2 * Copyright (c) 1996, 1998-2005, 2007-2011
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 * Lock the sudoers file for safe editing (ala vipw) and check for parse errors.
34 #include <sys/types.h>
35 #include <sys/param.h>
37 #include <sys/socket.h>
40 # include <sys/file.h>
51 #endif /* STDC_HEADERS */
54 #endif /* HAVE_STRING_H */
57 #endif /* HAVE_STRINGS_H */
60 #endif /* HAVE_UNISTD_H */
68 #include <netinet/in.h>
69 #include <arpa/inet.h>
71 #if TIME_WITH_SYS_TIME
79 #include "interfaces.h"
83 #include "sudoers_version.h"
87 struct sudoersfile *prev, *next;
94 TQ_DECLARE(sudoersfile)
99 static void quit(int);
100 static char *get_args(char *);
101 static char *get_editor(char **);
102 static void get_hostname(void);
103 static char whatnow(void);
104 static int check_aliases(int, int);
105 static int check_syntax(char *, int, int);
106 static int edit_sudoers(struct sudoersfile *, char *, char *, int);
107 static int install_sudoers(struct sudoersfile *, int);
108 static int print_unused(void *, void *);
109 static int reparse_sudoers(char *, char *, int, int);
110 static int run_command(char *, char **);
111 static int visudo_printf(int msg_type, const char *fmt, ...);
112 static void setup_signals(void);
113 static void help(void) __attribute__((__noreturn__));
114 static void usage(int);
118 extern void yyerror(const char *);
119 extern void yyrestart(FILE *);
122 * External globals exported by the parser
124 extern struct rbtree *aliases;
126 extern char *sudoers, *errorfile;
127 extern int errorlineno, parse_error;
135 struct interface *interfaces;
136 struct sudo_user sudo_user;
137 struct passwd *list_pw;
138 sudo_printf_t sudo_printf = visudo_printf;
139 static struct sudoersfile_list sudoerslist;
140 static struct rbtree *alias_freelist;
143 main(int argc, char *argv[])
145 struct sudoersfile *sp;
146 char *args, *editor, *sudoers_path;
147 int ch, checkonly, quiet, strict, oldperms;
148 #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
149 extern char *malloc_options;
150 malloc_options = "AFGJPR";
153 #if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
154 setprogname(argc > 0 ? argv[0] : "visudo");
157 #ifdef HAVE_SETLOCALE
158 setlocale(LC_ALL, "");
160 bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */
161 textdomain("sudoers");
169 checkonly = oldperms = quiet = strict = FALSE;
170 sudoers_path = _PATH_SUDOERS;
171 while ((ch = getopt(argc, argv, "Vcf:sq")) != -1) {
174 (void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION);
175 (void) printf(_("%s grammar version %d\n"), getprogname(), SUDOERS_GRAMMAR_VERSION);
178 checkonly++; /* check mode */
181 sudoers_path = optarg; /* sudoers file path */
188 strict++; /* strict mode */
191 quiet++; /* quiet mode */
205 /* Mock up a fake sudo_user struct. */
207 if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
208 errorx(1, _("you do not exist in the %s database"), "passwd");
211 /* Setup defaults data structures. */
215 exit(check_syntax(sudoers_path, quiet, strict));
218 * Parse the existing sudoers file(s) in quiet mode to highlight any
219 * existing errors and to pull in editor and env_editor conf values.
221 if ((yyin = open_sudoers(sudoers_path, TRUE, NULL)) == NULL) {
222 error(1, "%s", sudoers_path);
224 init_parser(sudoers_path, 0);
226 (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER);
228 editor = get_editor(&args);
230 /* Install signal handlers to clean up temp files if we are killed. */
233 /* Edit the sudoers file(s) */
234 tq_foreach_fwd(&sudoerslist, sp) {
237 if (sp != tq_first(&sudoerslist)) {
238 printf(_("press return to edit %s: "), sp->path);
239 while ((ch = getchar()) != EOF && ch != '\n')
242 edit_sudoers(sp, editor, args, -1);
245 /* Check edited files for a parse error and re-edit any that fail. */
246 reparse_sudoers(editor, args, strict, quiet);
248 /* Install the sudoers temp files. */
249 tq_foreach_fwd(&sudoerslist, sp) {
251 (void) unlink(sp->tpath);
253 (void) install_sudoers(sp, oldperms);
260 * Edit each sudoers file.
261 * Returns TRUE on success, else FALSE.
264 edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
266 int tfd; /* sudoers temp file descriptor */
267 int modified; /* was the file modified? */
268 int ac; /* argument count */
269 char **av; /* argument vector for run_command */
270 char *cp; /* scratch char pointer */
271 char buf[PATH_MAX*2]; /* buffer used for copying files */
272 char linestr[64]; /* string version of lineno */
273 struct timeval tv, tv1, tv2; /* time before and after edit */
274 struct timeval orig_mtim; /* starting mtime of sudoers file */
275 off_t orig_size; /* starting size of sudoers file */
276 ssize_t nread; /* number of bytes read */
277 struct stat sb; /* stat buffer */
280 if (fstat(sp->fd, &sb) == -1)
282 if (stat(sp->path, &sb) == -1)
284 error(1, _("unable to stat %s"), sp->path);
285 orig_size = sb.st_size;
286 mtim_get(&sb, &orig_mtim);
288 /* Create the temp file if needed and set timestamp. */
289 if (sp->tpath == NULL) {
290 easprintf(&sp->tpath, "%s.tmp", sp->path);
291 tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600);
293 error(1, "%s", sp->tpath);
295 /* Copy sp->path -> sp->tpath and reset the mtime. */
296 if (orig_size != 0) {
297 (void) lseek(sp->fd, (off_t)0, SEEK_SET);
298 while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
299 if (write(tfd, buf, nread) != nread)
300 error(1, _("write error"));
302 /* Add missing newline at EOF if needed. */
303 if (nread > 0 && buf[nread - 1] != '\n') {
305 if (write(tfd, buf, 1) != 1)
306 error(1, _("write error"));
311 (void) touch(-1, sp->tpath, &orig_mtim);
313 /* Find the length of the argument vector */
314 ac = 3 + (lineno > 0);
319 for (wasblank = FALSE, cp = args; *cp; cp++) {
320 if (isblank((unsigned char) *cp))
329 /* Build up argument vector for the command */
330 av = emalloc2(ac, sizeof(char *));
331 if ((av[0] = strrchr(editor, '/')) != NULL)
337 (void) snprintf(linestr, sizeof(linestr), "+%d", lineno);
341 for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
344 av[ac++] = sp->tpath;
349 * We cannot check the editor's exit value against 0 since
350 * XPG4 specifies that vi's exit value is a function of the
351 * number of errors during editing (?!?!).
353 gettimeofday(&tv1, NULL);
354 if (run_command(editor, av) != -1) {
355 gettimeofday(&tv2, NULL);
359 if (stat(sp->tpath, &sb) < 0) {
360 warningx(_("unable to stat temporary file (%s), %s unchanged"),
361 sp->tpath, sp->path);
364 if (sb.st_size == 0 && orig_size != 0) {
365 warningx(_("zero length temporary file (%s), %s unchanged"),
366 sp->tpath, sp->path);
371 warningx(_("editor (%s) failed, %s unchanged"), editor, sp->path);
375 /* Set modified bit if use changed the file. */
378 if (orig_size == sb.st_size && timevalcmp(&orig_mtim, &tv, ==)) {
380 * If mtime and size match but the user spent no measurable
381 * time in the editor we can't tell if the file was changed.
383 timevalsub(&tv1, &tv2);
384 if (timevalisset(&tv2))
389 * If modified in this edit session, mark as modified.
392 sp->modified = modified;
394 warningx(_("%s unchanged"), sp->tpath);
400 * Parse sudoers after editing and re-edit any ones that caused a parse error.
401 * Returns TRUE on success, else FALSE.
404 reparse_sudoers(char *editor, char *args, int strict, int quiet)
406 struct sudoersfile *sp, *last;
411 * Parse the edited sudoers files and do sanity checking
414 sp = tq_first(&sudoerslist);
415 last = tq_last(&sudoerslist);
416 fp = fopen(sp->tpath, "r+");
418 errorx(1, _("unable to re-open temporary file (%s), %s unchanged."),
419 sp->tpath, sp->path);
421 /* Clean slate for each parse */
423 init_parser(sp->path, quiet);
425 /* Parse the sudoers temp file */
427 if (yyparse() && !parse_error) {
428 warningx(_("unabled to parse temporary file (%s), unknown error"),
431 errorfile = sp->path;
435 if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER) ||
436 check_aliases(strict, quiet) != 0) {
438 errorfile = sp->path;
443 * Got an error, prompt the user for what to do now
447 case 'Q' : parse_error = FALSE; /* ignore parse error */
449 case 'x' : cleanup(0);
455 /* Edit file with the parse error */
456 tq_foreach_fwd(&sudoerslist, sp) {
457 if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
458 edit_sudoers(sp, editor, args, errorlineno);
463 errorx(1, _("internal error, unable to find %s in list!"),
468 /* If any new #include directives were added, edit them too. */
469 for (sp = last->next; sp != NULL; sp = sp->next) {
470 printf(_("press return to edit %s: "), sp->path);
471 while ((ch = getchar()) != EOF && ch != '\n')
473 edit_sudoers(sp, editor, args, errorlineno);
475 } while (parse_error);
481 * Set the owner and mode on a sudoers temp file and
482 * move it into place. Returns TRUE on success, else FALSE.
485 install_sudoers(struct sudoersfile *sp, int oldperms)
490 * Change mode and ownership of temp file so when
491 * we move it to sp->path things are kosher.
494 /* Use perms of the existing file. */
496 if (fstat(sp->fd, &sb) == -1)
498 if (stat(sp->path, &sb) == -1)
500 error(1, _("unable to stat %s"), sp->path);
501 if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
502 warning(_("unable to set (uid, gid) of %s to (%d, %d)"),
503 sp->tpath, sb.st_uid, sb.st_gid);
505 if (chmod(sp->tpath, sb.st_mode & 0777) != 0) {
506 warning(_("unable to change mode of %s to 0%o"), sp->tpath,
507 (sb.st_mode & 0777));
510 if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
511 warning(_("unable to set (uid, gid) of %s to (%d, %d)"),
512 sp->tpath, SUDOERS_UID, SUDOERS_GID);
515 if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
516 warning(_("unable to change mode of %s to 0%o"), sp->tpath,
523 * Now that sp->tpath is sane (parses ok) it needs to be
524 * rename(2)'d to sp->path. If the rename(2) fails we try using
525 * mv(1) in case sp->tpath and sp->path are on different file systems.
527 if (rename(sp->tpath, sp->path) == 0) {
531 if (errno == EXDEV) {
533 warningx(_("%s and %s not on the same file system, using mv to rename"),
534 sp->tpath, sp->path);
536 /* Build up argument vector for the command */
537 if ((av[0] = strrchr(_PATH_MV, '/')) != NULL)
546 if (run_command(_PATH_MV, av)) {
547 warningx(_("command failed: '%s %s %s', %s unchanged"),
548 _PATH_MV, sp->tpath, sp->path, sp->path);
549 (void) unlink(sp->tpath);
557 warning(_("error renaming %s, %s unchanged"), sp->tpath, sp->path);
558 (void) unlink(sp->tpath);
602 group_plugin_query(const char *user, const char *group, const struct passwd *pw)
608 * Assuming a parse error occurred, prompt the user for what they want
609 * to do now. Returns the first letter of their choice.
617 (void) fputs(_("What now? "), stdout);
619 for (c = choice; c != '\n' && c != EOF;)
631 (void) puts(_("Options are:\n"
632 " (e)dit sudoers file again\n"
633 " e(x)it without saving changes to sudoers file\n"
634 " (Q)uit and save changes to sudoers file (DANGER!)\n"));
640 * Install signal handlers for visudo.
648 * Setup signal handlers to cleanup nicely.
650 zero_bytes(&sa, sizeof(sa));
651 sigemptyset(&sa.sa_mask);
652 sa.sa_flags = SA_RESTART;
653 sa.sa_handler = quit;
654 (void) sigaction(SIGTERM, &sa, NULL);
655 (void) sigaction(SIGHUP, &sa, NULL);
656 (void) sigaction(SIGINT, &sa, NULL);
657 (void) sigaction(SIGQUIT, &sa, NULL);
661 run_command(char *path, char **argv)
666 switch (pid = fork()) {
668 error(1, _("unable to execute %s"), path);
669 break; /* NOTREACHED */
673 closefrom(STDERR_FILENO + 1);
675 warning(_("unable to run %s"), path);
677 break; /* NOTREACHED */
681 rv = waitpid(pid, &status, 0);
682 } while (rv == -1 && errno == EINTR);
684 if (rv == -1 || !WIFEXITED(status))
686 return WEXITSTATUS(status);
690 check_syntax(char *sudoers_path, int quiet, int strict)
695 if (strcmp(sudoers_path, "-") == 0) {
697 sudoers_path = "stdin";
698 } else if ((yyin = fopen(sudoers_path, "r")) == NULL) {
700 warning(_("unable to open %s"), sudoers_path);
703 init_parser(sudoers_path, quiet);
704 if (yyparse() && !parse_error) {
706 warningx(_("failed to parse %s file, unknown error"), sudoers_path);
708 errorfile = sudoers_path;
710 if (!parse_error && check_aliases(strict, quiet) != 0) {
712 errorfile = sudoers_path;
717 if (errorlineno != -1)
718 (void) printf(_("parse error in %s near line %d\n"),
719 errorfile, errorlineno);
721 (void) printf(_("parse error in %s\n"), errorfile);
723 (void) printf(_("%s: parsed OK\n"), sudoers_path);
726 /* Check mode and owner in strict mode. */
728 if (strict && yyin != stdin && fstat(fileno(yyin), &sb) == 0)
730 if (strict && yyin != stdin && stat(sudoers_path, &sb) == 0)
733 if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) {
737 _("%s: wrong owner (uid, gid) should be (%d, %d)\n"),
738 sudoers_path, SUDOERS_UID, SUDOERS_GID);
741 if ((sb.st_mode & 07777) != SUDOERS_MODE) {
744 fprintf(stderr, _("%s: bad permissions, should be mode 0%o\n"),
745 sudoers_path, SUDOERS_MODE);
754 * Used to open (and lock) the initial sudoers file and to also open
755 * any subsequent files #included via a callback from the parser.
758 open_sudoers(const char *path, int doedit, int *keepopen)
760 struct sudoersfile *entry;
763 /* Check for existing entry */
764 tq_foreach_fwd(&sudoerslist, entry) {
765 if (strcmp(path, entry->path) == 0)
769 entry = emalloc(sizeof(*entry));
770 entry->path = estrdup(path);
774 entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE);
776 entry->doedit = doedit;
777 if (entry->fd == -1) {
778 warning("%s", entry->path);
782 if (!lock_file(entry->fd, SUDO_TLOCK))
783 errorx(1, _("%s busy, try again later"), entry->path);
784 if ((fp = fdopen(entry->fd, "r")) == NULL)
785 error(1, "%s", entry->path);
786 tq_append(&sudoerslist, entry);
788 /* Already exists, open .tmp version if there is one. */
789 if (entry->tpath != NULL) {
790 if ((fp = fopen(entry->tpath, "r")) == NULL)
791 error(1, "%s", entry->tpath);
793 if ((fp = fdopen(entry->fd, "r")) == NULL)
794 error(1, "%s", entry->path);
798 if (keepopen != NULL)
804 get_editor(char **args)
806 char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs;
809 * Check VISUAL and EDITOR environment variables to see which editor
810 * the user wants to use (we may not end up using it though).
811 * If the path is not fully-qualified, make it so and check that
812 * the specified executable actually exists.
814 UserEditorArgs = NULL;
815 if ((UserEditor = getenv("VISUAL")) == NULL || *UserEditor == '\0')
816 UserEditor = getenv("EDITOR");
817 if (UserEditor && *UserEditor == '\0')
819 else if (UserEditor) {
820 UserEditorArgs = get_args(UserEditor);
821 if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) {
824 if (def_env_editor) {
825 /* If we are honoring $EDITOR this is a fatal error. */
826 errorx(1, _("specified editor (%s) doesn't exist"), UserEditor);
828 /* Otherwise, just ignore $EDITOR. */
835 * See if we can use the user's choice of editors either because
836 * we allow any $EDITOR or because $EDITOR is in the allowable list.
838 Editor = EditorArgs = EditorPath = NULL;
839 if (def_env_editor && UserEditor) {
841 EditorArgs = UserEditorArgs;
842 } else if (UserEditor) {
843 struct stat editor_sb;
844 struct stat user_editor_sb;
845 char *base, *userbase;
847 if (stat(UserEditor, &user_editor_sb) != 0) {
848 /* Should never happen since we already checked above. */
849 error(1, _("unable to stat editor (%s)"), UserEditor);
851 EditorPath = estrdup(def_editor);
852 Editor = strtok(EditorPath, ":");
854 EditorArgs = get_args(Editor);
856 * Both Editor and UserEditor should be fully qualified but
859 if ((base = strrchr(Editor, '/')) == NULL)
861 if ((userbase = strrchr(UserEditor, '/')) == NULL) {
868 * We compare the basenames first and then use stat to match
871 if (strcmp(base, userbase) == 0) {
872 if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode)
873 && (editor_sb.st_mode & 0000111) &&
874 editor_sb.st_dev == user_editor_sb.st_dev &&
875 editor_sb.st_ino == user_editor_sb.st_ino)
878 } while ((Editor = strtok(NULL, ":")));
882 * Can't use $EDITOR, try each element of def_editor until we
883 * find one that exists, is regular, and is executable.
885 if (Editor == NULL || *Editor == '\0') {
887 EditorPath = estrdup(def_editor);
888 Editor = strtok(EditorPath, ":");
890 EditorArgs = get_args(Editor);
891 if (sudo_goodpath(Editor, NULL))
893 } while ((Editor = strtok(NULL, ":")));
895 /* Bleah, none of the editors existed! */
896 if (Editor == NULL || *Editor == '\0')
897 errorx(1, _("no editor found (editor path = %s)"), def_editor);
904 * Split out any command line arguments and return them.
912 while (*args && !isblank((unsigned char) *args))
916 while (*args && isblank((unsigned char) *args))
919 return *args ? args : NULL;
923 * Look up the hostname and set user_host and user_shost.
928 char *p, thost[MAXHOSTNAMELEN + 1];
930 if (gethostname(thost, sizeof(thost)) != 0) {
931 user_host = user_shost = "localhost";
934 thost[sizeof(thost) - 1] = '\0';
935 user_host = estrdup(thost);
937 if ((p = strchr(user_host, '.'))) {
939 user_shost = estrdup(user_host);
942 user_shost = user_host;
947 alias_remove_recursive(char *name, int type, int strict, int quiet)
953 if ((a = alias_find(name, type)) != NULL) {
954 tq_foreach_fwd(&a->members, m) {
955 if (m->type == ALIAS) {
956 if (!alias_remove_recursive(m->name, type, strict, quiet))
962 a = alias_remove(name, type);
964 rbinsert(alias_freelist, a);
969 check_alias(char *name, int type, int strict, int quiet)
975 if ((a = alias_find(name, type)) != NULL) {
976 /* check alias contents */
977 tq_foreach_fwd(&a->members, m) {
978 if (m->type == ALIAS)
979 error += check_alias(m->name, type, strict, quiet);
984 if (errno == ELOOP) {
986 _("Error: cycle in %s_Alias `%s'") :
987 _("Warning: cycle in %s_Alias `%s'");
990 _("Error: %s_Alias `%s' referenced but not defined") :
991 _("Warning: %s_Alias `%s' referenced but not defined");
994 type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" :
995 type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" :
1005 * Iterate through the sudoers datastructures looking for undefined
1006 * aliases or unused aliases.
1009 check_aliases(int strict, int quiet)
1011 struct cmndspec *cs;
1012 struct member *m, *binding;
1013 struct privilege *priv;
1014 struct userspec *us;
1016 int atype, error = 0;
1018 alias_freelist = rbcreate(alias_compare);
1020 /* Forward check. */
1021 tq_foreach_fwd(&userspecs, us) {
1022 tq_foreach_fwd(&us->users, m) {
1023 if (m->type == ALIAS) {
1025 error += check_alias(m->name, USERALIAS, strict, quiet);
1028 tq_foreach_fwd(&us->privileges, priv) {
1029 tq_foreach_fwd(&priv->hostlist, m) {
1030 if (m->type == ALIAS) {
1032 error += check_alias(m->name, HOSTALIAS, strict, quiet);
1035 tq_foreach_fwd(&priv->cmndlist, cs) {
1036 tq_foreach_fwd(&cs->runasuserlist, m) {
1037 if (m->type == ALIAS) {
1039 error += check_alias(m->name, RUNASALIAS, strict, quiet);
1042 if ((m = cs->cmnd)->type == ALIAS) {
1044 error += check_alias(m->name, CMNDALIAS, strict, quiet);
1050 /* Reverse check (destructive) */
1051 tq_foreach_fwd(&userspecs, us) {
1052 tq_foreach_fwd(&us->users, m) {
1053 if (m->type == ALIAS) {
1055 if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet))
1059 tq_foreach_fwd(&us->privileges, priv) {
1060 tq_foreach_fwd(&priv->hostlist, m) {
1061 if (m->type == ALIAS) {
1063 if (!alias_remove_recursive(m->name, HOSTALIAS, strict,
1068 tq_foreach_fwd(&priv->cmndlist, cs) {
1069 tq_foreach_fwd(&cs->runasuserlist, m) {
1070 if (m->type == ALIAS) {
1072 if (!alias_remove_recursive(m->name, RUNASALIAS,
1077 if ((m = cs->cmnd)->type == ALIAS) {
1079 if (!alias_remove_recursive(m->name, CMNDALIAS, strict,
1086 tq_foreach_fwd(&defaults, d) {
1094 case DEFAULTS_RUNAS:
1101 continue; /* not an alias */
1103 tq_foreach_fwd(&d->binding, binding) {
1104 for (m = binding; m != NULL; m = m->next) {
1105 if (m->type == ALIAS) {
1107 if (!alias_remove_recursive(m->name, atype, strict, quiet))
1113 rbdestroy(alias_freelist, alias_free);
1115 /* If all aliases were referenced we will have an empty tree. */
1116 if (!no_aliases() && !quiet)
1117 alias_apply(print_unused, strict ? "Error" : "Warning");
1119 return strict ? error : 0;
1123 print_unused(void *v1, void *v2)
1125 struct alias *a = (struct alias *)v1;
1126 char *prefix = (char *)v2;
1128 warningx(_("%s: unused %s_Alias %s"), prefix,
1129 a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" :
1130 a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" :
1131 "Unknown", a->name);
1136 * Unlink any sudoers temp files that remain.
1139 cleanup(int gotsignal)
1141 struct sudoersfile *sp;
1143 tq_foreach_fwd(&sudoerslist, sp) {
1144 if (sp->tpath != NULL)
1145 (void) unlink(sp->tpath);
1154 * Unlink sudoers temp files (if any) and exit.
1159 const char *signame, *myname;
1162 #define emsg " exiting due to signal: "
1163 myname = getprogname();
1164 signame = strsignal(signo);
1165 if (write(STDERR_FILENO, myname, strlen(myname)) == -1 ||
1166 write(STDERR_FILENO, emsg, sizeof(emsg) - 1) == -1 ||
1167 write(STDERR_FILENO, signame, strlen(signame)) == -1 ||
1168 write(STDERR_FILENO, "\n", 1) == -1)
1169 /* shut up glibc */;
1176 (void) fprintf(fatal ? stderr : stdout,
1177 "usage: %s [-chqsV] [-f sudoers]\n", getprogname());
1185 (void) printf(_("%s - safely edit the sudoers file\n\n"), getprogname());
1187 (void) puts(_("\nOptions:\n"
1188 " -c check-only mode\n"
1189 " -f sudoers specify sudoers file location\n"
1190 " -h display help message and exit\n"
1191 " -q less verbose (quiet) syntax error messages\n"
1192 " -s strict syntax checking\n"
1193 " -V display version information and exit"));
1198 visudo_printf(int msg_type, const char *fmt, ...)
1204 case SUDO_CONV_INFO_MSG:
1207 case SUDO_CONV_ERROR_MSG:
1216 vfprintf(fp, fmt, ap);