);
    ctx.runas.pw = sudo_getpwnam(ctx.runas.user);
      } else {
    ctx.runas.user = NULL;
    CLR(ctx.settings.flags, RUNAS_USER_SPECIFIED);
    ctx.runas.pw = sudo_getpwnam("root");
      }
      if (ctx.runas.pw == NULL) {
    sudo_warnx_nodebug("unknown run user %s", ctx.runas.user);
    continue;
      }

      /* Run group. */
      if (ctx.runas.gr != NULL)
    sudo_gr_delref(ctx.runas.gr);
      if (ud->rungroup != NULL) {
    ctx.runas.group = (char *)ud->rungroup;
    SET(ctx.settings.flags, RUNAS_GROUP_SPECIFIED);
    ctx.runas.gr = sudo_getgrnam(ctx.runas.group);
    if (ctx.runas.gr == NULL) {
        sudo_warnx_nodebug("unknown run group %s",
      ctx.runas.group);
        continue;
    }
      } else {
    ctx.runas.group = NULL;
    CLR(ctx.settings.flags, RUNAS_GROUP_SPECIFIED);
    ctx.runas.gr = NULL;
      }

      update_defaults(&ctx, &parse_tree, NULL, SETDEF_ALL, false);

      sudoers_lookup(&snl, &ctx, now, NULL, NULL, &cmnd_status,
    false);

      /* Match again as a pseudo-command (list, validate, etc). */
      sudoers_lookup(&snl, &ctx, now, NULL, NULL, &cmnd_status,
    true);

      /* Display privileges. */
      display_privs(&ctx, &snl, ctx.user.pw, false);
      display_privs(&ctx, &snl, ctx.user.pw, true);
  }

  /* Expand tildes in runcwd and runchroot. */
  if (ctx.runas.pw != NULL) {
      if (def_runcwd != NULL && strcmp(def_runcwd, "*") != 0) {
    expand_tilde(&def_runcwd, ctx.runas.pw->pw_name);
      }
      if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) {
    expand_tilde(&def_runchroot, ctx.runas.pw->pw_name);
      }
  }

  /* Check Defaults and aliases. */
  check_defaults(&parse_tree, false);
  check_aliases(&parse_tree, true, false, cb_unused);
    }

done:
    /* Cleanup. */
    fclose(fp);
    free_parse_tree(&parse_tree);
    reset_parser();
    sudoers_ctx_free(&ctx);
    sudo_freepwcache();
    sudo_freegrcache();
    sudoers_setlocale(SUDOERS_LOCALE_USER, NULL);
    sudoers_debug_deregister();
    fflush(stdout);

    return 0;
}

Coverage Report

Created: 2025-08-09 06:14

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) 2021-2023 Todd C. Miller <Todd.Miller@sudo.ws>
3		*
4		* Permission to use, copy, modify, and distribute this software for any
5		* purpose with or without fee is hereby granted, provided that the above
6		* copyright notice and this permission notice appear in all copies.
7		*
8		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12		* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13		* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14		* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15		*/
16
17		#include <config.h>
18
19		#include <sys/socket.h>
20
21		#include <stdarg.h>
22		#include <stdio.h>
23		#include <stdlib.h>
24		#include <string.h>
25		#include <fcntl.h>
26		#include <pwd.h>
27		#include <unistd.h>
28		#if defined(HAVE_STDINT_H)
29		# include <stdint.h>
30		#elif defined(HAVE_INTTYPES_H)
31		# include <inttypes.h>
32		#endif
33		#include <netinet/in.h>
34		#include <arpa/inet.h>
35		#ifdef NEED_RESOLV_H
36		# include <arpa/nameser.h>
37		# include <resolv.h>
38		#endif /* NEED_RESOLV_H */
39		#include <netdb.h>
40
41		#include <sudoers.h>
42		#include <interfaces.h>
43
44		static int fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[], struct sudo_conv_reply replies[], struct sudo_conv_callback *callback);
45		static int fuzz_printf(int msg_type, const char * restrict fmt, ...);
46		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
47
48		/* For set_cmnd_path() */
49		static const char *orig_cmnd;
50
51		/* Required to link with parser. */
52		sudo_conv_t sudo_conv = fuzz_conversation;
53		sudo_printf_t sudo_printf = fuzz_printf;
54
55		FILE *
56		open_sudoers(const char file, char outfile, bool doedit, bool keepopen)
57	0	{
58		/*
59		* If we allow the fuzzer to choose include paths it will
60		* include random files in the file system.
61		* This leads to bug reports that cannot be reproduced.
62		*/
63	0	return NULL;
64	0	}
65
66		static int
67		fuzz_printf(int msg_type, const char * restrict fmt, ...)
68	0	{
69	0	return 0;
70	0	}
71
72		static int
73		fuzz_conversation(int num_msgs, const struct sudo_conv_message msgs[],
74		struct sudo_conv_reply replies[], struct sudo_conv_callback *callback)
75	16	{
76	16	int n;
77
78	32	for (n = 0; n < num_msgs; n++) {
79	16	const struct sudo_conv_message *msg = &msgs[n];
80
81	16	switch (msg->msg_type & 0xff) {
82	0	case SUDO_CONV_PROMPT_ECHO_ON:
83	0	case SUDO_CONV_PROMPT_MASK:
84	0	case SUDO_CONV_PROMPT_ECHO_OFF:
85		/* input not supported */
86	0	return -1;
87	0	case SUDO_CONV_ERROR_MSG:
88	16	case SUDO_CONV_INFO_MSG:
89		/* no output for fuzzers */
90	16	break;
91	0	default:
92	0	return -1;
93	16	}
94	16	}
95	16	return 0;
96	16	}
97
98		bool
99		init_envtables(void)
100	4.80k	{
101	4.80k	return true;
102	4.80k	}
103
104		int
105		set_cmnd_path(struct sudoers_context ctx, const char runchroot)
106	0	{
107		/* Reallocate ctx->user.cmnd to catch bugs in command_matches(). */
108	0	char *new_cmnd = strdup(orig_cmnd);
109	0	if (new_cmnd == NULL)
110	0	return NOT_FOUND_ERROR;
111	0	free(ctx->user.cmnd);
112	0	ctx->user.cmnd = new_cmnd;
113	0	return FOUND;
114	0	}
115
116		/* STUB */
117		bool
118		mail_parse_errors(const struct sudoers_context *ctx)
119	50.2k	{
120	50.2k	return true;
121	50.2k	}
122
123		/* STUB */
124		bool
125		log_warningx(const struct sudoers_context *ctx, unsigned int flags,
126		const char * restrict fmt, ...)
127	4.38k	{
128	4.38k	return true;
129	4.38k	}
130
131		static int
132		sudo_fuzz_query(struct sudoers_context ctx, const struct sudo_nss nss,
133		struct passwd *pw)
134	32	{
135	32	return 0;
136	32	}
137
138		static int
139		cb_unused(struct sudoers_parse_tree parse_tree, struct alias a, void *v)
140	0	{
141	0	return 0;
142	0	}
143
144		bool
145		cb_log_input(struct sudoers_context ctx, const char file,
146		int line, int column, const union sudo_defs_val *sd_un, int op)
147		{
148		return 0;
149		}
150
151		bool
152		cb_log_output(struct sudoers_context ctx, const char file,
153		int line, int column, const union sudo_defs_val *sd_un, int op)
154		{
155		return 0;
156		}
157
158		static FILE *
159		open_data(const uint8_t *data, size_t size)
160	7	{
161	7	#ifdef HAVE_FMEMOPEN
162		/* Operate in-memory. */
163	7	return fmemopen((void *)data, size, "r");
164		#else
165		char tempfile[] = "/tmp/sudoers.XXXXXX";
166		size_t nwritten;
167		int fd;
168
169		/* Use (unlinked) temporary file. */
170		fd = mkstemp(tempfile);
171		if (fd == -1)
172		return NULL;
173		unlink(tempfile);
174		nwritten = write(fd, data, size);
175		if (nwritten != size) {
176		close(fd);
177		return NULL;
178		}
179		lseek(fd, 0, SEEK_SET);
180		return fdopen(fd, "r");
181		#endif
182	7	}
183
184		static struct user_data {
185		const char *user;
186		const char *runuser;
187		const char *rungroup;
188		} user_data[] = {
189		{ "root", NULL, NULL },
190		{ "millert", "operator", NULL },
191		{ "millert", NULL, "wheel" },
192		{ "operator", NULL, NULL },
193		{ NULL }
194		};
195
196		int
197		LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
198	7	{
199	7	struct sudoers_context ctx = { { NULL } };
200	7	struct user_data *ud;
201	7	struct sudo_nss sudo_nss_fuzz;
202	7	struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl);
203	7	struct sudoers_parse_tree parse_tree;
204	7	struct interface_list *interfaces;
205	7	struct passwd *pw;
206	7	struct group *gr;
207	7	const char *gids[10];
208	7	time_t now;
209	7	FILE *fp;
210
211		/* Don't waste time fuzzing tiny inputs. */
212	7	if (size < 5)
213	0	return 0;
214
215	7	fp = open_data(data, size);
216	7	if (fp == NULL)
217	0	return 0;
218
219	7	initprogname("fuzz_sudoers");
220	7	sudoers_debug_register(getprogname(), NULL);
221	7	if (getenv("SUDO_FUZZ_VERBOSE") == NULL)
222	7	sudo_warn_set_conversation(fuzz_conversation);
223
224		/* Sudoers locale setup. */
225	7	sudoers_initlocale(setlocale(LC_ALL, ""), "C");
226	7	sudo_warn_set_locale_func(sudoers_warn_setlocale);
227	7	bindtextdomain("sudoers", LOCALEDIR);
228	7	textdomain("sudoers");
229
230		/* Use the sudoers locale for everything. */
231	7	sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL);
232
233		/* Prime the group cache */
234	7	gr = sudo_mkgrent("wheel", 0, "millert", "root", (char *)NULL);
235	7	if (gr == NULL)
236	0	goto done;
237	7	sudo_gr_delref(gr);
238
239	7	gr = sudo_mkgrent("operator", 5, "operator", "root", "millert", (char *)NULL);
240	7	if (gr == NULL)
241	0	goto done;
242	7	sudo_gr_delref(gr);
243
244	7	gr = sudo_mkgrent("staff", 20, "root", "millert", (char *)NULL);
245	7	if (gr == NULL)
246	0	goto done;
247	7	sudo_gr_delref(gr);
248
249	7	gr = sudo_mkgrent("sudo", 100, "root", "millert", (char *)NULL);
250	7	if (gr == NULL)
251	0	goto done;
252	7	sudo_gr_delref(gr);
253
254		/* Prime the passwd cache */
255	7	pw = sudo_mkpwent("root", 0, 0, "/", "/bin/sh");
256	7	if (pw == NULL)
257	0	goto done;
258	7	gids[0] = "0";
259	7	gids[1] = "20";
260	7	gids[2] = "5";
261	7	gids[3] = NULL;
262	7	if (sudo_set_gidlist(pw, -1, NULL, (char **)gids, ENTRY_TYPE_FRONTEND) == -1)
263	0	goto done;
264	7	sudo_pw_delref(pw);
265
266	7	pw = sudo_mkpwent("operator", 2, 5, "/operator", "/sbin/nologin");
267	7	if (pw == NULL)
268	0	goto done;
269	7	gids[0] = "5";
270	7	gids[1] = NULL;
271	7	if (sudo_set_gidlist(pw, -1, NULL, (char **)gids, ENTRY_TYPE_FRONTEND) == -1)
272	0	goto done;
273	7	sudo_pw_delref(pw);
274
275	7	pw = sudo_mkpwent("millert", 8036, 20, "/home/millert", "/bin/tcsh");
276	7	if (pw == NULL)
277	0	goto done;
278	7	gids[0] = "0";
279	7	gids[1] = "20";
280	7	gids[2] = "5";
281	7	gids[3] = "100";
282	7	gids[4] = NULL;
283	7	if (sudo_set_gidlist(pw, -1, NULL, (char **)gids, ENTRY_TYPE_FRONTEND) == -1)
284	0	goto done;
285	7	sudo_pw_delref(pw);
286
287		/* The minimum needed to perform matching. */
288	7	ctx.user.host = ctx.user.shost = strdup("localhost");
289	7	ctx.runas.host = ctx.runas.shost = strdup("localhost");
290	7	orig_cmnd = (char *)"/usr/bin/id";
291	7	ctx.user.cmnd = strdup(orig_cmnd);
292	7	ctx.user.cmnd_args = strdup("-u");
293	7	if (ctx.user.host == NULL \|\| ctx.runas.host == NULL \|\|
294	7	ctx.user.cmnd == NULL \|\| ctx.user.cmnd_args == NULL)
295	0	goto done;
296	7	ctx.user.cmnd_base = sudo_basename(ctx.user.cmnd);
297	7	time(&now);
298
299		/* Add a fake network interfaces. */
300	7	interfaces = get_interfaces();
301	7	if (SLIST_EMPTY(interfaces)) {
302	1	static struct interface interface;
303
304	1	interface.family = AF_INET;
305	1	inet_pton(AF_INET, "128.138.243.151", &interface.addr.ip4);
306	1	inet_pton(AF_INET, "255.255.255.0", &interface.netmask.ip4);
307	1	SLIST_INSERT_HEAD(interfaces, &interface, entries);
308	1	}
309
310		/* Only one sudoers source, the sudoers file itself. */
311	7	init_parse_tree(&parse_tree, NULL, NULL, &ctx, NULL);
312	7	memset(&sudo_nss_fuzz, 0, sizeof(sudo_nss_fuzz));
313	7	sudo_nss_fuzz.parse_tree = &parse_tree;
314	7	sudo_nss_fuzz.query = sudo_fuzz_query;
315	7	TAILQ_INSERT_TAIL(&snl, &sudo_nss_fuzz, entries);
316
317		/* Initialize defaults and parse sudoers. */
318	7	init_defaults();
319	7	init_parser(&ctx, "sudoers");
320	7	sudoersrestart(fp);
321	7	sudoersparse();
322	7	reparent_parse_tree(&parse_tree);
323
324	7	if (!parse_error) {
325		/* Match user/host/command against parsed policy. */
326	10	for (ud = user_data; ud->user != NULL; ud++) {
327	8	int cmnd_status;
328
329		/* Invoking user. */
330	8	free(ctx.user.name);
331	8	ctx.user.name = strdup(ud->user);
332	8	if (ctx.user.name == NULL)
333	0	goto done;
334	8	if (ctx.user.pw != NULL)
335	6	sudo_pw_delref(ctx.user.pw);
336	8	ctx.user.pw = sudo_getpwnam(ctx.user.name);
337	8	if (ctx.user.pw == NULL) {
338	0	sudo_warnx_nodebug("unknown user %s", ctx.user.name);
339	0	continue;
340	0	}
341
342		/* Run user. */
343	8	if (ctx.runas.pw != NULL)
344	6	sudo_pw_delref(ctx.runas.pw);
345	8	if (ud->runuser != NULL) {
346	2	ctx.runas.user = (char *)ud->runuser;
347	2	SET(ctx.settings.flags, RUNAS_USER_SPECIFIED);
348	2	ctx.runas.pw = sudo_getpwnam(ctx.runas.user);
349	6	} else {
350	6	ctx.runas.user = NULL;
351	6	CLR(ctx.settings.flags, RUNAS_USER_SPECIFIED);
352	6	ctx.runas.pw = sudo_getpwnam("root");
353	6	}
354	8	if (ctx.runas.pw == NULL) {
355	0	sudo_warnx_nodebug("unknown run user %s", ctx.runas.user);
356	0	continue;
357	0	}
358
359		/* Run group. */
360	8	if (ctx.runas.gr != NULL)
361	2	sudo_gr_delref(ctx.runas.gr);
362	8	if (ud->rungroup != NULL) {
363	2	ctx.runas.group = (char *)ud->rungroup;
364	2	SET(ctx.settings.flags, RUNAS_GROUP_SPECIFIED);
365	2	ctx.runas.gr = sudo_getgrnam(ctx.runas.group);
366	2	if (ctx.runas.gr == NULL) {
367	0	sudo_warnx_nodebug("unknown run group %s",
368	0	ctx.runas.group);
369	0	continue;
370	0	}
371	6	} else {
372	6	ctx.runas.group = NULL;
373	6	CLR(ctx.settings.flags, RUNAS_GROUP_SPECIFIED);
374	6	ctx.runas.gr = NULL;
375	6	}
376
377	8	update_defaults(&ctx, &parse_tree, NULL, SETDEF_ALL, false);
378
379	8	sudoers_lookup(&snl, &ctx, now, NULL, NULL, &cmnd_status,
380	8	false);
381
382		/* Match again as a pseudo-command (list, validate, etc). */
383	8	sudoers_lookup(&snl, &ctx, now, NULL, NULL, &cmnd_status,
384	8	true);
385
386		/* Display privileges. */
387	8	display_privs(&ctx, &snl, ctx.user.pw, false);
388	8	display_privs(&ctx, &snl, ctx.user.pw, true);
389	8	}
390
391		/* Expand tildes in runcwd and runchroot. */
392	2	if (ctx.runas.pw != NULL) {
393	2	if (def_runcwd != NULL && strcmp(def_runcwd, "*") != 0) {
394	0	expand_tilde(&def_runcwd, ctx.runas.pw->pw_name);
395	0	}
396	2	if (def_runchroot != NULL && strcmp(def_runchroot, "*") != 0) {
397	0	expand_tilde(&def_runchroot, ctx.runas.pw->pw_name);
398	0	}
399	2	}
400
401		/* Check Defaults and aliases. */
402	2	check_defaults(&parse_tree, false);
403	2	check_aliases(&parse_tree, true, false, cb_unused);
404	2	}
405
406	7	done:
407		/* Cleanup. */
408	7	fclose(fp);
409	7	free_parse_tree(&parse_tree);
410	7	reset_parser();
411	7	sudoers_ctx_free(&ctx);
412	7	sudo_freepwcache();
413	7	sudo_freegrcache();
414	7	sudoers_setlocale(SUDOERS_LOCALE_USER, NULL);
415	7	sudoers_debug_deregister();
416	7	fflush(stdout);
417
418	7	return 0;
419	7	}