embedaddon/sudo/plugins/sudoers/parse.c - diff

Return to parse.c CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers

Diff for /embedaddon/sudo/plugins/sudoers/parse.c between versions 1.1.1.1 and 1.1.1.2

version 1.1.1.1, 2012/02/21 16:23:02	version 1.1.1.2, 2012/05/29 12:26:49
Line 1	Line 1
/*	/*
* Copyright (c) 2004-2005, 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>	* Copyright (c) 2004-2005, 2007-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*	*
* Permission to use, copy, modify, and distribute this software for any	* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above	* purpose with or without fee is hereby granted, provided that the above
Line 70 struct sudo_nss sudo_nss_file = {	Line 70 struct sudo_nss sudo_nss_file = {
*/	*/
extern FILE *yyin;	extern FILE *yyin;
extern char *errorfile;	extern char *errorfile;
extern int errorlineno, parse_error;	extern int errorlineno;
	extern bool parse_error;

/*	/*
* Local prototypes.	* Local prototypes.
Line 81 static int display_bound_defaults(int, struct lbuf *);	Line 82 static int display_bound_defaults(int, struct lbuf *);
int	int
sudo_file_open(struct sudo_nss *nss)	sudo_file_open(struct sudo_nss *nss)
{	{
	debug_decl(sudo_file_open, SUDO_DEBUG_NSS)

if (def_ignore_local_sudoers)	if (def_ignore_local_sudoers)
return -1;	debug_return_int(-1);
nss->handle = open_sudoers(sudoers_file, FALSE, NULL);	nss->handle = open_sudoers(sudoers_file, false, NULL);
return nss->handle ? 0 : -1;	debug_return_int(nss->handle ? 0 : -1);
}	}

int	int
sudo_file_close(struct sudo_nss *nss)	sudo_file_close(struct sudo_nss *nss)
{	{
	debug_decl(sudo_file_close, SUDO_DEBUG_NSS)

/* Free parser data structures and close sudoers file. */	/* Free parser data structures and close sudoers file. */
init_parser(NULL, 0);	init_parser(NULL, 0);
if (nss->handle != NULL) {	if (nss->handle != NULL) {
Line 97 sudo_file_close(struct sudo_nss *nss)	Line 102 sudo_file_close(struct sudo_nss *nss)
nss->handle = NULL;	nss->handle = NULL;
yyin = NULL;	yyin = NULL;
}	}
return 0;	debug_return_int(0);
}	}

/*	/*
Line 106 sudo_file_close(struct sudo_nss *nss)	Line 111 sudo_file_close(struct sudo_nss *nss)
int	int
sudo_file_parse(struct sudo_nss *nss)	sudo_file_parse(struct sudo_nss *nss)
{	{
	debug_decl(sudo_file_close, SUDO_DEBUG_NSS)

if (nss->handle == NULL)	if (nss->handle == NULL)
return -1;	debug_return_int(-1);

init_parser(sudoers_file, 0);	init_parser(sudoers_file, 0);
yyin = nss->handle;	yyin = nss->handle;
if (yyparse() != 0 \|\| parse_error) {	if (yyparse() != 0 \|\| parse_error) {
log_error(NO_EXIT, _("parse error in %s near line %d"),	if (errorlineno != -1) {
errorfile, errorlineno);	log_error(0, _("parse error in %s near line %d"),
return -1;	errorfile, errorlineno);
	} else {
	log_error(0, _("parse error in %s"), errorfile);
	}
	debug_return_int(-1);
}	}
return 0;	debug_return_int(0);
}	}

/*	/*
Line 125 sudo_file_parse(struct sudo_nss *nss)	Line 136 sudo_file_parse(struct sudo_nss *nss)
int	int
sudo_file_setdefs(struct sudo_nss *nss)	sudo_file_setdefs(struct sudo_nss *nss)
{	{
	debug_decl(sudo_file_setdefs, SUDO_DEBUG_NSS)

if (nss->handle == NULL)	if (nss->handle == NULL)
return -1;	debug_return_int(-1);

if (!update_defaults(SETDEF_GENERIC\|SETDEF_HOST\|SETDEF_USER))	if (!update_defaults(SETDEF_GENERIC\|SETDEF_HOST\|SETDEF_USER))
return -1;	debug_return_int(-1);
return 0;	debug_return_int(0);
}	}

/*	/*
Line 145 sudo_file_lookup(struct sudo_nss *nss, int validated,	Line 158 sudo_file_lookup(struct sudo_nss *nss, int validated,
struct cmndtag *tags = NULL;	struct cmndtag *tags = NULL;
struct privilege *priv;	struct privilege *priv;
struct userspec *us;	struct userspec *us;
	debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS)

if (nss->handle == NULL)	if (nss->handle == NULL)
return validated;	debug_return_int(validated);

/*	/*
* Only check the actual command if pwflag is not set.	* Only check the actual command if pwflag is not set.
Line 159 sudo_file_lookup(struct sudo_nss *nss, int validated,	Line 173 sudo_file_lookup(struct sudo_nss *nss, int validated,
enum def_tuple pwcheck;	enum def_tuple pwcheck;

pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;	pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
nopass = (pwcheck == all) ? TRUE : FALSE;	nopass = (pwcheck == all) ? true : false;

if (list_pw == NULL)	if (list_pw == NULL)
SET(validated, FLAG_NO_CHECK);	SET(validated, FLAG_NO_CHECK);
Line 178 sudo_file_lookup(struct sudo_nss *nss, int validated,	Line 192 sudo_file_lookup(struct sudo_nss *nss, int validated,
user_uid == list_pw->pw_uid \|\|	user_uid == list_pw->pw_uid \|\|
cmnd_matches(cs->cmnd) == ALLOW)	cmnd_matches(cs->cmnd) == ALLOW)
match = ALLOW;	match = ALLOW;
if ((pwcheck == any && cs->tags.nopasswd == TRUE) \|\|	if ((pwcheck == any && cs->tags.nopasswd == true) \|\|
(pwcheck == all && cs->tags.nopasswd != TRUE))	(pwcheck == all && cs->tags.nopasswd != true))
nopass = cs->tags.nopasswd;	nopass = cs->tags.nopasswd;
}	}
}	}
Line 191 sudo_file_lookup(struct sudo_nss *nss, int validated,	Line 205 sudo_file_lookup(struct sudo_nss *nss, int validated,
SET(validated, VALIDATE_NOT_OK);	SET(validated, VALIDATE_NOT_OK);
if (pwcheck == always && def_authenticate)	if (pwcheck == always && def_authenticate)
SET(validated, FLAG_CHECK_USER);	SET(validated, FLAG_CHECK_USER);
else if (pwcheck == never \|\| nopass == TRUE)	else if (pwcheck == never \|\| nopass == true)
def_authenticate = FALSE;	def_authenticate = false;
return validated;	debug_return_int(validated);
}	}

/* Need to be runas user while stat'ing things. */	/* Need to be runas user while stat'ing things. */
Line 254 sudo_file_lookup(struct sudo_nss *nss, int validated,	Line 268 sudo_file_lookup(struct sudo_nss *nss, int validated,
def_authenticate = !tags->nopasswd;	def_authenticate = !tags->nopasswd;
}	}
restore_perms();	restore_perms();
return validated;	debug_return_int(validated);
}	}

#define TAG_CHANGED(t) \	#define TAG_CHANGED(t) \
Line 265 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd	Line 279 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd
struct lbuf *lbuf)	struct lbuf *lbuf)
{	{
struct member *m;	struct member *m;
	debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS)

#ifdef HAVE_SELINUX	#ifdef HAVE_SELINUX
if (cs->role)	if (cs->role)
Line 295 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd	Line 310 sudo_file_append_cmnd(struct cmndspec *cs, struct cmnd
m = cs->cmnd;	m = cs->cmnd;
print_member(lbuf, m->name, m->type, m->negated,	print_member(lbuf, m->name, m->type, m->negated,
CMNDALIAS);	CMNDALIAS);
	debug_return;
}	}

static int	static int
Line 306 sudo_file_display_priv_short(struct passwd *pw, struct	Line 322 sudo_file_display_priv_short(struct passwd *pw, struct
struct privilege *priv;	struct privilege *priv;
struct cmndtag tags;	struct cmndtag tags;
int nfound = 0;	int nfound = 0;
	debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS)

tq_foreach_fwd(&us->privileges, priv) {	tq_foreach_fwd(&us->privileges, priv) {
if (hostlist_matches(&priv->hostlist) != ALLOW)	if (hostlist_matches(&priv->hostlist) != ALLOW)
Line 347 sudo_file_display_priv_short(struct passwd *pw, struct	Line 364 sudo_file_display_priv_short(struct passwd *pw, struct
}	}
lbuf_append(lbuf, "\n");	lbuf_append(lbuf, "\n");
}	}
return nfound;	debug_return_int(nfound);
}	}

static int	static int
Line 359 sudo_file_display_priv_long(struct passwd *pw, struct	Line 376 sudo_file_display_priv_long(struct passwd *pw, struct
struct privilege *priv;	struct privilege *priv;
struct cmndtag tags;	struct cmndtag tags;
int nfound = 0;	int nfound = 0;
	debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS)

tq_foreach_fwd(&us->privileges, priv) {	tq_foreach_fwd(&us->privileges, priv) {
if (hostlist_matches(&priv->hostlist) != ALLOW)	if (hostlist_matches(&priv->hostlist) != ALLOW)
Line 400 sudo_file_display_priv_long(struct passwd *pw, struct	Line 418 sudo_file_display_priv_long(struct passwd *pw, struct
nfound++;	nfound++;
}	}
}	}
return nfound;	debug_return_int(nfound);
}	}

int	int
Line 409 sudo_file_display_privs(struct sudo_nss *nss, struct p	Line 427 sudo_file_display_privs(struct sudo_nss *nss, struct p
{	{
struct userspec *us;	struct userspec *us;
int nfound = 0;	int nfound = 0;
	debug_decl(sudo_file_display_priv, SUDO_DEBUG_NSS)

if (nss->handle == NULL)	if (nss->handle == NULL)
goto done;	goto done;
Line 423 sudo_file_display_privs(struct sudo_nss *nss, struct p	Line 442 sudo_file_display_privs(struct sudo_nss *nss, struct p
nfound += sudo_file_display_priv_short(pw, us, lbuf);	nfound += sudo_file_display_priv_short(pw, us, lbuf);
}	}
done:	done:
return nfound;	debug_return_int(nfound);
}	}

/*	/*
Line 436 sudo_file_display_defaults(struct sudo_nss *nss, struc	Line 455 sudo_file_display_defaults(struct sudo_nss *nss, struc
struct defaults *d;	struct defaults *d;
char *prefix;	char *prefix;
int nfound = 0;	int nfound = 0;
	debug_decl(sudo_file_display_defaults, SUDO_DEBUG_NSS)

if (nss->handle == NULL)	if (nss->handle == NULL)
goto done;	goto done;
Line 470 sudo_file_display_defaults(struct sudo_nss *nss, struc	Line 490 sudo_file_display_defaults(struct sudo_nss *nss, struc
lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", d->val);	lbuf_append_quoted(lbuf, SUDOERS_QUOTED, "%s", d->val);
} else	} else
lbuf_append(lbuf, "%s%s%s", prefix,	lbuf_append(lbuf, "%s%s%s", prefix,
d->op == FALSE ? "!" : "", d->var);	d->op == false ? "!" : "", d->var);
prefix = ", ";	prefix = ", ";
nfound++;	nfound++;
}	}
done:	done:
return nfound;	debug_return_int(nfound);
}	}

/*	/*
Line 486 sudo_file_display_bound_defaults(struct sudo_nss *nss,	Line 506 sudo_file_display_bound_defaults(struct sudo_nss *nss,
struct lbuf *lbuf)	struct lbuf *lbuf)
{	{
int nfound = 0;	int nfound = 0;
	debug_decl(sudo_file_display_bound_defaults, SUDO_DEBUG_NSS)

/* XXX - should only print ones that match what the user can do. */	/* XXX - should only print ones that match what the user can do. */
nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf);	nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf);
nfound += display_bound_defaults(DEFAULTS_CMND, lbuf);	nfound += display_bound_defaults(DEFAULTS_CMND, lbuf);

return nfound;	debug_return_int(nfound);
}	}

/*	/*
Line 504 display_bound_defaults(int dtype, struct lbuf *lbuf)	Line 525 display_bound_defaults(int dtype, struct lbuf *lbuf)
struct member m, binding = NULL;	struct member m, binding = NULL;
char *dsep;	char *dsep;
int atype, nfound = 0;	int atype, nfound = 0;
	debug_decl(display_bound_defaults, SUDO_DEBUG_NSS)

switch (dtype) {	switch (dtype) {
case DEFAULTS_HOST:	case DEFAULTS_HOST:
Line 523 display_bound_defaults(int dtype, struct lbuf *lbuf)	Line 545 display_bound_defaults(int dtype, struct lbuf *lbuf)
dsep = "!";	dsep = "!";
break;	break;
default:	default:
return -1;	debug_return_int(-1);
}	}
tq_foreach_fwd(&defaults, d) {	tq_foreach_fwd(&defaults, d) {
if (d->type != dtype)	if (d->type != dtype)
Line 547 display_bound_defaults(int dtype, struct lbuf *lbuf)	Line 569 display_bound_defaults(int dtype, struct lbuf *lbuf)
lbuf_append(lbuf, "%s%s%s", d->var, d->op == '+' ? "+=" :	lbuf_append(lbuf, "%s%s%s", d->var, d->op == '+' ? "+=" :
d->op == '-' ? "-=" : "=", d->val);	d->op == '-' ? "-=" : "=", d->val);
} else	} else
lbuf_append(lbuf, "%s%s", d->op == FALSE ? "!" : "", d->var);	lbuf_append(lbuf, "%s%s", d->op == false ? "!" : "", d->var);
}	}

return nfound;	debug_return_int(nfound);
}	}

int	int
Line 562 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa	Line 584 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa
struct userspec *us;	struct userspec *us;
int rval = 1;	int rval = 1;
int host_match, runas_match, cmnd_match;	int host_match, runas_match, cmnd_match;
	debug_decl(sudo_file_display_cmnd, SUDO_DEBUG_NSS)

if (nss->handle == NULL)	if (nss->handle == NULL)
goto done;	goto done;
Line 595 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa	Line 618 sudo_file_display_cmnd(struct sudo_nss *nss, struct pa
rval = 0;	rval = 0;
}	}
done:	done:
return rval;	debug_return_int(rval);
}	}

/*	/*
Line 608 _print_member(struct lbuf lbuf, char name, int type,	Line 631 _print_member(struct lbuf lbuf, char name, int type,
struct alias *a;	struct alias *a;
struct member *m;	struct member *m;
struct sudo_command *c;	struct sudo_command *c;
	debug_decl(_print_member, SUDO_DEBUG_NSS)

switch (type) {	switch (type) {
case ALL:	case ALL:
Line 638 _print_member(struct lbuf lbuf, char name, int type,	Line 662 _print_member(struct lbuf lbuf, char name, int type,
lbuf_append(lbuf, "%s%s", negated ? "!" : "", name);	lbuf_append(lbuf, "%s%s", negated ? "!" : "", name);
break;	break;
}	}
	debug_return;
}	}

static void	static void

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1.1.1
changed lines
	Added in v.1.1.1.2