Annotation of embedaddon/sudo/plugins/sudoers/parse.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: */
! 17:
! 18: #ifndef _SUDO_PARSE_H
! 19: #define _SUDO_PARSE_H
! 20:
! 21: #undef UNSPEC
! 22: #define UNSPEC -1
! 23: #undef DENY
! 24: #define DENY 0
! 25: #undef ALLOW
! 26: #define ALLOW 1
! 27: #undef IMPLIED
! 28: #define IMPLIED 2
! 29:
! 30: /*
! 31: * A command with args. XXX - merge into struct member.
! 32: */
! 33: struct sudo_command {
! 34: char *cmnd;
! 35: char *args;
! 36: };
! 37:
! 38: /*
! 39: * Tags associated with a command.
! 40: * Possible valus: TRUE, FALSE, UNSPEC.
! 41: */
! 42: struct cmndtag {
! 43: __signed int nopasswd: 3;
! 44: __signed int noexec: 3;
! 45: __signed int setenv: 3;
! 46: __signed int log_input: 3;
! 47: __signed int log_output: 3;
! 48: };
! 49:
! 50: /*
! 51: * SELinux-specific container struct.
! 52: * Currently just contains a role and type.
! 53: */
! 54: struct selinux_info {
! 55: char *role;
! 56: char *type;
! 57: };
! 58:
! 59: /*
! 60: * The parses sudoers file is stored as a collection of linked lists,
! 61: * modelled after the yacc grammar.
! 62: *
! 63: * Other than the alias struct, which is stored in a red-black tree,
! 64: * the data structure used is basically a doubly-linked tail queue without
! 65: * a separate head struct--the first entry acts as the head where the prev
! 66: * pointer does double duty as the tail pointer. This makes it possible
! 67: * to trivally append sub-lists. In addition, the prev pointer is always
! 68: * valid (even if it points to itself). Unlike a circle queue, the next
! 69: * pointer of the last entry is NULL and does not point back to the head.
! 70: *
! 71: * Note that each list struct must contain a "prev" and "next" pointer as
! 72: * the first two members of the struct (in that order).
! 73: */
! 74:
! 75: /*
! 76: * Tail queue list head structure.
! 77: */
! 78: TQ_DECLARE(defaults)
! 79: TQ_DECLARE(userspec)
! 80: TQ_DECLARE(member)
! 81: TQ_DECLARE(privilege)
! 82: TQ_DECLARE(cmndspec)
! 83:
! 84: /*
! 85: * Structure describing a user specification and list thereof.
! 86: */
! 87: struct userspec {
! 88: struct userspec *prev, *next;
! 89: struct member_list users; /* list of users */
! 90: struct privilege_list privileges; /* list of privileges */
! 91: };
! 92:
! 93: /*
! 94: * Structure describing a privilege specification.
! 95: */
! 96: struct privilege {
! 97: struct privilege *prev, *next;
! 98: struct member_list hostlist; /* list of hosts */
! 99: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
! 100: };
! 101:
! 102: /*
! 103: * Structure describing a linked list of Cmnd_Specs.
! 104: */
! 105: struct cmndspec {
! 106: struct cmndspec *prev, *next;
! 107: struct member_list runasuserlist; /* list of runas users */
! 108: struct member_list runasgrouplist; /* list of runas groups */
! 109: struct member *cmnd; /* command to allow/deny */
! 110: struct cmndtag tags; /* tag specificaion */
! 111: #ifdef HAVE_SELINUX
! 112: char *role, *type; /* SELinux role and type */
! 113: #endif
! 114: };
! 115:
! 116: /*
! 117: * Generic structure to hold users, hosts, commands.
! 118: */
! 119: struct member {
! 120: struct member *prev, *next;
! 121: char *name; /* member name */
! 122: short type; /* type (see gram.h) */
! 123: short negated; /* negated via '!'? */
! 124: };
! 125:
! 126: struct runascontainer {
! 127: struct member *runasusers;
! 128: struct member *runasgroups;
! 129: };
! 130:
! 131: /*
! 132: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
! 133: * Aliases are stored in a red-black tree, sorted by name and type.
! 134: */
! 135: struct alias {
! 136: char *name; /* alias name */
! 137: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
! 138: unsigned short seqno; /* sequence number */
! 139: struct member_list members; /* list of alias members */
! 140: };
! 141:
! 142: /*
! 143: * Structure describing a Defaults entry and a list thereof.
! 144: */
! 145: struct defaults {
! 146: struct defaults *prev, *next;
! 147: char *var; /* variable name */
! 148: char *val; /* variable value */
! 149: struct member_list binding; /* user/host/runas binding */
! 150: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
! 151: int op; /* TRUE, FALSE, '+', '-' */
! 152: };
! 153:
! 154: /*
! 155: * Parsed sudoers info.
! 156: */
! 157: extern struct userspec_list userspecs;
! 158: extern struct defaults_list defaults;
! 159:
! 160: /*
! 161: * Alias sequence number to avoid loops.
! 162: */
! 163: extern unsigned int alias_seqno;
! 164:
! 165: /*
! 166: * Prototypes
! 167: */
! 168: char *alias_add(char *, int, struct member *);
! 169: int addr_matches(char *);
! 170: int cmnd_matches(struct member *);
! 171: int cmndlist_matches(struct member_list *);
! 172: int command_matches(char *, char *);
! 173: int hostlist_matches(struct member_list *);
! 174: int hostname_matches(char *, char *, char *);
! 175: int netgr_matches(char *, char *, char *, char *);
! 176: int no_aliases(void);
! 177: int runaslist_matches(struct member_list *, struct member_list *);
! 178: int userlist_matches(struct passwd *, struct member_list *);
! 179: int usergr_matches(char *, char *, struct passwd *);
! 180: int userpw_matches(char *, char *, struct passwd *);
! 181: int group_matches(char *, struct group *);
! 182: struct alias *alias_find(char *, int);
! 183: struct alias *alias_remove(char *, int);
! 184: void alias_free(void *);
! 185: void alias_apply(int (*)(void *, void *), void *);
! 186: void init_aliases(void);
! 187: void init_lexer(void);
! 188: void init_parser(const char *, int);
! 189: int alias_compare(const void *, const void *);
! 190:
! 191: #endif /* _SUDO_PARSE_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>