|
version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.5, 2014/06/15 16:12:54
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 1996, 1998-2000, 2004, 2007-2011 | * Copyright (c) 1996, 1998-2000, 2004, 2007-2014 |
| * Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
|
Line 15
|
Line 15
|
| * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| */ |
*/ |
| |
|
| #ifndef _SUDO_PARSE_H | #ifndef _SUDOERS_PARSE_H |
| #define _SUDO_PARSE_H | #define _SUDOERS_PARSE_H |
| |
|
| #undef UNSPEC |
#undef UNSPEC |
| #define UNSPEC -1 |
#define UNSPEC -1 |
|
Line 27
|
Line 27
|
| #undef IMPLIED |
#undef IMPLIED |
| #define IMPLIED 2 |
#define IMPLIED 2 |
| |
|
| |
#define SUDO_DIGEST_SHA224 0 |
| |
#define SUDO_DIGEST_SHA256 1 |
| |
#define SUDO_DIGEST_SHA384 2 |
| |
#define SUDO_DIGEST_SHA512 3 |
| |
#define SUDO_DIGEST_INVALID 4 |
| |
|
| |
struct sudo_digest { |
| |
unsigned int digest_type; |
| |
char *digest_str; |
| |
}; |
| |
|
| /* |
/* |
| * A command with args. XXX - merge into struct member. | * A command with option args and digest. |
| | * XXX - merge into struct member |
| */ |
*/ |
| struct sudo_command { |
struct sudo_command { |
| char *cmnd; |
char *cmnd; |
| char *args; |
char *args; |
| |
struct sudo_digest *digest; |
| }; |
}; |
| |
|
| /* |
/* |
| * Tags associated with a command. |
* Tags associated with a command. |
| * Possible values: true, false, UNSPEC. | * Possible values: true, false, IMPLIED, UNSPEC. |
| */ |
*/ |
| struct cmndtag { |
struct cmndtag { |
| __signed int nopasswd: 3; | signed int nopasswd: 3; |
| __signed int noexec: 3; | signed int noexec: 3; |
| __signed int setenv: 3; | signed int setenv: 3; |
| __signed int log_input: 3; | signed int log_input: 3; |
| __signed int log_output: 3; | signed int log_output: 3; |
| }; |
}; |
| |
|
| /* |
/* |
|
Line 57 struct selinux_info {
|
Line 70 struct selinux_info {
|
| }; |
}; |
| |
|
| /* |
/* |
| * The parses sudoers file is stored as a collection of linked lists, | * Solaris privileges container struct |
| | * Currently just contains permitted and limit privileges. |
| | * It could have PFEXEC and PRIV_AWARE flags added in the future. |
| | */ |
| | struct solaris_privs_info { |
| | char *privs; |
| | char *limitprivs; |
| | }; |
| | |
| | /* |
| | * The parsed sudoers file is stored as a collection of linked lists, |
| * modelled after the yacc grammar. |
* modelled after the yacc grammar. |
| * |
* |
| * Other than the alias struct, which is stored in a red-black tree, |
* Other than the alias struct, which is stored in a red-black tree, |
| * the data structure used is basically a doubly-linked tail queue without | * the data structure used is a doubly-linked tail queue. While sudoers |
| * a separate head struct--the first entry acts as the head where the prev | * is being parsed, a headless tail queue is used where the first entry |
| * pointer does double duty as the tail pointer. This makes it possible | * acts as the head and the prev pointer does double duty as the tail pointer. |
| * to trivally append sub-lists. In addition, the prev pointer is always | * This makes it possible to trivally append sub-lists. In addition, the prev |
| * valid (even if it points to itself). Unlike a circle queue, the next | * pointer is always valid (even if it points to itself). Unlike a circle |
| * pointer of the last entry is NULL and does not point back to the head. | * queue, the next pointer of the last entry is NULL and does not point back |
| * | * to the head. When the tail queue is finalized, it is converted to a |
| * Note that each list struct must contain a "prev" and "next" pointer as | * normal BSD tail queue. |
| * the first two members of the struct (in that order). | |
| */ |
*/ |
| |
|
| /* |
/* |
| * Tail queue list head structure. |
* Tail queue list head structure. |
| */ |
*/ |
| TQ_DECLARE(defaults) | TAILQ_HEAD(defaults_list, defaults); |
| TQ_DECLARE(userspec) | TAILQ_HEAD(userspec_list, userspec); |
| TQ_DECLARE(member) | TAILQ_HEAD(member_list, member); |
| TQ_DECLARE(privilege) | TAILQ_HEAD(privilege_list, privilege); |
| TQ_DECLARE(cmndspec) | TAILQ_HEAD(cmndspec_list, cmndspec); |
| |
|
| /* |
/* |
| * Structure describing a user specification and list thereof. |
* Structure describing a user specification and list thereof. |
| */ |
*/ |
| struct userspec { |
struct userspec { |
| struct userspec *prev, *next; | TAILQ_ENTRY(userspec) entries; |
| struct member_list users; /* list of users */ |
struct member_list users; /* list of users */ |
| struct privilege_list privileges; /* list of privileges */ |
struct privilege_list privileges; /* list of privileges */ |
| }; |
}; |
|
Line 94 struct userspec {
|
Line 116 struct userspec {
|
| * Structure describing a privilege specification. |
* Structure describing a privilege specification. |
| */ |
*/ |
| struct privilege { |
struct privilege { |
| struct privilege *prev, *next; | TAILQ_ENTRY(privilege) entries; |
| struct member_list hostlist; /* list of hosts */ |
struct member_list hostlist; /* list of hosts */ |
| struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ |
struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ |
| }; |
}; |
|
Line 103 struct privilege {
|
Line 125 struct privilege {
|
| * Structure describing a linked list of Cmnd_Specs. |
* Structure describing a linked list of Cmnd_Specs. |
| */ |
*/ |
| struct cmndspec { |
struct cmndspec { |
| struct cmndspec *prev, *next; | TAILQ_ENTRY(cmndspec) entries; |
| struct member_list runasuserlist; /* list of runas users */ | struct member_list *runasuserlist; /* list of runas users */ |
| struct member_list runasgrouplist; /* list of runas groups */ | struct member_list *runasgrouplist; /* list of runas groups */ |
| struct member *cmnd; /* command to allow/deny */ |
struct member *cmnd; /* command to allow/deny */ |
| struct cmndtag tags; /* tag specificaion */ |
struct cmndtag tags; /* tag specificaion */ |
| #ifdef HAVE_SELINUX |
#ifdef HAVE_SELINUX |
| char *role, *type; /* SELinux role and type */ |
char *role, *type; /* SELinux role and type */ |
| #endif |
#endif |
| |
#ifdef HAVE_PRIV_SET |
| |
char *privs, *limitprivs; /* Solaris privilege sets */ |
| |
#endif |
| }; |
}; |
| |
|
| /* |
/* |
| * Generic structure to hold users, hosts, commands. |
* Generic structure to hold users, hosts, commands. |
| */ |
*/ |
| struct member { |
struct member { |
| struct member *prev, *next; | TAILQ_ENTRY(member) entries; |
| char *name; /* member name */ |
char *name; /* member name */ |
| short type; /* type (see gram.h) */ |
short type; /* type (see gram.h) */ |
| short negated; /* negated via '!'? */ |
short negated; /* negated via '!'? */ |
|
Line 135 struct runascontainer {
|
Line 160 struct runascontainer {
|
| struct alias { |
struct alias { |
| char *name; /* alias name */ |
char *name; /* alias name */ |
| unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ |
unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ |
| unsigned short seqno; /* sequence number */ | bool used; /* "use bool used; /* "used" flag for cycle detection */ |
| struct member_list members; /* list of alias members */ |
struct member_list members; /* list of alias members */ |
| }; |
}; |
| |
|
|
Line 143 struct alias {
|
Line 168 struct alias {
|
| * Structure describing a Defaults entry and a list thereof. |
* Structure describing a Defaults entry and a list thereof. |
| */ |
*/ |
| struct defaults { |
struct defaults { |
| struct defaults *prev, *next; | TAILQ_ENTRY(defaults) entries; |
| char *var; /* variable name */ |
char *var; /* variable name */ |
| char *val; /* variable value */ |
char *val; /* variable value */ |
| struct member_list binding; /* user/host/runas binding */ | struct member_list *binding; /* user/host/runas binding */ |
| int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ |
int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ |
| int op; /* true, false, '+', '-' */ |
int op; /* true, false, '+', '-' */ |
| }; |
}; |
|
Line 157 struct defaults {
|
Line 182 struct defaults {
|
| extern struct userspec_list userspecs; |
extern struct userspec_list userspecs; |
| extern struct defaults_list defaults; |
extern struct defaults_list defaults; |
| |
|
| /* | /* alias.c */ |
| * Alias sequence number to avoid loops. | |
| */ | |
| extern unsigned int alias_seqno; | |
| |
| /* | |
| * Prototypes | |
| */ | |
| char *alias_add(char *, int, struct member *); | |
| bool addr_matches(char *); | |
| int cmnd_matches(struct member *); | |
| int cmndlist_matches(struct member_list *); | |
| bool command_matches(char *, char *); | |
| int hostlist_matches(struct member_list *); | |
| bool hostname_matches(char *, char *, char *); | |
| bool netgr_matches(char *, char *, char *, char *); | |
| bool no_aliases(void); |
bool no_aliases(void); |
| int runaslist_matches(struct member_list *, struct member_list *); | char *alias_add(char *name, int type, struct member *members); |
| int userlist_matches(struct passwd *, struct member_list *); | int alias_compare(const void *a1, const void *a2); |
| bool usergr_matches(char *, char *, struct passwd *); | struct alias *alias_get(char *name, int type); |
| bool userpw_matches(char *, char *, struct passwd *); | struct alias *alias_remove(char *name, int type); |
| bool group_matches(char *, struct group *); | void alias_apply(int (*func)(void *, void *), void *cookie); |
| struct alias *alias_find(char *, int); | void alias_free(void *a); |
| struct alias *alias_remove(char *, int); | void alias_put(struct alias *a); |
| void alias_free(void *); | |
| void alias_apply(int (*)(void *, void *), void *); | |
| void init_aliases(void); |
void init_aliases(void); |
| |
|
| |
/* gram.c */ |
| |
void init_parser(const char *, bool); |
| |
|
| |
/* match_addr.c */ |
| |
bool addr_matches(char *n); |
| |
|
| |
/* match.c */ |
| |
bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest); |
| |
bool group_matches(const char *sudoers_group, const struct group *gr); |
| |
bool hostname_matches(const char *shost, const char *lhost, const char *pattern); |
| |
bool netgr_matches(const char *netgr, const char *lhost, const char *shost, const char *user); |
| |
bool usergr_matches(const char *group, const char *user, const struct passwd *pw); |
| |
bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw); |
| |
int cmnd_matches(const struct member *m); |
| |
int cmndlist_matches(const struct member_list *list); |
| |
int hostlist_matches(const struct member_list *list); |
| |
int runaslist_matches(const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group); |
| |
int userlist_matches(const struct passwd *pw, const struct member_list *list); |
| |
|
| |
/* toke.c */ |
| void init_lexer(void); |
void init_lexer(void); |
| void init_parser(const char *, int); |
|
| int alias_compare(const void *, const void *); |
|
| |
|
| #endif /* _SUDO_PARSE_H */ | /* hexchar.c */ |
| | int hexchar(const char *s); |
| | |
| | /* base64.c */ |
| | size_t base64_decode(const char *str, unsigned char *dst, size_t dsize); |
| | |
| | #endif /* _SUDOERS_PARSE_H */ |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to parse.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers