Bug 314

Summary:	visudo unused alias checking not working
Product:	Sudo	Reporter:	Dale King <daleking>
Component:	Visudo	Assignee:	Todd C. Miller <Todd.Miller>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	low
Version:	1.7.0
Hardware:	PC
OS:	Linux
Attachments:	fix for check_aliases

Description Dale King 2008-11-17 23:42:06 MST

Hi,

On both linux and AIX systems, the visudo checks for unused aliases seem to be failing.

consider a simple sudoers file:

Host_Alias MYHOST = myhostname
myuser   MYHOST=(ALL) ALL

visudo will complain about an unused host alias MYHOST even though it is obviously used.

From what I can see from playing around with visudo.c, the type being compared in the checks is ALIAS (type 258) instead of HOSTALIAS (type 277).

I'm not sure of the best way to fix this.

Comment 1 Todd C. Miller 2008-11-18 08:09:20 MST

Sounds like I didn't update the alias checking in visudo to match other changes in the parser proper.  I'll take a look.

Comment 2 Todd C. Miller 2008-11-18 10:53:22 MST

Created attachment 237 [details]
fix for check_aliases

This patch brings visudo back in line with the main parser.

Comment 3 Dale King 2008-11-18 23:14:19 MST

Hi,

The fix works on a simple sudoers file but segfaults or complains about references (on both linux and AIX) when there are aliases of different types with the same name:

Reproducible with a simple sudoers file:

---
User_Alias FRED = fred
User_Alias BOB = bob
Cmnd_Alias FRED = /bin/sh
Cmnd_Alias BOB = /bin/csh

BOB ALL=(root) BOB
FRED ALL=(root) FRED
---

This was allowable under older versions of visudo.

Comment 4 Todd C. Miller 2008-11-19 13:52:39 MST

That looks like a bug in the redblack delete code.  I'll let you know when I have debugged it.

Comment 5 Todd C. Miller 2008-11-22 13:27:28 MST

Please try the following: ftp://ftp.sudo.ws/pub/millert/sudo/sudo-1.7.0rc6.tar.gz

Comment 6 Dale King 2008-11-23 18:29:27 MST

Thanks Todd!  Working happily now.

I still have a minor issue with visudo and comments that I'll raise a separate bug for.