--- embedaddon/sudo/plugins/sudoers/gram.c 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/plugins/sudoers/gram.c 2014/06/15 16:12:54 1.1.1.5 @@ -9,10 +9,36 @@ #define yyclearin (yychar=(YYEMPTY)) #define yyerrok (yyerrflag=0) #define YYRECOVERING() (yyerrflag!=0) -#define YYPREFIX "yy" +#define yyparse sudoersparse +#define yylex sudoerslex +#define yyerror sudoerserror +#define yychar sudoerschar +#define yyval sudoersval +#define yylval sudoerslval +#define yydebug sudoersdebug +#define yynerrs sudoersnerrs +#define yyerrflag sudoerserrflag +#define yyss sudoersss +#define yysslim sudoerssslim +#define yyssp sudoersssp +#define yyvs sudoersvs +#define yyvsp sudoersvsp +#define yystacksize sudoersstacksize +#define yylhs sudoerslhs +#define yylen sudoerslen +#define yydefred sudoersdefred +#define yydgoto sudoersdgoto +#define yysindex sudoerssindex +#define yyrindex sudoersrindex +#define yygindex sudoersgindex +#define yytable sudoerstable +#define yycheck sudoerscheck +#define yyname sudoersname +#define yyrule sudoersrule +#define YYPREFIX "sudoers" #line 2 "gram.y" /* - * Copyright (c) 1996, 1998-2005, 2007-2012 + * Copyright (c) 1996, 1998-2005, 2007-2013 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -37,7 +63,6 @@ #include #include -#include #include #ifdef STDC_HEADERS # include @@ -56,6 +81,9 @@ #ifdef HAVE_UNISTD_H # include #endif /* HAVE_UNISTD_H */ +#ifdef HAVE_INTTYPES_H +# include +#endif #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) # include #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ @@ -64,7 +92,6 @@ #include "sudoers.h" /* XXX */ #include "parse.h" #include "toke.h" -#include "gram.h" /* * We must define SIZE_MAX for yacc's skeleton.c. @@ -82,16 +109,13 @@ /* * Globals */ -extern int sudolineno; -extern int last_token; -extern char *sudoers; bool sudoers_warnings = true; bool parse_error = false; int errorlineno = -1; -char *errorfile = NULL; +const char *errorfile = NULL; -struct defaults_list defaults; -struct userspec_list userspecs; +struct defaults_list defaults = TAILQ_HEAD_INITIALIZER(defaults); +struct userspec_list userspecs = TAILQ_HEAD_INITIALIZER(userspecs); /* * Local protoypes @@ -100,31 +124,8 @@ static void add_defaults(int, struct member *, struct static void add_userspec(struct member *, struct privilege *); static struct defaults *new_default(char *, char *, int); static struct member *new_member(char *, int); - void yyerror(const char *); - -void -yyerror(const char *s) -{ - debug_decl(yyerror, SUDO_DEBUG_PARSER) - - /* If we last saw a newline the error is on the preceding line. */ - if (last_token == COMMENT) - sudolineno--; - - /* Save the line the first error occurred on. */ - if (errorlineno == -1) { - errorlineno = sudolineno; - errorfile = estrdup(sudoers); - } - if (trace_print != NULL) { - LEXTRACE("<*> "); - } else if (sudoers_warnings && s != NULL) { - warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); - } - parse_error = true; - debug_return; -} -#line 117 "gram.y" +static struct sudo_digest *new_digest(int, const char *); +#line 92 "gram.y" #ifndef YYSTYPE_DEFINED #define YYSTYPE_DEFINED typedef union { @@ -133,14 +134,16 @@ typedef union { struct member *member; struct runascontainer *runas; struct privilege *privilege; + struct sudo_digest *digest; struct sudo_command command; struct cmndtag tag; struct selinux_info seinfo; + struct solaris_privs_info privinfo; char *string; int tok; } YYSTYPE; #endif /* YYSTYPE_DEFINED */ -#line 143 "gram.c" +#line 146 "gram.c" #define COMMAND 257 #define ALIAS 258 #define DEFVAR 259 @@ -148,352 +151,391 @@ typedef union { #define NETGROUP 261 #define USERGROUP 262 #define WORD 263 -#define DEFAULTS 264 -#define DEFAULTS_HOST 265 -#define DEFAULTS_USER 266 -#define DEFAULTS_RUNAS 267 -#define DEFAULTS_CMND 268 -#define NOPASSWD 269 -#define PASSWD 270 -#define NOEXEC 271 -#define EXEC 272 -#define SETENV 273 -#define NOSETENV 274 -#define LOG_INPUT 275 -#define NOLOG_INPUT 276 -#define LOG_OUTPUT 277 -#define NOLOG_OUTPUT 278 -#define ALL 279 -#define COMMENT 280 -#define HOSTALIAS 281 -#define CMNDALIAS 282 -#define USERALIAS 283 -#define RUNASALIAS 284 -#define ERROR 285 -#define TYPE 286 -#define ROLE 287 +#define DIGEST 264 +#define DEFAULTS 265 +#define DEFAULTS_HOST 266 +#define DEFAULTS_USER 267 +#define DEFAULTS_RUNAS 268 +#define DEFAULTS_CMND 269 +#define NOPASSWD 270 +#define PASSWD 271 +#define NOEXEC 272 +#define EXEC 273 +#define SETENV 274 +#define NOSETENV 275 +#define LOG_INPUT 276 +#define NOLOG_INPUT 277 +#define LOG_OUTPUT 278 +#define NOLOG_OUTPUT 279 +#define ALL 280 +#define COMMENT 281 +#define HOSTALIAS 282 +#define CMNDALIAS 283 +#define USERALIAS 284 +#define RUNASALIAS 285 +#define ERROR 286 +#define TYPE 287 +#define ROLE 288 +#define PRIVS 289 +#define LIMITPRIVS 290 +#define MYSELF 291 +#define SHA224 292 +#define SHA256 293 +#define SHA384 294 +#define SHA512 295 #define YYERRCODE 256 #if defined(__cplusplus) || defined(__STDC__) -const short yylhs[] = +const short sudoerslhs[] = #else -short yylhs[] = +short sudoerslhs[] = #endif { -1, - 0, 0, 25, 25, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 4, 4, 3, 3, - 3, 3, 3, 20, 20, 19, 10, 10, 8, 8, - 8, 8, 8, 2, 2, 1, 6, 6, 23, 24, - 22, 22, 22, 22, 22, 17, 17, 18, 18, 18, - 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, - 21, 5, 5, 5, 28, 28, 31, 9, 9, 29, - 29, 32, 7, 7, 30, 30, 33, 27, 27, 34, - 13, 13, 11, 11, 12, 12, 12, 12, 12, 16, - 16, 14, 14, 15, 15, 15, + 0, 0, 30, 30, 31, 31, 31, 31, 31, 31, + 31, 31, 31, 31, 31, 31, 4, 4, 3, 3, + 3, 3, 3, 21, 21, 20, 11, 11, 9, 9, + 9, 9, 9, 2, 2, 1, 29, 29, 29, 29, + 7, 7, 6, 6, 24, 25, 23, 23, 23, 23, + 23, 27, 28, 26, 26, 26, 26, 26, 18, 18, + 19, 19, 19, 19, 19, 22, 22, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 5, 5, 5, 33, + 33, 36, 10, 10, 34, 34, 37, 8, 8, 35, + 35, 38, 32, 32, 39, 14, 14, 12, 12, 13, + 13, 13, 13, 13, 17, 17, 15, 15, 16, 16, + 16, }; #if defined(__cplusplus) || defined(__STDC__) -const short yylen[] = +const short sudoerslen[] = #else -short yylen[] = +short sudoerslen[] = #endif { 2, 0, 1, 1, 2, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 1, 3, 1, 2, 3, 3, 3, 1, 3, 3, 1, 2, 1, 1, - 1, 1, 1, 1, 3, 4, 1, 2, 3, 3, - 0, 1, 1, 2, 2, 0, 3, 1, 3, 2, - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 1, 1, 1, 1, 3, 3, 1, 3, 1, - 3, 3, 1, 3, 1, 3, 3, 1, 3, 3, - 1, 3, 1, 2, 1, 1, 1, 1, 1, 1, - 3, 1, 2, 1, 1, 1, + 1, 1, 1, 1, 3, 5, 3, 3, 3, 3, + 1, 2, 1, 2, 3, 3, 0, 1, 1, 2, + 2, 3, 3, 0, 1, 1, 2, 2, 0, 3, + 0, 1, 3, 2, 1, 0, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, + 3, 3, 1, 3, 1, 3, 3, 1, 3, 1, + 3, 3, 1, 3, 3, 1, 3, 1, 2, 1, + 1, 1, 1, 1, 1, 3, 1, 2, 1, 1, + 1, }; #if defined(__cplusplus) || defined(__STDC__) -const short yydefred[] = +const short sudoersdefred[] = #else -short yydefred[] = +short sudoersdefred[] = #endif { 0, - 0, 85, 87, 88, 89, 0, 0, 0, 0, 0, - 86, 5, 0, 0, 0, 0, 0, 0, 81, 83, + 0, 100, 102, 103, 104, 0, 0, 0, 0, 0, + 101, 5, 0, 0, 0, 0, 0, 0, 96, 98, 0, 0, 3, 6, 0, 0, 17, 0, 29, 32, - 31, 33, 30, 0, 27, 0, 68, 0, 0, 64, - 63, 62, 0, 37, 73, 0, 0, 0, 65, 0, - 0, 70, 0, 0, 78, 0, 0, 75, 84, 0, - 0, 24, 0, 4, 0, 0, 0, 20, 0, 28, - 0, 0, 0, 0, 38, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 82, 0, 0, 21, 22, - 23, 18, 69, 74, 0, 66, 0, 71, 0, 79, - 0, 76, 0, 34, 0, 0, 25, 0, 0, 0, - 0, 0, 0, 51, 0, 0, 94, 96, 95, 0, - 90, 92, 0, 0, 47, 35, 0, 0, 0, 44, - 45, 93, 0, 0, 40, 39, 52, 53, 54, 55, - 56, 57, 58, 59, 60, 61, 36, 91, + 31, 33, 30, 0, 27, 0, 83, 0, 0, 79, + 78, 77, 0, 0, 0, 0, 0, 43, 41, 88, + 0, 0, 0, 0, 80, 0, 0, 85, 0, 0, + 93, 0, 0, 90, 99, 0, 0, 24, 0, 4, + 0, 0, 0, 20, 0, 28, 0, 0, 0, 0, + 44, 0, 0, 0, 0, 0, 0, 42, 0, 0, + 0, 0, 0, 0, 0, 0, 97, 0, 0, 21, + 22, 23, 18, 84, 37, 38, 39, 40, 89, 0, + 81, 0, 86, 0, 94, 0, 91, 0, 34, 0, + 0, 25, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 109, 111, 110, 0, 105, 107, 0, 0, 60, + 35, 0, 0, 0, 0, 66, 0, 0, 50, 51, + 108, 0, 0, 46, 45, 0, 0, 0, 57, 58, + 106, 52, 53, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 36, }; #if defined(__cplusplus) || defined(__STDC__) -const short yydgoto[] = +const short sudoersdgoto[] = #else -short yydgoto[] = +short sudoersdgoto[] = #endif { 18, - 104, 105, 27, 28, 44, 45, 46, 35, 61, 37, - 19, 20, 21, 121, 122, 123, 106, 110, 62, 63, - 129, 114, 115, 116, 22, 23, 54, 48, 51, 57, - 49, 52, 58, 55, + 119, 120, 27, 28, 48, 49, 50, 51, 35, 67, + 37, 19, 20, 21, 136, 137, 138, 121, 125, 68, + 69, 158, 129, 130, 131, 146, 147, 148, 52, 22, + 23, 60, 54, 57, 63, 55, 58, 64, 61, }; #if defined(__cplusplus) || defined(__STDC__) -const short yysindex[] = +const short sudoerssindex[] = #else -short yysindex[] = +short sudoerssindex[] = #endif - { 475, - -270, 0, 0, 0, 0, -29, 567, 594, 594, -2, - 0, 0, -240, -222, -216, -212, -241, 0, 0, 0, - -25, 475, 0, 0, -10, -207, 0, 9, 0, 0, - 0, 0, 0, -235, 0, -33, 0, -31, -31, 0, - 0, 0, -242, 0, 0, -30, -7, 3, 0, -6, - 4, 0, -5, 6, 0, -1, 8, 0, 0, 594, - -20, 0, 10, 0, -205, -196, -194, 0, -29, 0, - 567, 9, 9, 9, 0, -2, 9, 567, -240, -2, - -222, 594, -216, 594, -212, 0, 31, 567, 0, 0, - 0, 0, 0, 0, 26, 0, 28, 0, 29, 0, - 29, 0, 541, 0, 32, -247, 0, 86, -15, 33, - 31, 14, 16, 0, -208, -204, 0, 0, 0, -231, - 0, 0, 38, 86, 0, 0, -179, -178, 491, 0, - 0, 0, 86, 38, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0,}; + { -33, + -277, 0, 0, 0, 0, -13, 75, 105, 105, -15, + 0, 0, -246, -241, -217, -210, -226, 0, 0, 0, + -5, -33, 0, 0, -3, -244, 0, 5, 0, 0, + 0, 0, 0, -237, 0, -28, 0, -19, -19, 0, + 0, 0, -251, -7, -1, 4, 7, 0, 0, 0, + -14, -20, -2, 8, 0, 6, 11, 0, 9, 13, + 0, 12, 14, 0, 0, 105, -11, 0, 18, 0, + -203, -200, -188, 0, -13, 0, 75, 5, 5, 5, + 0, -187, -185, -184, -183, -15, 5, 0, 75, -246, + -15, -241, 105, -217, 105, -210, 0, 42, 75, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 39, + 0, 40, 0, 43, 0, 43, 0, 45, 0, 44, + -279, 0, 135, -6, 49, 42, 25, 32, -243, -195, + -192, 0, 0, 0, -236, 0, 0, 54, 135, 0, + 0, -164, -163, 41, 46, 0, -189, -180, 0, 0, + 0, 135, 54, 0, 0, -159, -158, 585, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) -const short yyrindex[] = +const short sudoersrindex[] = #else -short yyrindex[] = +short sudoersrindex[] = #endif - { 87, + { 106, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 90, 0, 0, 1, 0, 0, 177, 0, 0, + 0, 110, 0, 0, 1, 0, 0, 181, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 207, 0, 0, - 237, 0, 0, 271, 0, 0, 300, 0, 0, 0, - 0, 0, 329, 0, 0, 0, 0, 0, 0, 0, - 0, 358, 387, 417, 0, 0, 446, 0, 0, 0, - 0, 0, 0, 0, 0, 0, -26, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 59, 0, 89, 0, - 118, 0, 0, 0, 148, 514, 0, 0, 45, 0, - -26, 0, 0, 0, 537, 565, 0, 0, 0, 0, - 0, 0, 50, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 52, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0,}; + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 211, 0, 0, 241, 0, 0, 271, + 0, 0, 301, 0, 0, 0, 0, 0, 331, 0, + 0, 0, 0, 0, 0, 0, 0, 361, 391, 421, + 0, 0, 0, 0, 0, 0, 451, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 467, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 31, + 0, 61, 0, 91, 0, 121, 0, 70, 0, 151, + 495, 0, 71, 72, 0, 467, 0, 0, 615, 525, + 555, 0, 0, 0, 0, 0, 0, 73, 0, 0, + 0, 0, 0, 0, 0, 0, 645, 675, 0, 0, + 0, 0, 74, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0,}; #if defined(__cplusplus) || defined(__STDC__) -const short yygindex[] = +const short sudoersgindex[] = #else -short yygindex[] = +short sudoersgindex[] = #endif { 0, - -17, 0, 27, 11, 54, -64, 15, 64, 2, 34, - 39, 84, -3, -27, -18, -21, 0, 0, 19, 0, - 0, 0, -12, -4, 0, 88, 0, 0, 0, 0, - 35, 40, 23, 37, + -10, 0, 47, 17, 80, 65, -84, 27, 92, -4, + 48, 62, 112, 2, -25, 10, -9, 0, 0, 33, + 0, 0, 0, 3, 16, 0, -17, -12, 0, 0, + 111, 0, 0, 0, 0, 50, 51, 52, 53, }; -#define YYTABLESIZE 873 +#define YYTABLESIZE 970 #if defined(__cplusplus) || defined(__STDC__) -const short yytable[] = +const short sudoerstable[] = #else -short yytable[] = +short sudoerstable[] = #endif - { 26, - 19, 26, 26, 26, 38, 39, 46, 34, 36, 24, - 71, 94, 60, 76, 40, 41, 2, 47, 60, 3, - 4, 5, 29, 71, 30, 31, 117, 32, 60, 67, - 43, 118, 66, 19, 67, 50, 42, 11, 112, 113, - 87, 53, 124, 33, 19, 56, 72, 119, 73, 74, - 65, 68, 69, 78, 80, 82, 77, 89, 72, 84, - 79, 81, 67, 83, 147, 85, 90, 88, 91, 71, - 103, 76, 60, 125, 127, 111, 128, 112, 99, 95, - 101, 133, 113, 135, 136, 48, 1, 67, 80, 2, - 50, 72, 49, 126, 97, 92, 75, 70, 86, 109, - 59, 132, 134, 131, 93, 148, 107, 102, 0, 64, - 130, 0, 0, 96, 0, 0, 72, 77, 120, 100, - 98, 80, 0, 0, 0, 0, 0, 0, 0, 0, + { 17, + 19, 109, 36, 24, 26, 40, 41, 127, 128, 38, + 39, 53, 43, 26, 74, 77, 56, 43, 26, 26, + 29, 132, 30, 31, 66, 32, 133, 34, 42, 86, + 82, 2, 77, 19, 3, 4, 5, 66, 66, 72, + 59, 73, 33, 134, 19, 144, 145, 62, 75, 98, + 82, 139, 78, 11, 79, 80, 83, 71, 89, 100, + 87, 84, 101, 82, 85, 90, 91, 87, 92, 93, + 94, 96, 95, 174, 102, 99, 105, 17, 106, 107, + 108, 118, 77, 86, 110, 142, 66, 126, 82, 140, + 95, 127, 143, 87, 114, 128, 116, 152, 154, 155, + 145, 156, 123, 162, 163, 1, 157, 34, 144, 2, + 61, 65, 62, 64, 63, 141, 88, 112, 87, 124, + 92, 103, 81, 95, 104, 76, 161, 97, 65, 153, + 160, 122, 70, 150, 159, 0, 0, 17, 0, 111, + 0, 0, 113, 0, 151, 149, 115, 117, 95, 0, + 26, 0, 0, 92, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 135, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 92, 0, + 12, 0, 0, 26, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 80, 26, 0, 0, - 77, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 26, 0, + 9, 0, 0, 12, 0, 0, 0, 0, 0, 0, + 0, 0, 1, 0, 2, 0, 0, 3, 4, 5, + 25, 6, 7, 8, 9, 10, 40, 41, 0, 25, + 10, 40, 41, 9, 25, 25, 11, 12, 13, 14, + 15, 16, 29, 0, 30, 31, 19, 32, 19, 42, + 0, 19, 19, 19, 42, 19, 19, 19, 19, 19, + 8, 0, 0, 10, 33, 0, 44, 45, 46, 47, + 19, 19, 19, 19, 19, 19, 82, 0, 82, 0, + 0, 82, 82, 82, 0, 82, 82, 82, 82, 82, + 11, 0, 2, 8, 0, 3, 4, 5, 0, 0, + 82, 82, 82, 82, 82, 82, 87, 0, 87, 0, + 0, 87, 87, 87, 11, 87, 87, 87, 87, 87, + 7, 0, 29, 11, 30, 31, 0, 32, 0, 0, + 87, 87, 87, 87, 87, 87, 95, 0, 95, 0, + 0, 95, 95, 95, 33, 95, 95, 95, 95, 95, + 15, 0, 2, 7, 0, 3, 4, 5, 0, 0, + 95, 95, 95, 95, 95, 95, 92, 0, 92, 0, + 0, 92, 92, 92, 11, 92, 92, 92, 92, 92, + 13, 0, 132, 15, 0, 0, 0, 133, 0, 0, + 92, 92, 92, 92, 92, 92, 26, 0, 26, 0, + 0, 26, 26, 26, 134, 26, 26, 26, 26, 26, + 14, 0, 0, 13, 0, 0, 0, 0, 0, 0, + 26, 26, 26, 26, 26, 26, 12, 0, 12, 0, + 0, 12, 12, 12, 0, 12, 12, 12, 12, 12, + 16, 0, 0, 14, 0, 0, 0, 0, 0, 0, + 12, 12, 12, 12, 12, 12, 9, 0, 9, 0, + 0, 9, 9, 9, 0, 9, 9, 9, 9, 9, + 0, 0, 0, 16, 0, 0, 0, 0, 0, 0, + 9, 9, 9, 9, 9, 9, 10, 0, 10, 59, + 0, 10, 10, 10, 0, 10, 10, 10, 10, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 77, 12, 0, 0, 0, - 26, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 10, 10, 10, 10, 10, 10, 8, 47, 8, 0, + 0, 8, 8, 8, 0, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 26, 9, 0, 0, 12, + 8, 8, 8, 8, 8, 8, 11, 48, 11, 0, + 0, 11, 11, 11, 0, 11, 11, 11, 11, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 25, 0, 25, 25, 25, - 46, 46, 29, 0, 30, 31, 10, 32, 0, 9, - 0, 0, 46, 46, 46, 46, 46, 46, 46, 46, - 46, 46, 46, 33, 40, 41, 19, 0, 19, 46, - 46, 19, 19, 19, 19, 19, 19, 19, 19, 10, - 8, 0, 0, 0, 0, 0, 42, 0, 0, 19, - 19, 19, 19, 19, 19, 67, 0, 67, 0, 0, - 67, 67, 67, 67, 67, 67, 67, 67, 0, 11, - 0, 0, 0, 8, 0, 0, 0, 0, 67, 67, - 67, 67, 67, 67, 72, 0, 72, 0, 0, 72, - 72, 72, 72, 72, 72, 72, 72, 0, 7, 0, - 0, 0, 11, 0, 0, 0, 0, 72, 72, 72, - 72, 72, 72, 117, 80, 0, 80, 0, 118, 80, - 80, 80, 80, 80, 80, 80, 80, 15, 0, 0, - 0, 7, 0, 0, 119, 0, 0, 80, 80, 80, - 80, 80, 80, 77, 0, 77, 0, 0, 77, 77, - 77, 77, 77, 77, 77, 77, 13, 0, 0, 0, - 15, 0, 0, 0, 0, 0, 77, 77, 77, 77, - 77, 77, 0, 26, 0, 26, 0, 0, 26, 26, - 26, 26, 26, 26, 26, 26, 14, 0, 0, 13, - 0, 0, 0, 0, 0, 0, 26, 26, 26, 26, - 26, 26, 12, 0, 12, 0, 0, 12, 12, 12, - 12, 12, 12, 12, 12, 16, 0, 0, 0, 14, - 0, 0, 0, 0, 0, 12, 12, 12, 12, 12, - 12, 0, 9, 0, 9, 0, 0, 9, 9, 9, - 9, 9, 9, 9, 9, 0, 0, 0, 16, 0, - 0, 0, 0, 0, 0, 9, 9, 9, 9, 9, - 9, 0, 10, 0, 10, 0, 0, 10, 10, 10, - 10, 10, 10, 10, 10, 0, 0, 17, 0, 0, - 0, 0, 0, 0, 0, 10, 10, 10, 10, 10, - 10, 0, 0, 43, 0, 0, 8, 0, 8, 0, - 0, 8, 8, 8, 8, 8, 8, 8, 8, 0, - 0, 0, 0, 0, 0, 0, 41, 0, 0, 8, - 8, 8, 8, 8, 8, 11, 0, 11, 0, 0, - 11, 11, 11, 11, 11, 11, 11, 11, 0, 42, - 0, 0, 0, 17, 0, 0, 0, 0, 11, 11, - 11, 11, 11, 11, 7, 0, 7, 0, 0, 7, - 7, 7, 7, 7, 7, 7, 7, 43, 108, 34, - 0, 0, 0, 0, 0, 0, 0, 7, 7, 7, - 7, 7, 7, 15, 0, 15, 0, 0, 15, 15, - 15, 15, 15, 15, 15, 15, 17, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 15, 15, 15, 15, - 15, 15, 13, 0, 13, 0, 0, 13, 13, 13, - 13, 13, 13, 13, 13, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 13, 13, 13, 13, - 13, 0, 14, 0, 14, 0, 0, 14, 14, 14, - 14, 14, 14, 14, 14, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 14, 14, 14, 14, 14, - 14, 16, 0, 16, 0, 0, 16, 16, 16, 16, - 16, 16, 16, 16, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 16, 16, 16, 16, 16, 16, - 1, 0, 2, 0, 0, 3, 4, 5, 6, 7, - 8, 9, 10, 0, 0, 0, 0, 40, 41, 0, - 0, 0, 0, 11, 12, 13, 14, 15, 16, 137, - 138, 139, 140, 141, 142, 143, 144, 145, 146, 42, - 41, 41, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 41, 41, 41, 41, 41, 41, 41, 41, - 41, 41, 41, 42, 42, 0, 0, 0, 2, 0, - 0, 3, 4, 5, 0, 42, 42, 42, 42, 42, - 42, 42, 42, 42, 42, 42, 0, 0, 0, 11, - 0, 43, 43, 0, 29, 0, 30, 31, 0, 32, - 0, 0, 0, 43, 43, 43, 43, 43, 43, 43, - 43, 43, 43, 43, 0, 33, 0, 0, 0, 0, - 0, 2, 0, 0, 3, 4, 5, 0, 0, 0, + 11, 11, 11, 11, 11, 11, 7, 49, 7, 0, + 0, 7, 7, 7, 0, 7, 7, 7, 7, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 11, + 7, 7, 7, 7, 7, 7, 15, 43, 15, 0, + 0, 15, 15, 15, 0, 15, 15, 15, 15, 15, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 15, 15, 15, 15, 15, 15, 13, 54, 13, 0, + 0, 13, 13, 13, 0, 13, 13, 13, 13, 13, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 13, 13, 13, 13, 13, 13, 14, 55, 14, 0, + 0, 14, 14, 14, 0, 14, 14, 14, 14, 14, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 14, 14, 14, 14, 14, 14, 16, 56, 16, 0, + 0, 16, 16, 16, 0, 16, 16, 16, 16, 16, + 0, 0, 0, 59, 59, 0, 0, 0, 0, 0, + 16, 16, 16, 16, 16, 16, 59, 59, 59, 59, + 59, 59, 59, 59, 59, 59, 59, 0, 0, 0, + 0, 47, 47, 59, 59, 59, 59, 0, 59, 59, + 59, 59, 0, 0, 47, 47, 47, 47, 47, 47, + 47, 47, 47, 47, 47, 0, 0, 0, 0, 0, + 0, 48, 48, 47, 47, 0, 47, 47, 47, 47, + 0, 0, 0, 0, 48, 48, 48, 48, 48, 48, + 48, 48, 48, 48, 48, 0, 0, 0, 0, 0, + 0, 49, 49, 48, 48, 0, 48, 48, 48, 48, + 0, 0, 0, 0, 49, 49, 49, 49, 49, 49, + 49, 49, 49, 49, 49, 0, 0, 0, 0, 0, + 0, 40, 41, 49, 49, 0, 49, 49, 49, 49, + 0, 0, 0, 0, 164, 165, 166, 167, 168, 169, + 170, 171, 172, 173, 42, 0, 0, 0, 0, 0, + 0, 54, 54, 0, 0, 0, 44, 45, 46, 47, + 0, 0, 0, 0, 54, 54, 54, 54, 54, 54, + 54, 54, 54, 54, 54, 0, 0, 0, 0, 0, + 0, 55, 55, 0, 0, 0, 54, 54, 54, 54, + 0, 0, 0, 0, 55, 55, 55, 55, 55, 55, + 55, 55, 55, 55, 55, 0, 0, 0, 0, 0, + 0, 56, 56, 0, 0, 0, 55, 55, 55, 55, + 0, 0, 0, 0, 56, 56, 56, 56, 56, 56, + 56, 56, 56, 56, 56, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 56, 56, 56, 56, }; #if defined(__cplusplus) || defined(__STDC__) -const short yycheck[] = +const short sudoerscheck[] = #else -short yycheck[] = +short sudoerscheck[] = #endif { 33, - 0, 33, 33, 33, 8, 9, 33, 33, 7, 280, - 44, 76, 44, 44, 257, 258, 258, 258, 44, 261, - 262, 263, 258, 44, 260, 261, 258, 263, 44, 0, - 33, 263, 43, 33, 45, 258, 279, 279, 286, 287, - 61, 258, 58, 279, 44, 258, 36, 279, 38, 39, - 61, 259, 44, 61, 61, 61, 46, 263, 0, 61, - 58, 58, 33, 58, 129, 58, 263, 58, 263, 44, - 40, 44, 44, 41, 61, 44, 61, 286, 82, 78, - 84, 44, 287, 263, 263, 41, 0, 58, 0, 0, - 41, 33, 41, 111, 80, 69, 43, 34, 60, 103, - 17, 120, 124, 116, 71, 133, 88, 85, -1, 22, - 115, -1, -1, 79, -1, -1, 58, 0, 33, 83, - 81, 33, -1, -1, -1, -1, -1, -1, -1, -1, + 0, 86, 7, 281, 33, 257, 258, 287, 288, 8, + 9, 258, 33, 33, 259, 44, 258, 33, 33, 33, + 258, 258, 260, 261, 44, 263, 263, 33, 280, 44, + 0, 258, 44, 33, 261, 262, 263, 44, 44, 43, + 258, 45, 280, 280, 44, 289, 290, 258, 44, 61, + 58, 58, 36, 280, 38, 39, 58, 61, 61, 263, + 0, 58, 263, 33, 58, 58, 61, 51, 58, 61, + 58, 58, 61, 158, 263, 58, 264, 33, 264, 264, + 264, 40, 44, 44, 89, 61, 44, 44, 58, 41, + 0, 287, 61, 33, 93, 288, 95, 44, 263, 263, + 290, 61, 58, 263, 263, 0, 61, 33, 289, 0, + 41, 41, 41, 41, 41, 126, 52, 91, 58, 118, + 0, 75, 43, 33, 77, 34, 152, 66, 17, 139, + 148, 99, 22, 131, 147, -1, -1, 33, -1, 90, + -1, -1, 92, -1, 135, 130, 94, 96, 58, -1, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 33, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 58, 0, -1, -1, - 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 58, -1, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + -1, -1, 256, -1, 258, -1, -1, 261, 262, 263, + 259, 265, 266, 267, 268, 269, 257, 258, -1, 259, + 0, 257, 258, 33, 259, 259, 280, 281, 282, 283, + 284, 285, 258, -1, 260, 261, 256, 263, 258, 280, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, -1, 33, 280, -1, 292, 293, 294, 295, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + 0, -1, 258, 33, -1, 261, 262, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, 258, 33, 260, 261, -1, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, 258, 33, -1, 261, 262, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, 258, 33, -1, -1, -1, 263, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, 280, 265, 266, 267, 268, 269, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + 0, -1, -1, 33, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, -1, 258, 33, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 58, 0, -1, -1, -1, - 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 58, 0, -1, -1, 33, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 259, -1, 259, 259, 259, - 257, 258, 258, -1, 260, 261, 0, 263, -1, 33, - -1, -1, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, 279, 257, 258, 256, -1, 258, 286, - 287, 261, 262, 263, 264, 265, 266, 267, 268, 33, - 0, -1, -1, -1, -1, -1, 279, -1, -1, 279, - 280, 281, 282, 283, 284, 256, -1, 258, -1, -1, - 261, 262, 263, 264, 265, 266, 267, 268, -1, 0, - -1, -1, -1, 33, -1, -1, -1, -1, 279, 280, - 281, 282, 283, 284, 256, -1, 258, -1, -1, 261, - 262, 263, 264, 265, 266, 267, 268, -1, 0, -1, - -1, -1, 33, -1, -1, -1, -1, 279, 280, 281, - 282, 283, 284, 258, 256, -1, 258, -1, 263, 261, - 262, 263, 264, 265, 266, 267, 268, 0, -1, -1, - -1, 33, -1, -1, 279, -1, -1, 279, 280, 281, - 282, 283, 284, 256, -1, 258, -1, -1, 261, 262, - 263, 264, 265, 266, 267, 268, 0, -1, -1, -1, - 33, -1, -1, -1, -1, -1, 279, 280, 281, 282, - 283, 284, -1, 256, -1, 258, -1, -1, 261, 262, - 263, 264, 265, 266, 267, 268, 0, -1, -1, 33, - -1, -1, -1, -1, -1, -1, 279, 280, 281, 282, - 283, 284, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, 0, -1, -1, -1, 33, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, -1, -1, -1, 33, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, -1, -1, 33, -1, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, -1, 33, -1, -1, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, 267, 268, -1, - -1, -1, -1, -1, -1, -1, 33, -1, -1, 279, - 280, 281, 282, 283, 284, 256, -1, 258, -1, -1, - 261, 262, 263, 264, 265, 266, 267, 268, -1, 33, - -1, -1, -1, 33, -1, -1, -1, -1, 279, 280, - 281, 282, 283, 284, 256, -1, 258, -1, -1, 261, - 262, 263, 264, 265, 266, 267, 268, 33, 58, 33, - -1, -1, -1, -1, -1, -1, -1, 279, 280, 281, - 282, 283, 284, 256, -1, 258, -1, -1, 261, 262, - 263, 264, 265, 266, 267, 268, 33, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 279, 280, 281, 282, - 283, 284, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, -1, 256, -1, 258, -1, -1, 261, 262, 263, - 264, 265, 266, 267, 268, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 279, 280, 281, 282, 283, - 284, 256, -1, 258, -1, -1, 261, 262, 263, 264, - 265, 266, 267, 268, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 279, 280, 281, 282, 283, 284, - 256, -1, 258, -1, -1, 261, 262, 263, 264, 265, - 266, 267, 268, -1, -1, -1, -1, 257, 258, -1, - -1, -1, -1, 279, 280, 281, 282, 283, 284, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 257, 258, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, 257, 258, -1, -1, -1, 258, -1, - -1, 261, 262, 263, -1, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, -1, -1, -1, 279, - -1, 257, 258, -1, 258, -1, 260, 261, -1, 263, - -1, -1, -1, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 279, -1, 279, -1, -1, -1, -1, - -1, 258, -1, -1, 261, 262, 263, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 279, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 256, 33, 258, -1, + -1, 261, 262, 263, -1, 265, 266, 267, 268, 269, + -1, -1, -1, 257, 258, -1, -1, -1, -1, -1, + 280, 281, 282, 283, 284, 285, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 279, 280, -1, -1, -1, + -1, 257, 258, 287, 288, 289, 290, -1, 292, 293, + 294, 295, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, 289, 290, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, 257, 258, -1, -1, -1, 292, 293, 294, 295, + -1, -1, -1, -1, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 292, 293, 294, 295, }; #define YYFINAL 18 #ifndef YYDEBUG #define YYDEBUG 0 #endif -#define YYMAXTOKEN 287 +#define YYMAXTOKEN 295 #if YYDEBUG #if defined(__cplusplus) || defined(__STDC__) -const char * const yyname[] = +const char * const sudoersname[] = #else -char *yyname[] = +char *sudoersname[] = #endif { "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -503,16 +545,17 @@ char *yyname[] = 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS", -"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD", -"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT", -"LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS", -"RUNASALIAS","ERROR","TYPE","ROLE", +"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DIGEST", +"DEFAULTS","DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND", +"NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT", +"NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS", +"CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS", +"MYSELF","SHA224","SHA256","SHA384","SHA512", }; #if defined(__cplusplus) || defined(__STDC__) -const char * const yyrule[] = +const char * const sudoersrule[] = #else -char *yyrule[] = +char *sudoersrule[] = #endif {"$accept : file", "file :", @@ -550,7 +593,13 @@ char *yyrule[] = "host : WORD", "cmndspeclist : cmndspec", "cmndspeclist : cmndspeclist ',' cmndspec", -"cmndspec : runasspec selinux cmndtag opcmnd", +"cmndspec : runasspec selinux solarisprivs cmndtag digcmnd", +"digest : SHA224 ':' DIGEST", +"digest : SHA256 ':' DIGEST", +"digest : SHA384 ':' DIGEST", +"digest : SHA512 ':' DIGEST", +"digcmnd : opcmnd", +"digcmnd : digest opcmnd", "opcmnd : cmnd", "opcmnd : '!' cmnd", "rolespec : ROLE '=' WORD", @@ -560,11 +609,20 @@ char *yyrule[] = "selinux : typespec", "selinux : rolespec typespec", "selinux : typespec rolespec", +"privsspec : PRIVS '=' WORD", +"limitprivsspec : LIMITPRIVS '=' WORD", +"solarisprivs :", +"solarisprivs : privsspec", +"solarisprivs : limitprivsspec", +"solarisprivs : privsspec limitprivsspec", +"solarisprivs : limitprivsspec privsspec", "runasspec :", "runasspec : '(' runaslist ')'", +"runaslist :", "runaslist : userlist", "runaslist : userlist ':' grouplist", "runaslist : ':' grouplist", +"runaslist : ':'", "cmndtag :", "cmndtag : cmndtag NOPASSWD", "cmndtag : cmndtag PASSWD", @@ -587,8 +645,8 @@ char *yyrule[] = "cmndaliases : cmndalias", "cmndaliases : cmndaliases ':' cmndalias", "cmndalias : ALIAS '=' cmndlist", -"cmndlist : opcmnd", -"cmndlist : cmndlist ',' opcmnd", +"cmndlist : digcmnd", +"cmndlist : cmndlist ',' digcmnd", "runasaliases : runasalias", "runasaliases : runasaliases ':' runasalias", "runasalias : ALIAS '=' userlist", @@ -637,8 +695,40 @@ YYSTYPE yylval; short *yyss; short *yysslim; YYSTYPE *yyvs; -int yystacksize; -#line 611 "gram.y" +unsigned int yystacksize; +#line 685 "gram.y" +void +sudoerserror(const char *s) +{ + debug_decl(sudoerserror, SUDO_DEBUG_PARSER) + + /* If we last saw a newline the error is on the preceding line. */ + if (last_token == COMMENT) + sudolineno--; + + /* Save the line the first error occurred on. */ + if (errorlineno == -1) { + errorlineno = sudolineno; + errorfile = estrdup(sudoers); + } + if (sudoers_warnings && s != NULL) { + LEXTRACE("<*> "); +#ifndef TRACELEXER + if (trace_print == NULL || trace_print == sudoers_trace_print) { + const char fmt[] = ">>> %s: %s near line %d <<<\n"; + int oldlocale; + + /* Warnings are displayed in the user's locale. */ + sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); + sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno); + sudoers_setlocale(oldlocale, NULL); + } +#endif + } + parse_error = true; + debug_return; +} + static struct defaults * new_default(char *var, char *val, int op) { @@ -648,11 +738,10 @@ new_default(char *var, char *val, int op) d = ecalloc(1, sizeof(struct defaults)); d->var = var; d->val = val; - tq_init(&d->binding); /* d->type = 0; */ d->op = op; - d->prev = d; - /* d->next = NULL; */ + /* d->binding = NULL */ + HLTQ_INIT(d, entries); debug_return_ptr(d); } @@ -666,12 +755,24 @@ new_member(char *name, int type) m = ecalloc(1, sizeof(struct member)); m->name = name; m->type = type; - m->prev = m; - /* m->next = NULL; */ + HLTQ_INIT(m, entries); debug_return_ptr(m); } +struct sudo_digest * +new_digest(int digest_type, const char *digest_str) +{ + struct sudo_digest *dig; + debug_decl(new_digest, SUDO_DEBUG_PARSER) + + dig = emalloc(sizeof(*dig)); + dig->digest_type = digest_type; + dig->digest_str = estrdup(digest_str); + + debug_return_ptr(dig); +} + /* * Add a list of defaults structures to the defaults list. * The binding, if non-NULL, specifies a list of hosts, users, or @@ -681,30 +782,36 @@ static void add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; - struct member_list binding; + struct member_list *binding; debug_decl(add_defaults, SUDO_DEBUG_PARSER) - /* - * We can only call list2tq once on bmem as it will zero - * out the prev pointer when it consumes bmem. - */ - list2tq(&binding, bmem); + if (defs != NULL) { + /* + * We use a single binding for each entry in defs. + */ + binding = emalloc(sizeof(*binding)); + if (bmem != NULL) + HLTQ_TO_TAILQ(binding, bmem, entries); + else + TAILQ_INIT(binding); - /* - * Set type and binding (who it applies to) for new entries. - */ - for (d = defs; d != NULL; d = d->next) { - d->type = type; - d->binding = binding; + /* + * Set type and binding (who it applies to) for new entries. + * Then add to the global defaults list. + */ + HLTQ_FOREACH(d, defs, entries) { + d->type = type; + d->binding = binding; + } + TAILQ_CONCAT_HLTQ(&defaults, defs, entries); } - tq_append(&defaults, defs); debug_return; } /* * Allocate a new struct userspec, populate it, and insert it at the - * and of the userspecs list. + * end of the userspecs list. */ static void add_userspec(struct member *members, struct privilege *privs) @@ -713,11 +820,9 @@ add_userspec(struct member *members, struct privilege debug_decl(add_userspec, SUDO_DEBUG_PARSER) u = ecalloc(1, sizeof(*u)); - list2tq(&u->users, members); - list2tq(&u->privileges, privs); - u->prev = u; - /* u->next = NULL; */ - tq_append(&userspecs, u); + HLTQ_TO_TAILQ(&u->users, members, entries); + HLTQ_TO_TAILQ(&u->privileges, privs, entries); + TAILQ_INSERT_TAIL(&userspecs, u, entries); debug_return; } @@ -727,32 +832,36 @@ add_userspec(struct member *members, struct privilege * the current sudoers file to path. */ void -init_parser(const char *path, int quiet) +init_parser(const char *path, bool quiet) { - struct defaults *d; - struct member *m, *binding; - struct userspec *us; - struct privilege *priv; - struct cmndspec *cs; - struct sudo_command *c; + struct member_list *binding; + struct defaults *d, *d_next; + struct userspec *us, *us_next; debug_decl(init_parser, SUDO_DEBUG_PARSER) - while ((us = tq_pop(&userspecs)) != NULL) { - while ((m = tq_pop(&us->users)) != NULL) { + TAILQ_FOREACH_SAFE(us, &userspecs, entries, us_next) { + struct member *m, *m_next; + struct privilege *priv, *priv_next; + + TAILQ_FOREACH_SAFE(m, &us->users, entries, m_next) { efree(m->name); efree(m); } - while ((priv = tq_pop(&us->privileges)) != NULL) { - struct member *runasuser = NULL, *runasgroup = NULL; + TAILQ_FOREACH_SAFE(priv, &us->privileges, entries, priv_next) { + struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; + struct cmndspec *cs, *cs_next; #ifdef HAVE_SELINUX char *role = NULL, *type = NULL; #endif /* HAVE_SELINUX */ +#ifdef HAVE_PRIV_SET + char *privs = NULL, *limitprivs = NULL; +#endif /* HAVE_PRIV_SET */ - while ((m = tq_pop(&priv->hostlist)) != NULL) { + TAILQ_FOREACH_SAFE(m, &priv->hostlist, entries, m_next) { efree(m->name); efree(m); } - while ((cs = tq_pop(&priv->cmndlist)) != NULL) { + TAILQ_FOREACH_SAFE(cs, &priv->cmndlist, entries, cs_next) { #ifdef HAVE_SELINUX /* Only free the first instance of a role/type. */ if (cs->role != role) { @@ -764,22 +873,37 @@ init_parser(const char *path, int quiet) efree(cs->type); } #endif /* HAVE_SELINUX */ - if (tq_last(&cs->runasuserlist) != runasuser) { - runasuser = tq_last(&cs->runasuserlist); - while ((m = tq_pop(&cs->runasuserlist)) != NULL) { +#ifdef HAVE_PRIV_SET + /* Only free the first instance of privs/limitprivs. */ + if (cs->privs != privs) { + privs = cs->privs; + efree(cs->privs); + } + if (cs->limitprivs != limitprivs) { + limitprivs = cs->limitprivs; + efree(cs->limitprivs); + } +#endif /* HAVE_PRIV_SET */ + /* Only free the first instance of runas user/group lists. */ + if (cs->runasuserlist && cs->runasuserlist != runasuserlist) { + runasuserlist = cs->runasuserlist; + TAILQ_FOREACH_SAFE(m, runasuserlist, entries, m_next) { efree(m->name); efree(m); } + efree(runasuserlist); } - if (tq_last(&cs->runasgrouplist) != runasgroup) { - runasgroup = tq_last(&cs->runasgrouplist); - while ((m = tq_pop(&cs->runasgrouplist)) != NULL) { + if (cs->runasgrouplist && cs->runasgrouplist != runasgrouplist) { + runasgrouplist = cs->runasgrouplist; + TAILQ_FOREACH_SAFE(m, runasgrouplist, entries, m_next) { efree(m->name); efree(m); } + efree(runasgrouplist); } if (cs->cmnd->type == COMMAND) { - c = (struct sudo_command *) cs->cmnd->name; + struct sudo_command *c = + (struct sudo_command *) cs->cmnd->name; efree(c->cmnd); efree(c->args); } @@ -791,27 +915,31 @@ init_parser(const char *path, int quiet) } efree(us); } - tq_init(&userspecs); + TAILQ_INIT(&userspecs); binding = NULL; - while ((d = tq_pop(&defaults)) != NULL) { - if (tq_last(&d->binding) != binding) { - binding = tq_last(&d->binding); - while ((m = tq_pop(&d->binding)) != NULL) { + TAILQ_FOREACH_SAFE(d, &defaults, entries, d_next) { + if (d->binding != binding) { + struct member *m, *m_next; + + binding = d->binding; + TAILQ_FOREACH_SAFE(m, d->binding, entries, m_next) { if (m->type == COMMAND) { - c = (struct sudo_command *) m->name; + struct sudo_command *c = + (struct sudo_command *) m->name; efree(c->cmnd); efree(c->args); } efree(m->name); efree(m); } + efree(d->binding); } efree(d->var); efree(d->val); efree(d); } - tq_init(&defaults); + TAILQ_INIT(&defaults); init_aliases(); @@ -827,7 +955,7 @@ init_parser(const char *path, int quiet) debug_return; } -#line 778 "gram.c" +#line 906 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ #if defined(__cplusplus) || defined(__STDC__) static int yygrowstack(void) @@ -835,7 +963,8 @@ static int yygrowstack(void) static int yygrowstack() #endif { - int newsize, i; + unsigned int newsize; + long sslen; short *newss; YYSTYPE *newvs; @@ -845,28 +974,30 @@ static int yygrowstack() return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; - i = yyssp - yyss; #ifdef SIZE_MAX #define YY_SIZE_MAX SIZE_MAX #else -#define YY_SIZE_MAX 0x7fffffff +#ifdef __STDC__ +#define YY_SIZE_MAX 0xffffffffU +#else +#define YY_SIZE_MAX (unsigned int)0xffffffff #endif - if (!newsize || YY_SIZE_MAX / newsize < sizeof *newss) +#endif + if (YY_SIZE_MAX / newsize < sizeof *newss) goto bail; + sslen = yyssp - yyss; newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) : (short *)malloc(newsize * sizeof *newss); /* overflow check above */ if (newss == NULL) goto bail; yyss = newss; - yyssp = newss + i; - if (!newsize || YY_SIZE_MAX / newsize < sizeof *newvs) - goto bail; + yyssp = newss + sslen; newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) : (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */ if (newvs == NULL) goto bail; yyvs = newvs; - yyvsp = newvs + i; + yyvsp = newvs + sslen; yystacksize = newsize; yysslim = yyss + newsize - 1; return 0; @@ -1033,233 +1164,251 @@ yyreduce: switch (yyn) { case 1: -#line 192 "gram.y" +#line 182 "gram.y" { ; } break; case 5: -#line 200 "gram.y" +#line 190 "gram.y" { ; } break; case 6: -#line 203 "gram.y" +#line 193 "gram.y" { yyerrok; } break; case 7: -#line 206 "gram.y" +#line 196 "gram.y" { add_userspec(yyvsp[-1].member, yyvsp[0].privilege); } break; case 8: -#line 209 "gram.y" +#line 199 "gram.y" { ; } break; case 9: -#line 212 "gram.y" +#line 202 "gram.y" { ; } break; case 10: -#line 215 "gram.y" +#line 205 "gram.y" { ; } break; case 11: -#line 218 "gram.y" +#line 208 "gram.y" { ; } break; case 12: -#line 221 "gram.y" +#line 211 "gram.y" { add_defaults(DEFAULTS, NULL, yyvsp[0].defaults); } break; case 13: -#line 224 "gram.y" +#line 214 "gram.y" { add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults); } break; case 14: -#line 227 "gram.y" +#line 217 "gram.y" { add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults); } break; case 15: -#line 230 "gram.y" +#line 220 "gram.y" { add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults); } break; case 16: -#line 233 "gram.y" +#line 223 "gram.y" { add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults); } break; case 18: -#line 239 "gram.y" +#line 229 "gram.y" { - list_append(yyvsp[-2].defaults, yyvsp[0].defaults); + HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries); yyval.defaults = yyvsp[-2].defaults; } break; case 19: -#line 245 "gram.y" +#line 235 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, true); } break; case 20: -#line 248 "gram.y" +#line 238 "gram.y" { yyval.defaults = new_default(yyvsp[0].string, NULL, false); } break; case 21: -#line 251 "gram.y" +#line 241 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); } break; case 22: -#line 254 "gram.y" +#line 244 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); } break; case 23: -#line 257 "gram.y" +#line 247 "gram.y" { yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); } break; case 25: -#line 263 "gram.y" +#line 253 "gram.y" { - list_append(yyvsp[-2].privilege, yyvsp[0].privilege); + HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries); yyval.privilege = yyvsp[-2].privilege; } break; case 26: -#line 269 "gram.y" +#line 259 "gram.y" { struct privilege *p = ecalloc(1, sizeof(*p)); - list2tq(&p->hostlist, yyvsp[-2].member); - list2tq(&p->cmndlist, yyvsp[0].cmndspec); - p->prev = p; - /* p->next = NULL; */ + HLTQ_TO_TAILQ(&p->hostlist, yyvsp[-2].member, entries); + HLTQ_TO_TAILQ(&p->cmndlist, yyvsp[0].cmndspec, entries); + HLTQ_INIT(p, entries); yyval.privilege = p; } break; case 27: -#line 279 "gram.y" +#line 268 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; case 28: -#line 283 "gram.y" +#line 272 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; case 29: -#line 289 "gram.y" +#line 278 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; case 30: -#line 292 "gram.y" +#line 281 "gram.y" { yyval.member = new_member(NULL, ALL); } break; case 31: -#line 295 "gram.y" +#line 284 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; case 32: -#line 298 "gram.y" +#line 287 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); } break; case 33: -#line 301 "gram.y" +#line 290 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; case 35: -#line 307 "gram.y" +#line 296 "gram.y" { - list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec); + struct cmndspec *prev; + prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); + HLTQ_CONCAT(yyvsp[-2].cmndspec, yyvsp[0].cmndspec, entries); #ifdef HAVE_SELINUX /* propagate role and type */ if (yyvsp[0].cmndspec->role == NULL) - yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role; + yyvsp[0].cmndspec->role = prev->role; if (yyvsp[0].cmndspec->type == NULL) - yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type; + yyvsp[0].cmndspec->type = prev->type; #endif /* HAVE_SELINUX */ +#ifdef HAVE_PRIV_SET + /* propagate privs & limitprivs */ + if (yyvsp[0].cmndspec->privs == NULL) + yyvsp[0].cmndspec->privs = prev->privs; + if (yyvsp[0].cmndspec->limitprivs == NULL) + yyvsp[0].cmndspec->limitprivs = prev->limitprivs; +#endif /* HAVE_PRIV_SET */ /* propagate tags and runas list */ if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC) - yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd; + yyvsp[0].cmndspec->tags.nopasswd = prev->tags.nopasswd; if (yyvsp[0].cmndspec->tags.noexec == UNSPEC) - yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec; + yyvsp[0].cmndspec->tags.noexec = prev->tags.noexec; if (yyvsp[0].cmndspec->tags.setenv == UNSPEC && - yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED) - yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv; + prev->tags.setenv != IMPLIED) + yyvsp[0].cmndspec->tags.setenv = prev->tags.setenv; if (yyvsp[0].cmndspec->tags.log_input == UNSPEC) - yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input; + yyvsp[0].cmndspec->tags.log_input = prev->tags.log_input; if (yyvsp[0].cmndspec->tags.log_output == UNSPEC) - yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output; - if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) && - tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) && - (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) || - !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) { - yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist; - yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist; + yyvsp[0].cmndspec->tags.log_output = prev->tags.log_output; + if ((yyvsp[0].cmndspec->runasuserlist == NULL && + yyvsp[0].cmndspec->runasgrouplist == NULL) && + (prev->runasuserlist != NULL || + prev->runasgrouplist != NULL)) { + yyvsp[0].cmndspec->runasuserlist = prev->runasuserlist; + yyvsp[0].cmndspec->runasgrouplist = prev->runasgrouplist; } yyval.cmndspec = yyvsp[-2].cmndspec; } break; case 36: -#line 339 "gram.y" +#line 337 "gram.y" { struct cmndspec *cs = ecalloc(1, sizeof(*cs)); - if (yyvsp[-3].runas != NULL) { - list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers); - list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups); - efree(yyvsp[-3].runas); - } else { - tq_init(&cs->runasuserlist); - tq_init(&cs->runasgrouplist); + if (yyvsp[-4].runas != NULL) { + if (yyvsp[-4].runas->runasusers != NULL) { + cs->runasuserlist = + emalloc(sizeof(*cs->runasuserlist)); + HLTQ_TO_TAILQ(cs->runasuserlist, + yyvsp[-4].runas->runasusers, entries); + } + if (yyvsp[-4].runas->runasgroups != NULL) { + cs->runasgrouplist = + emalloc(sizeof(*cs->runasgrouplist)); + HLTQ_TO_TAILQ(cs->runasgrouplist, + yyvsp[-4].runas->runasgroups, entries); + } + efree(yyvsp[-4].runas); } #ifdef HAVE_SELINUX - cs->role = yyvsp[-2].seinfo.role; - cs->type = yyvsp[-2].seinfo.type; + cs->role = yyvsp[-3].seinfo.role; + cs->type = yyvsp[-3].seinfo.type; #endif +#ifdef HAVE_PRIV_SET + cs->privs = yyvsp[-2].privinfo.privs; + cs->limitprivs = yyvsp[-2].privinfo.limitprivs; +#endif cs->tags = yyvsp[-1].tag; cs->cmnd = yyvsp[0].member; - cs->prev = cs; - cs->next = NULL; + HLTQ_INIT(cs, entries); /* sudo "ALL" implies the SETENV tag */ if (cs->cmnd->type == ALL && !cs->cmnd->negated && cs->tags.setenv == UNSPEC) @@ -1268,183 +1417,285 @@ case 36: } break; case 37: -#line 365 "gram.y" +#line 373 "gram.y" { + yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); + } +break; +case 38: +#line 376 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); + } +break; +case 39: +#line 379 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); + } +break; +case 40: +#line 382 "gram.y" +{ + yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); + } +break; +case 41: +#line 387 "gram.y" +{ yyval.member = yyvsp[0].member; + } +break; +case 42: +#line 390 "gram.y" +{ + /* XXX - yuck */ + struct sudo_command *c = (struct sudo_command *)(yyvsp[0].member->name); + c->digest = yyvsp[-1].digest; + yyval.member = yyvsp[0].member; + } +break; +case 43: +#line 398 "gram.y" +{ + yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 38: -#line 369 "gram.y" +case 44: +#line 402 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 39: -#line 375 "gram.y" +case 45: +#line 408 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 40: -#line 380 "gram.y" +case 46: +#line 413 "gram.y" { yyval.string = yyvsp[0].string; } break; -case 41: -#line 385 "gram.y" +case 47: +#line 418 "gram.y" { yyval.seinfo.role = NULL; yyval.seinfo.type = NULL; } break; -case 42: -#line 389 "gram.y" +case 48: +#line 422 "gram.y" { yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.type = NULL; } break; -case 43: -#line 393 "gram.y" +case 49: +#line 426 "gram.y" { yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.role = NULL; } break; -case 44: -#line 397 "gram.y" +case 50: +#line 430 "gram.y" { yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.type = yyvsp[0].string; } break; -case 45: -#line 401 "gram.y" +case 51: +#line 434 "gram.y" { yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.role = yyvsp[0].string; } break; -case 46: -#line 407 "gram.y" +case 52: +#line 440 "gram.y" { + yyval.string = yyvsp[0].string; + } +break; +case 53: +#line 444 "gram.y" +{ + yyval.string = yyvsp[0].string; + } +break; +case 54: +#line 449 "gram.y" +{ + yyval.privinfo.privs = NULL; + yyval.privinfo.limitprivs = NULL; + } +break; +case 55: +#line 453 "gram.y" +{ + yyval.privinfo.privs = yyvsp[0].string; + yyval.privinfo.limitprivs = NULL; + } +break; +case 56: +#line 457 "gram.y" +{ + yyval.privinfo.privs = NULL; + yyval.privinfo.limitprivs = yyvsp[0].string; + } +break; +case 57: +#line 461 "gram.y" +{ + yyval.privinfo.privs = yyvsp[-1].string; + yyval.privinfo.limitprivs = yyvsp[0].string; + } +break; +case 58: +#line 465 "gram.y" +{ + yyval.privinfo.limitprivs = yyvsp[-1].string; + yyval.privinfo.privs = yyvsp[0].string; + } +break; +case 59: +#line 471 "gram.y" +{ yyval.runas = NULL; } break; -case 47: -#line 410 "gram.y" +case 60: +#line 474 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; -case 48: -#line 415 "gram.y" +case 61: +#line 479 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); + yyval.runas->runasusers = new_member(NULL, MYSELF); + /* $$->runasgroups = NULL; */ + } +break; +case 62: +#line 484 "gram.y" +{ + yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[0].member; /* $$->runasgroups = NULL; */ } break; -case 49: -#line 420 "gram.y" +case 63: +#line 489 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas->runasusers = yyvsp[-2].member; yyval.runas->runasgroups = yyvsp[0].member; } break; -case 50: -#line 425 "gram.y" +case 64: +#line 494 "gram.y" { yyval.runas = ecalloc(1, sizeof(struct runascontainer)); /* $$->runasusers = NULL; */ yyval.runas->runasgroups = yyvsp[0].member; } break; -case 51: -#line 432 "gram.y" +case 65: +#line 499 "gram.y" { + yyval.runas = ecalloc(1, sizeof(struct runascontainer)); + yyval.runas->runasusers = new_member(NULL, MYSELF); + /* $$->runasgroups = NULL; */ + } +break; +case 66: +#line 506 "gram.y" +{ yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.log_input = yyval.tag.log_output = UNSPEC; } break; -case 52: -#line 436 "gram.y" +case 67: +#line 510 "gram.y" { yyval.tag.nopasswd = true; } break; -case 53: -#line 439 "gram.y" +case 68: +#line 513 "gram.y" { yyval.tag.nopasswd = false; } break; -case 54: -#line 442 "gram.y" +case 69: +#line 516 "gram.y" { yyval.tag.noexec = true; } break; -case 55: -#line 445 "gram.y" +case 70: +#line 519 "gram.y" { yyval.tag.noexec = false; } break; -case 56: -#line 448 "gram.y" +case 71: +#line 522 "gram.y" { yyval.tag.setenv = true; } break; -case 57: -#line 451 "gram.y" +case 72: +#line 525 "gram.y" { yyval.tag.setenv = false; } break; -case 58: -#line 454 "gram.y" +case 73: +#line 528 "gram.y" { yyval.tag.log_input = true; } break; -case 59: -#line 457 "gram.y" +case 74: +#line 531 "gram.y" { yyval.tag.log_input = false; } break; -case 60: -#line 460 "gram.y" +case 75: +#line 534 "gram.y" { yyval.tag.log_output = true; } break; -case 61: -#line 463 "gram.y" +case 76: +#line 537 "gram.y" { yyval.tag.log_output = false; } break; -case 62: -#line 468 "gram.y" +case 77: +#line 542 "gram.y" { yyval.member = new_member(NULL, ALL); } break; -case 63: -#line 471 "gram.y" +case 78: +#line 545 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; -case 64: -#line 474 "gram.y" +case 79: +#line 548 "gram.y" { struct sudo_command *c = ecalloc(1, sizeof(*c)); c->cmnd = yyvsp[0].command.cmnd; @@ -1452,151 +1703,151 @@ case 64: yyval.member = new_member((char *)c, COMMAND); } break; -case 67: -#line 486 "gram.y" +case 82: +#line 560 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 69: -#line 496 "gram.y" +case 84: +#line 570 "gram.y" { - list_append(yyvsp[-2].member, yyvsp[0].member); + HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 72: -#line 506 "gram.y" +case 87: +#line 580 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 74: -#line 516 "gram.y" +case 89: +#line 590 "gram.y" { - list_append(yyvsp[-2].member, yyvsp[0].member); + HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 77: -#line 526 "gram.y" +case 92: +#line 600 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 80: -#line 539 "gram.y" +case 95: +#line 613 "gram.y" { char *s; if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { - yyerror(s); + sudoerserror(s); YYERROR; } } break; -case 82: -#line 549 "gram.y" +case 97: +#line 623 "gram.y" { - list_append(yyvsp[-2].member, yyvsp[0].member); + HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 83: -#line 555 "gram.y" +case 98: +#line 629 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 84: -#line 559 "gram.y" +case 99: +#line 633 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 85: -#line 565 "gram.y" +case 100: +#line 639 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; -case 86: -#line 568 "gram.y" +case 101: +#line 642 "gram.y" { yyval.member = new_member(NULL, ALL); } break; -case 87: -#line 571 "gram.y" +case 102: +#line 645 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); } break; -case 88: -#line 574 "gram.y" +case 103: +#line 648 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); } break; -case 89: -#line 577 "gram.y" +case 104: +#line 651 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; -case 91: -#line 583 "gram.y" +case 106: +#line 657 "gram.y" { - list_append(yyvsp[-2].member, yyvsp[0].member); + HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 92: -#line 589 "gram.y" +case 107: +#line 663 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 93: -#line 593 "gram.y" +case 108: +#line 667 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 94: -#line 599 "gram.y" +case 109: +#line 673 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); } break; -case 95: -#line 602 "gram.y" +case 110: +#line 676 "gram.y" { yyval.member = new_member(NULL, ALL); } break; -case 96: -#line 605 "gram.y" +case 111: +#line 679 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); } break; -#line 1547 "gram.c" +#line 1798 "gram.c" } yyssp -= yym; yystate = *yyssp;