sudo/plugins/sudoers/alias.c

/*
 * SPDX-License-Identifier: ISC
 *
 * Copyright (c) 2004-2005, 2007-2021, 2023
 *	Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
 */

/*
 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
 */

#include <config.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#include <sudoers.h>
#include <redblack.h>
#include <gram.h>

/*
 * Comparison function for the red-black tree.
 * Aliases are sorted by name with the type used as a tie-breaker.
 */
static int
alias_compare(const void *v1, const void *v2)
{
    const struct alias *a1 = (const struct alias *)v1;
    const struct alias *a2 = (const struct alias *)v2;
    int res;
    debug_decl(alias_compare, SUDOERS_DEBUG_ALIAS);

    if (a1 == NULL)
	res = -1;
    else if (a2 == NULL)
	res = 1;
    else if ((res = strcmp(a1->name, a2->name)) == 0)
	res = a1->type - a2->type;
    debug_return_int(res);
}

/*
 * Search the tree for an alias with the specified name and type.
 * Returns a pointer to the alias structure or NULL if not found.
 * Caller is responsible for calling alias_put() on the returned
 * alias to mark it as unused.
 */
struct alias *
alias_get(const struct sudoers_parse_tree *parse_tree, const char *name,
    short type)
{
    struct alias key;
    struct rbnode *node;
    struct alias *a = NULL;
    debug_decl(alias_get, SUDOERS_DEBUG_ALIAS);

    if (parse_tree->aliases == NULL)
	debug_return_ptr(NULL);

    key.name = (char *)name;
    key.type = type;
    if ((node = rbfind(parse_tree->aliases, &key)) != NULL) {
	/*
	 * Check whether this alias is already in use.
	 * If so, we've detected a loop.  If not, set the flag,
	 * which the caller should clear with a call to alias_put().
	 */
	a = node->data;
	if (a->used) {
	    errno = ELOOP;
	    debug_return_ptr(NULL);
	}
	a->used = true;
    } else {
	errno = ENOENT;
    }
    debug_return_ptr(a);
}

/*
 * Clear the "used" flag in an alias once the caller is done with it.
 */
void
alias_put(struct alias *a)
{
    debug_decl(alias_put, SUDOERS_DEBUG_ALIAS);
    a->used = false;
    debug_return;
}

/*
 * Add an alias to the aliases redblack tree.
 * Note that "file" must be a reference-counted string.
 * Returns true on success and false on failure, setting errno.
 */
bool
alias_add(struct sudoers_parse_tree *parse_tree, char *name,
    short type, char *file, int line, int column,
    struct member *members)
{
    struct alias *a;
    debug_decl(alias_add, SUDOERS_DEBUG_ALIAS);

    if (parse_tree->aliases == NULL) {
	if ((parse_tree->aliases = alloc_aliases()) == NULL)
	    debug_return_bool(false);
    }

    a = calloc(1, sizeof(*a));
    if (a == NULL)
	debug_return_bool(false);

    /* Only set elements used by alias_compare() in case there is a dupe. */
    a->name = name;
    a->type = type;
    switch (rbinsert(parse_tree->aliases, a, NULL)) {
    case 1:
	free(a);
	errno = EEXIST;
	debug_return_bool(false);
    case -1:
	free(a);
	debug_return_bool(false);
    }

    /*
     * It is now safe to fill in the rest of the alias.  We do this last
     * since it modifies "file" (adds a ref) and "members" (tailq conversion).
     */
    /* a->used = false; */
    a->file = sudo_rcstr_addref(file);
    a->line = line;
    a->column = column;
    HLTQ_TO_TAILQ(&a->members, members, entries);
    debug_return_bool(true);
}

/*
 * Closure to adapt 2-arg rbapply() to 3-arg alias_apply().
 */
struct alias_apply_closure {
    struct sudoers_parse_tree *parse_tree;
    int (*func)(struct sudoers_parse_tree *, struct alias *, void *);
    void *cookie;
};

/* Adapt rbapply() to alias_apply() calling convention. */
static int
alias_apply_func(void *v1, void *v2)
{
    struct alias *a = v1;
    struct alias_apply_closure *closure = v2;

    return closure->func(closure->parse_tree, a, closure->cookie);
}

/*
 * Apply a function to each alias entry and pass in a cookie.
 */
bool
alias_apply(struct sudoers_parse_tree *parse_tree,
    int (*func)(struct sudoers_parse_tree *, struct alias *, void *),
    void *cookie)
{
    struct alias_apply_closure closure;
    bool ret = true;
    debug_decl(alias_apply, SUDOERS_DEBUG_ALIAS);

    if (parse_tree->aliases != NULL) {
	closure.parse_tree = parse_tree;
	closure.func = func;
	closure.cookie = cookie;
	if (rbapply(parse_tree->aliases, alias_apply_func, &closure, inorder) != 0)
	    ret = false;
    }

    debug_return_bool(ret);
}

/*
 * Returns true if there are no aliases in the parse_tree, else false.
 */
bool
no_aliases(const struct sudoers_parse_tree *parse_tree)
{
    debug_decl(no_aliases, SUDOERS_DEBUG_ALIAS);
    debug_return_bool(parse_tree->aliases == NULL ||
	rbisempty(parse_tree->aliases));
}

/*
 * Free memory used by an alias struct and its members.
 */
void
alias_free(void *v)
{
    struct alias *a = (struct alias *)v;
    debug_decl(alias_free, SUDOERS_DEBUG_ALIAS);

    if (a != NULL) {
	free(a->name);
	sudo_rcstr_delref(a->file);
	free_members(&a->members);
	free(a);
    }

    debug_return;
}

/*
 * Find the named alias, remove it from the tree and return it.
 */
struct alias *
alias_remove(struct sudoers_parse_tree *parse_tree, const char *name,
    short type)
{
    struct rbnode *node;
    struct alias key;
    debug_decl(alias_remove, SUDOERS_DEBUG_ALIAS);

    if (parse_tree->aliases != NULL) {
	key.name = (char *)name;
	key.type = type;
	if ((node = rbfind(parse_tree->aliases, &key)) != NULL)
	    debug_return_ptr(rbdelete(parse_tree->aliases, node));
    }
    errno = ENOENT;
    debug_return_ptr(NULL);
}

struct rbtree *
alloc_aliases(void)
{
    debug_decl(alloc_aliases, SUDOERS_DEBUG_ALIAS);

    debug_return_ptr(rbcreate(alias_compare));
}

void
free_aliases(struct rbtree *aliases)
{
    debug_decl(free_aliases, SUDOERS_DEBUG_ALIAS);

    if (aliases != NULL)
	rbdestroy(aliases, alias_free);
}

const char *
alias_type_to_string(short alias_type)
{
    return alias_type == HOSTALIAS ? "Host_Alias" :
	alias_type == CMNDALIAS ? "Cmnd_Alias" :
	alias_type == USERALIAS ? "User_Alias" :
	alias_type == RUNASALIAS ? "Runas_Alias" :
	"Invalid_Alias";
}

/*
 * Remove the alias of the specified type as well as any other aliases
 * referenced by that alias.  Stores removed aliases in a freelist.
 */
static bool
alias_remove_recursive(struct sudoers_parse_tree *parse_tree, char *name,
    short type, struct rbtree *freelist)
{
    struct member *m;
    struct alias *a;
    bool ret = true;
    debug_decl(alias_remove_recursive, SUDOERS_DEBUG_ALIAS);

    if ((a = alias_remove(parse_tree, name, type)) != NULL) {
	TAILQ_FOREACH(m, &a->members, entries) {
	    if (m->type == ALIAS) {
		if (!alias_remove_recursive(parse_tree, m->name, type, freelist))
		    ret = false;
	    }
	}
	if (rbinsert(freelist, a, NULL) != 0)
	    ret = false;
    }
    debug_return_bool(ret);
}

static int
alias_find_used_members(struct sudoers_parse_tree *parse_tree,
    struct member_list *members, short atype, struct rbtree *used_aliases)
{
    struct member *m;
    int errors = 0;
    debug_decl(alias_find_used_members, SUDOERS_DEBUG_ALIAS);

    if (members != NULL) {
	TAILQ_FOREACH(m, members, entries) {
	    if (m->type != ALIAS)
		continue;
	    if (!alias_remove_recursive(parse_tree, m->name, atype, used_aliases))
		errors++;
	}
    }

    debug_return_int(errors);
}

/*
 * Move all aliases referenced by userspecs to used_aliases.
 */
bool
alias_find_used(struct sudoers_parse_tree *parse_tree, struct rbtree *used_aliases)
{
    struct privilege *priv;
    struct userspec *us;
    struct cmndspec *cs;
    struct defaults *d;
    struct member *m;
    int errors = 0;
    debug_decl(alias_find_used, SUDOERS_DEBUG_ALIAS);

    /* Move referenced aliases to used_aliases. */
    TAILQ_FOREACH(us, &parse_tree->userspecs, entries) {
	errors += alias_find_used_members(parse_tree, &us->users,
	    USERALIAS, used_aliases);
	TAILQ_FOREACH(priv, &us->privileges, entries) {
	    errors += alias_find_used_members(parse_tree, &priv->hostlist,
		HOSTALIAS, used_aliases);
	    TAILQ_FOREACH(cs, &priv->cmndlist, entries) {
		errors += alias_find_used_members(parse_tree, cs->runasuserlist,
		    RUNASALIAS, used_aliases);
		errors += alias_find_used_members(parse_tree, cs->runasgrouplist,
		    RUNASALIAS, used_aliases);
		if ((m = cs->cmnd)->type == ALIAS) {
		    if (!alias_remove_recursive(parse_tree, m->name, CMNDALIAS,
			used_aliases))
			errors++;
		}
	    }
	}
    }
    TAILQ_FOREACH(d, &parse_tree->defaults, entries) {
	switch (d->type) {
	    case DEFAULTS_HOST:
		errors += alias_find_used_members(parse_tree,
		    &d->binding->members, HOSTALIAS, used_aliases);
		break;
	    case DEFAULTS_USER:
		errors += alias_find_used_members(parse_tree,
		    &d->binding->members, USERALIAS, used_aliases);
		break;
	    case DEFAULTS_RUNAS:
		errors += alias_find_used_members(parse_tree,
		    &d->binding->members, RUNASALIAS, used_aliases);
		break;
	    case DEFAULTS_CMND:
		errors += alias_find_used_members(parse_tree,
		    &d->binding->members, CMNDALIAS, used_aliases);
		break;
	    default:
		break;
	}
    }

    debug_return_bool(errors ? false : true);
}