version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 44
|
Line 44
|
#ifdef HAVE_UNISTD_H |
#ifdef HAVE_UNISTD_H |
# include <unistd.h> |
# include <unistd.h> |
#endif /* HAVE_UNISTD_H */ |
#endif /* HAVE_UNISTD_H */ |
|
#ifdef HAVE_INTTYPES_H |
|
# include <inttypes.h> |
|
#endif |
#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) |
#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__) |
# include <alloca.h> |
# include <alloca.h> |
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ |
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */ |
Line 104 yyerror(const char *s)
|
Line 107 yyerror(const char *s)
|
errorlineno = sudolineno; |
errorlineno = sudolineno; |
errorfile = estrdup(sudoers); |
errorfile = estrdup(sudoers); |
} |
} |
if (trace_print != NULL) { | if (sudoers_warnings && s != NULL) { |
LEXTRACE("<*> "); |
LEXTRACE("<*> "); |
} else if (sudoers_warnings && s != NULL) { | #ifndef TRACELEXER |
warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); | if (trace_print == NULL || trace_print == sudoers_trace_print) |
| warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); |
| #endif |
} |
} |
parse_error = true; |
parse_error = true; |
debug_return; |
debug_return; |
Line 123 yyerror(const char *s)
|
Line 128 yyerror(const char *s)
|
struct sudo_command command; |
struct sudo_command command; |
struct cmndtag tag; |
struct cmndtag tag; |
struct selinux_info seinfo; |
struct selinux_info seinfo; |
|
struct solaris_privs_info privinfo; |
char *string; |
char *string; |
int tok; |
int tok; |
} |
} |
Line 161 yyerror(const char *s)
|
Line 167 yyerror(const char *s)
|
%token <tok> ERROR |
%token <tok> ERROR |
%token <tok> TYPE /* SELinux type */ |
%token <tok> TYPE /* SELinux type */ |
%token <tok> ROLE /* SELinux role */ |
%token <tok> ROLE /* SELinux role */ |
|
%token <tok> PRIVS /* Solaris privileges */ |
|
%token <tok> LIMITPRIVS /* Solaris limit privileges */ |
|
%token <tok> MYSELF /* run as myself, not another user */ |
|
|
%type <cmndspec> cmndspec |
%type <cmndspec> cmndspec |
%type <cmndspec> cmndspeclist |
%type <cmndspec> cmndspeclist |
Line 186 yyerror(const char *s)
|
Line 195 yyerror(const char *s)
|
%type <seinfo> selinux |
%type <seinfo> selinux |
%type <string> rolespec |
%type <string> rolespec |
%type <string> typespec |
%type <string> typespec |
|
%type <privinfo> solarisprivs |
|
%type <string> privsspec |
|
%type <string> limitprivsspec |
|
|
%% |
%% |
|
|
Line 313 cmndspeclist : cmndspec
|
Line 325 cmndspeclist : cmndspec
|
if ($3->type == NULL) |
if ($3->type == NULL) |
$3->type = $3->prev->type; |
$3->type = $3->prev->type; |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
|
#ifdef HAVE_PRIV_SET |
|
/* propagate privs & limitprivs */ |
|
if ($3->privs == NULL) |
|
$3->privs = $3->prev->privs; |
|
if ($3->limitprivs == NULL) |
|
$3->limitprivs = $3->prev->limitprivs; |
|
#endif /* HAVE_PRIV_SET */ |
/* propagate tags and runas list */ |
/* propagate tags and runas list */ |
if ($3->tags.nopasswd == UNSPEC) |
if ($3->tags.nopasswd == UNSPEC) |
$3->tags.nopasswd = $3->prev->tags.nopasswd; |
$3->tags.nopasswd = $3->prev->tags.nopasswd; |
Line 336 cmndspeclist : cmndspec
|
Line 355 cmndspeclist : cmndspec
|
} |
} |
; |
; |
|
|
cmndspec : runasspec selinux cmndtag opcmnd { | cmndspec : runasspec selinux solarisprivs cmndtag opcmnd { |
struct cmndspec *cs = ecalloc(1, sizeof(*cs)); |
struct cmndspec *cs = ecalloc(1, sizeof(*cs)); |
if ($1 != NULL) { |
if ($1 != NULL) { |
list2tq(&cs->runasuserlist, $1->runasusers); |
list2tq(&cs->runasuserlist, $1->runasusers); |
Line 350 cmndspec : runasspec selinux cmndtag opcmnd {
|
Line 369 cmndspec : runasspec selinux cmndtag opcmnd {
|
cs->role = $2.role; |
cs->role = $2.role; |
cs->type = $2.type; |
cs->type = $2.type; |
#endif |
#endif |
cs->tags = $3; | #ifdef HAVE_PRIV_SET |
cs->cmnd = $4; | cs->privs = $3.privs; |
| cs->limitprivs = $3.limitprivs; |
| #endif |
| cs->tags = $4; |
| cs->cmnd = $5; |
cs->prev = cs; |
cs->prev = cs; |
cs->next = NULL; |
cs->next = NULL; |
/* sudo "ALL" implies the SETENV tag */ |
/* sudo "ALL" implies the SETENV tag */ |
Line 404 selinux : /* empty */ {
|
Line 427 selinux : /* empty */ {
|
} |
} |
; |
; |
|
|
|
privsspec : PRIVS '=' WORD { |
|
$$ = $3; |
|
} |
|
; |
|
limitprivsspec : LIMITPRIVS '=' WORD { |
|
$$ = $3; |
|
} |
|
; |
|
|
|
solarisprivs : /* empty */ { |
|
$$.privs = NULL; |
|
$$.limitprivs = NULL; |
|
} |
|
| privsspec { |
|
$$.privs = $1; |
|
$$.limitprivs = NULL; |
|
} |
|
| limitprivsspec { |
|
$$.privs = NULL; |
|
$$.limitprivs = $1; |
|
} |
|
| privsspec limitprivsspec { |
|
$$.privs = $1; |
|
$$.limitprivs = $2; |
|
} |
|
| limitprivsspec privsspec { |
|
$$.limitprivs = $1; |
|
$$.privs = $2; |
|
} |
|
|
runasspec : /* empty */ { |
runasspec : /* empty */ { |
$$ = NULL; |
$$ = NULL; |
} |
} |
Line 412 runasspec : /* empty */ {
|
Line 465 runasspec : /* empty */ {
|
} |
} |
; |
; |
|
|
runaslist : userlist { | runaslist : /* empty */ { |
$$ = ecalloc(1, sizeof(struct runascontainer)); |
$$ = ecalloc(1, sizeof(struct runascontainer)); |
|
$$->runasusers = new_member(NULL, MYSELF); |
|
/* $$->runasgroups = NULL; */ |
|
} |
|
| userlist { |
|
$$ = ecalloc(1, sizeof(struct runascontainer)); |
$$->runasusers = $1; |
$$->runasusers = $1; |
/* $$->runasgroups = NULL; */ |
/* $$->runasgroups = NULL; */ |
} |
} |
Line 427 runaslist : userlist {
|
Line 485 runaslist : userlist {
|
/* $$->runasusers = NULL; */ |
/* $$->runasusers = NULL; */ |
$$->runasgroups = $2; |
$$->runasgroups = $2; |
} |
} |
|
| ':' { |
|
$$ = ecalloc(1, sizeof(struct runascontainer)); |
|
$$->runasusers = new_member(NULL, MYSELF); |
|
/* $$->runasgroups = NULL; */ |
|
} |
; |
; |
|
|
cmndtag : /* empty */ { |
cmndtag : /* empty */ { |
Line 696 add_userspec(struct member *members, struct privilege
|
Line 759 add_userspec(struct member *members, struct privilege
|
* the current sudoers file to path. |
* the current sudoers file to path. |
*/ |
*/ |
void |
void |
init_parser(const char *path, int quiet) | init_parser(const char *path, bool quiet) |
{ |
{ |
struct defaults *d; |
struct defaults *d; |
struct member *m, *binding; |
struct member *m, *binding; |
Line 716 init_parser(const char *path, int quiet)
|
Line 779 init_parser(const char *path, int quiet)
|
#ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
char *role = NULL, *type = NULL; |
char *role = NULL, *type = NULL; |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
|
#ifdef HAVE_PRIV_SET |
|
char *privs = NULL, *limitprivs = NULL; |
|
#endif /* HAVE_PRIV_SET */ |
|
|
while ((m = tq_pop(&priv->hostlist)) != NULL) { |
while ((m = tq_pop(&priv->hostlist)) != NULL) { |
efree(m->name); |
efree(m->name); |
Line 733 init_parser(const char *path, int quiet)
|
Line 799 init_parser(const char *path, int quiet)
|
efree(cs->type); |
efree(cs->type); |
} |
} |
#endif /* HAVE_SELINUX */ |
#endif /* HAVE_SELINUX */ |
|
#ifdef HAVE_PRIV_SET |
|
/* Only free the first instance of privs/limitprivs. */ |
|
if (cs->privs != privs) { |
|
privs = cs->privs; |
|
efree(cs->privs); |
|
} |
|
if (cs->limitprivs != limitprivs) { |
|
limitprivs = cs->limitprivs; |
|
efree(cs->limitprivs); |
|
} |
|
#endif /* HAVE_PRIV_SET */ |
if (tq_last(&cs->runasuserlist) != runasuser) { |
if (tq_last(&cs->runasuserlist) != runasuser) { |
runasuser = tq_last(&cs->runasuserlist); |
runasuser = tq_last(&cs->runasuserlist); |
while ((m = tq_pop(&cs->runasuserlist)) != NULL) { |
while ((m = tq_pop(&cs->runasuserlist)) != NULL) { |