2 * Copyright (c) 1996, 1998-2005, 2007-2010
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 * Lock the sudoers file for safe editing (ala vipw) and check for parse errors.
34 #include <sys/types.h>
35 #include <sys/param.h>
37 #include <sys/socket.h>
40 # include <sys/file.h>
51 #endif /* STDC_HEADERS */
54 #endif /* HAVE_STRING_H */
57 #endif /* HAVE_STRINGS_H */
60 #endif /* HAVE_UNISTD_H */
67 #include <netinet/in.h>
68 #include <arpa/inet.h>
70 #if TIME_WITH_SYS_TIME
80 #include "interfaces.h"
86 struct sudoersfile *prev, *next;
93 TQ_DECLARE(sudoersfile)
98 static RETSIGTYPE quit __P((int));
99 static char *get_args __P((char *));
100 static char *get_editor __P((char **));
101 static void get_hostname __P((void));
102 static char whatnow __P((void));
103 static int check_aliases __P((int, int));
104 static int check_syntax __P((char *, int, int));
105 static int edit_sudoers __P((struct sudoersfile *, char *, char *, int));
106 static int install_sudoers __P((struct sudoersfile *, int));
107 static int print_unused __P((void *, void *));
108 static int reparse_sudoers __P((char *, char *, int, int));
109 static int run_command __P((char *, char **));
110 static void print_selfref __P((char *, int, int, int));
111 static void print_undefined __P((char *, int, int, int));
112 static void setup_signals __P((void));
113 static void help __P((void)) __attribute__((__noreturn__));
114 static void usage __P((int));
116 extern void yyerror __P((const char *));
117 extern void yyrestart __P((FILE *));
120 * External globals exported by the parser
122 extern struct rbtree *aliases;
124 extern char *sudoers, *errorfile;
125 extern int errorlineno, parse_error;
136 struct interface *interfaces;
137 struct sudo_user sudo_user;
138 struct passwd *list_pw;
139 static struct sudoersfile_list sudoerslist;
140 static struct rbtree *alias_freelist;
147 struct sudoersfile *sp;
148 char *args, *editor, *sudoers_path;
149 int ch, checkonly, quiet, strict, oldperms;
150 #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
151 extern char *malloc_options;
152 malloc_options = "AFGJPR";
156 if ((Argc = argc) < 1)
162 checkonly = oldperms = quiet = strict = FALSE;
163 sudoers_path = _PATH_SUDOERS;
164 while ((ch = getopt(argc, argv, "Vcf:hsq")) != -1) {
167 (void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION);
170 checkonly++; /* check mode */
173 sudoers_path = optarg; /* sudoers file path */
180 strict++; /* strict mode */
183 quiet++; /* quiet mode */
197 /* Mock up a fake sudo_user struct. */
199 if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
200 errorx(1, "you don't exist in the passwd database");
203 /* Setup defaults data structures. */
207 exit(check_syntax(sudoers_path, quiet, strict));
210 * Parse the existing sudoers file(s) in quiet mode to highlight any
211 * existing errors and to pull in editor and env_editor conf values.
213 if ((yyin = open_sudoers(sudoers_path, TRUE, NULL)) == NULL) {
214 error(1, "%s", sudoers_path);
216 init_parser(sudoers_path, 0);
218 (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER);
220 editor = get_editor(&args);
222 /* Install signal handlers to clean up temp files if we are killed. */
225 /* Edit the sudoers file(s) */
226 tq_foreach_fwd(&sudoerslist, sp) {
229 if (sp != tq_first(&sudoerslist)) {
230 printf("press return to edit %s: ", sp->path);
231 while ((ch = getchar()) != EOF && ch != '\n')
234 edit_sudoers(sp, editor, args, -1);
237 /* Check edited files for a parse error and re-edit any that fail. */
238 reparse_sudoers(editor, args, strict, quiet);
240 /* Install the sudoers temp files. */
241 tq_foreach_fwd(&sudoerslist, sp) {
243 (void) unlink(sp->tpath);
245 (void) install_sudoers(sp, oldperms);
252 * Edit each sudoers file.
253 * Returns TRUE on success, else FALSE.
256 edit_sudoers(sp, editor, args, lineno)
257 struct sudoersfile *sp;
261 int tfd; /* sudoers temp file descriptor */
262 int modified; /* was the file modified? */
263 int ac; /* argument count */
264 char **av; /* argument vector for run_command */
265 char *cp; /* scratch char pointer */
266 char buf[PATH_MAX*2]; /* buffer used for copying files */
267 char linestr[64]; /* string version of lineno */
268 struct timeval tv, tv1, tv2; /* time before and after edit */
269 struct timeval orig_mtim; /* starting mtime of sudoers file */
270 off_t orig_size; /* starting size of sudoers file */
271 ssize_t nread; /* number of bytes read */
272 struct stat sb; /* stat buffer */
275 if (fstat(sp->fd, &sb) == -1)
277 if (stat(sp->path, &sb) == -1)
279 error(1, "can't stat %s", sp->path);
280 orig_size = sb.st_size;
281 mtim_get(&sb, &orig_mtim);
283 /* Create the temp file if needed and set timestamp. */
284 if (sp->tpath == NULL) {
285 easprintf(&sp->tpath, "%s.tmp", sp->path);
286 tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600);
288 error(1, "%s", sp->tpath);
290 /* Copy sp->path -> sp->tpath and reset the mtime. */
291 if (orig_size != 0) {
292 (void) lseek(sp->fd, (off_t)0, SEEK_SET);
293 while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
294 if (write(tfd, buf, nread) != nread)
295 error(1, "write error");
297 /* Add missing newline at EOF if needed. */
298 if (nread > 0 && buf[nread - 1] != '\n') {
300 if (write(tfd, buf, 1) != 1)
301 error(1, "write error");
306 (void) touch(-1, sp->tpath, &orig_mtim);
308 /* Find the length of the argument vector */
309 ac = 3 + (lineno > 0);
314 for (wasblank = FALSE, cp = args; *cp; cp++) {
315 if (isblank((unsigned char) *cp))
324 /* Build up argument vector for the command */
325 av = emalloc2(ac, sizeof(char *));
326 if ((av[0] = strrchr(editor, '/')) != NULL)
332 (void) snprintf(linestr, sizeof(linestr), "+%d", lineno);
336 for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
339 av[ac++] = sp->tpath;
344 * We cannot check the editor's exit value against 0 since
345 * XPG4 specifies that vi's exit value is a function of the
346 * number of errors during editing (?!?!).
349 if (run_command(editor, av) != -1) {
354 if (stat(sp->tpath, &sb) < 0) {
355 warningx("cannot stat temporary file (%s), %s unchanged",
356 sp->tpath, sp->path);
359 if (sb.st_size == 0 && orig_size != 0) {
360 warningx("zero length temporary file (%s), %s unchanged",
361 sp->tpath, sp->path);
366 warningx("editor (%s) failed, %s unchanged", editor, sp->path);
370 /* Set modified bit if use changed the file. */
373 if (orig_size == sb.st_size && timevalcmp(&orig_mtim, &tv, ==)) {
375 * If mtime and size match but the user spent no measurable
376 * time in the editor we can't tell if the file was changed.
378 timevalsub(&tv1, &tv2);
379 if (timevalisset(&tv2))
384 * If modified in this edit session, mark as modified.
387 sp->modified = modified;
389 warningx("%s unchanged", sp->tpath);
395 * Parse sudoers after editing and re-edit any ones that caused a parse error.
396 * Returns TRUE on success, else FALSE.
399 reparse_sudoers(editor, args, strict, quiet)
403 struct sudoersfile *sp, *last;
408 * Parse the edited sudoers files and do sanity checking
411 sp = tq_first(&sudoerslist);
412 last = tq_last(&sudoerslist);
413 fp = fopen(sp->tpath, "r+");
415 errorx(1, "can't re-open temporary file (%s), %s unchanged.",
416 sp->tpath, sp->path);
418 /* Clean slate for each parse */
420 init_parser(sp->path, quiet);
422 /* Parse the sudoers temp file */
424 if (yyparse() && !parse_error) {
425 warningx("unabled to parse temporary file (%s), unknown error",
428 errorfile = sp->path;
432 if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER) ||
433 check_aliases(strict, quiet) != 0) {
435 errorfile = sp->path;
440 * Got an error, prompt the user for what to do now
444 case 'Q' : parse_error = FALSE; /* ignore parse error */
446 case 'x' : cleanup(0);
452 /* Edit file with the parse error */
453 tq_foreach_fwd(&sudoerslist, sp) {
454 if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
455 edit_sudoers(sp, editor, args, errorlineno);
460 errorx(1, "internal error, can't find %s in list!", sudoers);
463 /* If any new #include directives were added, edit them too. */
464 for (sp = last->next; sp != NULL; sp = sp->next) {
465 printf("press return to edit %s: ", sp->path);
466 while ((ch = getchar()) != EOF && ch != '\n')
468 edit_sudoers(sp, editor, args, errorlineno);
470 } while (parse_error);
476 * Set the owner and mode on a sudoers temp file and
477 * move it into place. Returns TRUE on success, else FALSE.
480 install_sudoers(sp, oldperms)
481 struct sudoersfile *sp;
487 * Change mode and ownership of temp file so when
488 * we move it to sp->path things are kosher.
491 /* Use perms of the existing file. */
493 if (fstat(sp->fd, &sb) == -1)
495 if (stat(sp->path, &sb) == -1)
497 error(1, "can't stat %s", sp->path);
498 if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
499 warning("unable to set (uid, gid) of %s to (%d, %d)",
500 sp->tpath, sb.st_uid, sb.st_gid);
502 if (chmod(sp->tpath, sb.st_mode & 0777) != 0) {
503 warning("unable to change mode of %s to 0%o", sp->tpath,
504 (sb.st_mode & 0777));
507 if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
508 warning("unable to set (uid, gid) of %s to (%d, %d)",
509 sp->tpath, SUDOERS_UID, SUDOERS_GID);
512 if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
513 warning("unable to change mode of %s to 0%o", sp->tpath,
520 * Now that sp->tpath is sane (parses ok) it needs to be
521 * rename(2)'d to sp->path. If the rename(2) fails we try using
522 * mv(1) in case sp->tpath and sp->path are on different file systems.
524 if (rename(sp->tpath, sp->path) == 0) {
528 if (errno == EXDEV) {
530 warningx("%s and %s not on the same file system, using mv to rename",
531 sp->tpath, sp->path);
533 /* Build up argument vector for the command */
534 if ((av[0] = strrchr(_PATH_MV, '/')) != NULL)
543 if (run_command(_PATH_MV, av)) {
544 warningx("command failed: '%s %s %s', %s unchanged",
545 _PATH_MV, sp->tpath, sp->path, sp->path);
546 (void) unlink(sp->tpath);
554 warning("error renaming %s, %s unchanged", sp->tpath, sp->path);
555 (void) unlink(sp->tpath);
599 const struct passwd *pw;
601 return pw->pw_passwd;
605 * Assuming a parse error occurred, prompt the user for what they want
606 * to do now. Returns the first letter of their choice.
614 (void) fputs("What now? ", stdout);
616 for (c = choice; c != '\n' && c != EOF;)
628 (void) puts("Options are:");
629 (void) puts(" (e)dit sudoers file again");
630 (void) puts(" e(x)it without saving changes to sudoers file");
631 (void) puts(" (Q)uit and save changes to sudoers file (DANGER!)\n");
637 * Install signal handlers for visudo.
645 * Setup signal handlers to cleanup nicely.
647 zero_bytes(&sa, sizeof(sa));
648 sigemptyset(&sa.sa_mask);
649 sa.sa_flags = SA_RESTART;
650 sa.sa_handler = quit;
651 (void) sigaction(SIGTERM, &sa, NULL);
652 (void) sigaction(SIGHUP, &sa, NULL);
653 (void) sigaction(SIGINT, &sa, NULL);
654 (void) sigaction(SIGQUIT, &sa, NULL);
658 run_command(path, argv)
665 switch (pid = fork()) {
667 error(1, "unable to run %s", path);
668 break; /* NOTREACHED */
672 closefrom(STDERR_FILENO + 1);
674 warning("unable to run %s", path);
676 break; /* NOTREACHED */
681 rv = sudo_waitpid(pid, &status, 0);
685 } while (rv == -1 && errno == EINTR);
687 if (rv == -1 || !WIFEXITED(status))
689 return WEXITSTATUS(status);
693 check_syntax(sudoers_path, quiet, strict)
701 if (strcmp(sudoers_path, "-") == 0) {
703 sudoers_path = "stdin";
704 } else if ((yyin = fopen(sudoers_path, "r")) == NULL) {
706 warning("unable to open %s", sudoers_path);
709 init_parser(sudoers_path, quiet);
710 if (yyparse() && !parse_error) {
712 warningx("failed to parse %s file, unknown error", sudoers_path);
714 errorfile = sudoers_path;
716 if (!parse_error && check_aliases(strict, quiet) != 0) {
718 errorfile = sudoers_path;
723 if (errorlineno != -1)
724 (void) printf("parse error in %s near line %d\n", errorfile,
727 (void) printf("parse error in %s\n", errorfile);
729 (void) printf("%s: parsed OK\n", sudoers_path);
732 /* Check mode and owner in strict mode. */
734 if (strict && yyin != stdin && fstat(fileno(yyin), &sb) == 0)
736 if (strict && yyin != stdin && stat(sudoers_path, &sb) == 0)
739 if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) {
742 fprintf(stderr, "%s: wrong owner (uid, gid) should be (%d, %d)\n",
743 sudoers_path, SUDOERS_UID, SUDOERS_GID);
746 if ((sb.st_mode & 07777) != SUDOERS_MODE) {
749 fprintf(stderr, "%s: bad permissions, should be mode 0%o\n",
750 sudoers_path, SUDOERS_MODE);
759 * Used to open (and lock) the initial sudoers file and to also open
760 * any subsequent files #included via a callback from the parser.
763 open_sudoers(path, doedit, keepopen)
768 struct sudoersfile *entry;
771 /* Check for existing entry */
772 tq_foreach_fwd(&sudoerslist, entry) {
773 if (strcmp(path, entry->path) == 0)
777 entry = emalloc(sizeof(*entry));
778 entry->path = estrdup(path);
782 entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE);
784 entry->doedit = doedit;
785 if (entry->fd == -1) {
786 warning("%s", entry->path);
790 if (!lock_file(entry->fd, SUDO_TLOCK))
791 errorx(1, "%s busy, try again later", entry->path);
792 if ((fp = fdopen(entry->fd, "r")) == NULL)
793 error(1, "%s", entry->path);
794 tq_append(&sudoerslist, entry);
796 /* Already exists, open .tmp version if there is one. */
797 if (entry->tpath != NULL) {
798 if ((fp = fopen(entry->tpath, "r")) == NULL)
799 error(1, "%s", entry->tpath);
801 if ((fp = fdopen(entry->fd, "r")) == NULL)
802 error(1, "%s", entry->path);
806 if (keepopen != NULL)
815 char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs;
818 * Check VISUAL and EDITOR environment variables to see which editor
819 * the user wants to use (we may not end up using it though).
820 * If the path is not fully-qualified, make it so and check that
821 * the specified executable actually exists.
823 UserEditorArgs = NULL;
824 if ((UserEditor = getenv("VISUAL")) == NULL || *UserEditor == '\0')
825 UserEditor = getenv("EDITOR");
826 if (UserEditor && *UserEditor == '\0')
828 else if (UserEditor) {
829 UserEditorArgs = get_args(UserEditor);
830 if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) {
833 if (def_env_editor) {
834 /* If we are honoring $EDITOR this is a fatal error. */
835 errorx(1, "specified editor (%s) doesn't exist!", UserEditor);
837 /* Otherwise, just ignore $EDITOR. */
844 * See if we can use the user's choice of editors either because
845 * we allow any $EDITOR or because $EDITOR is in the allowable list.
847 Editor = EditorArgs = EditorPath = NULL;
848 if (def_env_editor && UserEditor) {
850 EditorArgs = UserEditorArgs;
851 } else if (UserEditor) {
852 struct stat editor_sb;
853 struct stat user_editor_sb;
854 char *base, *userbase;
856 if (stat(UserEditor, &user_editor_sb) != 0) {
857 /* Should never happen since we already checked above. */
858 error(1, "unable to stat editor (%s)", UserEditor);
860 EditorPath = estrdup(def_editor);
861 Editor = strtok(EditorPath, ":");
863 EditorArgs = get_args(Editor);
865 * Both Editor and UserEditor should be fully qualified but
868 if ((base = strrchr(Editor, '/')) == NULL)
870 if ((userbase = strrchr(UserEditor, '/')) == NULL) {
877 * We compare the basenames first and then use stat to match
880 if (strcmp(base, userbase) == 0) {
881 if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode)
882 && (editor_sb.st_mode & 0000111) &&
883 editor_sb.st_dev == user_editor_sb.st_dev &&
884 editor_sb.st_ino == user_editor_sb.st_ino)
887 } while ((Editor = strtok(NULL, ":")));
891 * Can't use $EDITOR, try each element of def_editor until we
892 * find one that exists, is regular, and is executable.
894 if (Editor == NULL || *Editor == '\0') {
896 EditorPath = estrdup(def_editor);
897 Editor = strtok(EditorPath, ":");
899 EditorArgs = get_args(Editor);
900 if (sudo_goodpath(Editor, NULL))
902 } while ((Editor = strtok(NULL, ":")));
904 /* Bleah, none of the editors existed! */
905 if (Editor == NULL || *Editor == '\0')
906 errorx(1, "no editor found (editor path = %s)", def_editor);
913 * Split out any command line arguments and return them.
922 while (*args && !isblank((unsigned char) *args))
926 while (*args && isblank((unsigned char) *args))
929 return *args ? args : NULL;
933 * Look up the hostname and set user_host and user_shost.
938 char *p, thost[MAXHOSTNAMELEN + 1];
940 if (gethostname(thost, sizeof(thost)) != 0) {
941 user_host = user_shost = "localhost";
944 thost[sizeof(thost) - 1] = '\0';
945 user_host = estrdup(thost);
947 if ((p = strchr(user_host, '.'))) {
949 user_shost = estrdup(user_host);
952 user_shost = user_host;
957 alias_remove_recursive(name, type, strict, quiet)
967 if ((a = alias_find(name, type)) != NULL) {
968 tq_foreach_fwd(&a->members, m) {
969 if (m->type == ALIAS) {
970 if (strcmp(name, m->name) == 0) {
971 print_selfref(m->name, type, strict, quiet);
974 if (!alias_remove_recursive(m->name, type, strict, quiet))
981 a = alias_remove(name, type);
983 rbinsert(alias_freelist, a);
988 * Iterate through the sudoers datastructures looking for undefined
989 * aliases or unused aliases.
992 check_aliases(strict, quiet)
997 struct member *m, *binding;
998 struct privilege *priv;
1001 int atype, error = 0;
1003 alias_freelist = rbcreate(alias_compare);
1005 /* Forward check. */
1006 tq_foreach_fwd(&userspecs, us) {
1007 tq_foreach_fwd(&us->users, m) {
1008 if (m->type == ALIAS) {
1010 if (alias_find(m->name, USERALIAS) == NULL) {
1011 print_undefined(m->name, USERALIAS, strict, quiet);
1016 tq_foreach_fwd(&us->privileges, priv) {
1017 tq_foreach_fwd(&priv->hostlist, m) {
1018 if (m->type == ALIAS) {
1020 if (alias_find(m->name, HOSTALIAS) == NULL) {
1021 print_undefined(m->name, HOSTALIAS, strict, quiet);
1026 tq_foreach_fwd(&priv->cmndlist, cs) {
1027 tq_foreach_fwd(&cs->runasuserlist, m) {
1028 if (m->type == ALIAS) {
1030 if (alias_find(m->name, RUNASALIAS) == NULL) {
1031 print_undefined(m->name, RUNASALIAS, strict, quiet);
1036 if ((m = cs->cmnd)->type == ALIAS) {
1038 if (alias_find(m->name, CMNDALIAS) == NULL) {
1039 print_undefined(m->name, CMNDALIAS, strict, quiet);
1047 /* Reverse check (destructive) */
1048 tq_foreach_fwd(&userspecs, us) {
1049 tq_foreach_fwd(&us->users, m) {
1050 if (m->type == ALIAS) {
1051 if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet))
1055 tq_foreach_fwd(&us->privileges, priv) {
1056 tq_foreach_fwd(&priv->hostlist, m) {
1057 if (m->type == ALIAS)
1058 if (!alias_remove_recursive(m->name, HOSTALIAS, strict,
1062 tq_foreach_fwd(&priv->cmndlist, cs) {
1063 tq_foreach_fwd(&cs->runasuserlist, m) {
1064 if (m->type == ALIAS)
1065 if (!alias_remove_recursive(m->name, RUNASALIAS,
1069 if ((m = cs->cmnd)->type == ALIAS)
1070 if (!alias_remove_recursive(m->name, CMNDALIAS, strict,
1076 tq_foreach_fwd(&defaults, d) {
1084 case DEFAULTS_RUNAS:
1091 continue; /* not an alias */
1093 tq_foreach_fwd(&d->binding, binding) {
1094 for (m = binding; m != NULL; m = m->next) {
1095 if (m->type == ALIAS)
1096 if (!alias_remove_recursive(m->name, atype, strict, quiet))
1101 rbdestroy(alias_freelist, alias_free);
1103 /* If all aliases were referenced we will have an empty tree. */
1104 if (!no_aliases() && !quiet)
1105 alias_apply(print_unused, strict ? "Error" : "Warning");
1107 return strict ? error : 0;
1111 print_undefined(name, type, strict, quiet)
1118 warningx("%s: %s_Alias `%s' referenced but not defined",
1119 strict ? "Error" : "Warning",
1120 type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" :
1121 type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" :
1127 print_selfref(name, type, strict, quiet)
1134 warningx("%s: %s_Alias `%s' references self",
1135 strict ? "Error" : "Warning",
1136 type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" :
1137 type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" :
1143 print_unused(v1, v2)
1147 struct alias *a = (struct alias *)v1;
1148 char *prefix = (char *)v2;
1150 warningx("%s: unused %s_Alias %s", prefix,
1151 a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" :
1152 a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" :
1153 "Unknown", a->name);
1158 * Unlink any sudoers temp files that remain.
1164 struct sudoersfile *sp;
1166 tq_foreach_fwd(&sudoerslist, sp) {
1167 if (sp->tpath != NULL)
1168 (void) unlink(sp->tpath);
1177 * Unlink sudoers temp files (if any) and exit.
1184 #define emsg " exiting due to signal.\n"
1185 if (write(STDERR_FILENO, getprogname(), strlen(getprogname())) == -1 ||
1186 write(STDERR_FILENO, emsg, sizeof(emsg) - 1) == -1)
1187 /* shut up glibc */;
1195 (void) fprintf(fatal ? stderr : stdout,
1196 "usage: %s [-chqsV] [-f sudoers]\n", getprogname());
1204 (void) printf("%s - safely edit the sudoers file\n\n", getprogname());
1206 (void) puts("\nOptions:");
1207 (void) puts(" -c check-only mode");
1208 (void) puts(" -f sudoers specify sudoers file location");
1209 (void) puts(" -h display help message and exit");
1210 (void) puts(" -q less verbose (quiet) syntax error messages");
1211 (void) puts(" -s strict syntax checking");
1212 (void) puts(" -V display version information and exit");