Return to parse.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers |
1.1 ! misho 1: /* ! 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2011 ! 3: * Todd C. Miller <Todd.Miller@courtesan.com> ! 4: * ! 5: * Permission to use, copy, modify, and distribute this software for any ! 6: * purpose with or without fee is hereby granted, provided that the above ! 7: * copyright notice and this permission notice appear in all copies. ! 8: * ! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ! 16: */ ! 17: ! 18: #ifndef _SUDO_PARSE_H ! 19: #define _SUDO_PARSE_H ! 20: ! 21: #undef UNSPEC ! 22: #define UNSPEC -1 ! 23: #undef DENY ! 24: #define DENY 0 ! 25: #undef ALLOW ! 26: #define ALLOW 1 ! 27: #undef IMPLIED ! 28: #define IMPLIED 2 ! 29: ! 30: /* ! 31: * A command with args. XXX - merge into struct member. ! 32: */ ! 33: struct sudo_command { ! 34: char *cmnd; ! 35: char *args; ! 36: }; ! 37: ! 38: /* ! 39: * Tags associated with a command. ! 40: * Possible valus: TRUE, FALSE, UNSPEC. ! 41: */ ! 42: struct cmndtag { ! 43: __signed int nopasswd: 3; ! 44: __signed int noexec: 3; ! 45: __signed int setenv: 3; ! 46: __signed int log_input: 3; ! 47: __signed int log_output: 3; ! 48: }; ! 49: ! 50: /* ! 51: * SELinux-specific container struct. ! 52: * Currently just contains a role and type. ! 53: */ ! 54: struct selinux_info { ! 55: char *role; ! 56: char *type; ! 57: }; ! 58: ! 59: /* ! 60: * The parses sudoers file is stored as a collection of linked lists, ! 61: * modelled after the yacc grammar. ! 62: * ! 63: * Other than the alias struct, which is stored in a red-black tree, ! 64: * the data structure used is basically a doubly-linked tail queue without ! 65: * a separate head struct--the first entry acts as the head where the prev ! 66: * pointer does double duty as the tail pointer. This makes it possible ! 67: * to trivally append sub-lists. In addition, the prev pointer is always ! 68: * valid (even if it points to itself). Unlike a circle queue, the next ! 69: * pointer of the last entry is NULL and does not point back to the head. ! 70: * ! 71: * Note that each list struct must contain a "prev" and "next" pointer as ! 72: * the first two members of the struct (in that order). ! 73: */ ! 74: ! 75: /* ! 76: * Tail queue list head structure. ! 77: */ ! 78: TQ_DECLARE(defaults) ! 79: TQ_DECLARE(userspec) ! 80: TQ_DECLARE(member) ! 81: TQ_DECLARE(privilege) ! 82: TQ_DECLARE(cmndspec) ! 83: ! 84: /* ! 85: * Structure describing a user specification and list thereof. ! 86: */ ! 87: struct userspec { ! 88: struct userspec *prev, *next; ! 89: struct member_list users; /* list of users */ ! 90: struct privilege_list privileges; /* list of privileges */ ! 91: }; ! 92: ! 93: /* ! 94: * Structure describing a privilege specification. ! 95: */ ! 96: struct privilege { ! 97: struct privilege *prev, *next; ! 98: struct member_list hostlist; /* list of hosts */ ! 99: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ ! 100: }; ! 101: ! 102: /* ! 103: * Structure describing a linked list of Cmnd_Specs. ! 104: */ ! 105: struct cmndspec { ! 106: struct cmndspec *prev, *next; ! 107: struct member_list runasuserlist; /* list of runas users */ ! 108: struct member_list runasgrouplist; /* list of runas groups */ ! 109: struct member *cmnd; /* command to allow/deny */ ! 110: struct cmndtag tags; /* tag specificaion */ ! 111: #ifdef HAVE_SELINUX ! 112: char *role, *type; /* SELinux role and type */ ! 113: #endif ! 114: }; ! 115: ! 116: /* ! 117: * Generic structure to hold users, hosts, commands. ! 118: */ ! 119: struct member { ! 120: struct member *prev, *next; ! 121: char *name; /* member name */ ! 122: short type; /* type (see gram.h) */ ! 123: short negated; /* negated via '!'? */ ! 124: }; ! 125: ! 126: struct runascontainer { ! 127: struct member *runasusers; ! 128: struct member *runasgroups; ! 129: }; ! 130: ! 131: /* ! 132: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias ! 133: * Aliases are stored in a red-black tree, sorted by name and type. ! 134: */ ! 135: struct alias { ! 136: char *name; /* alias name */ ! 137: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ ! 138: unsigned short seqno; /* sequence number */ ! 139: struct member_list members; /* list of alias members */ ! 140: }; ! 141: ! 142: /* ! 143: * Structure describing a Defaults entry and a list thereof. ! 144: */ ! 145: struct defaults { ! 146: struct defaults *prev, *next; ! 147: char *var; /* variable name */ ! 148: char *val; /* variable value */ ! 149: struct member_list binding; /* user/host/runas binding */ ! 150: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ ! 151: int op; /* TRUE, FALSE, '+', '-' */ ! 152: }; ! 153: ! 154: /* ! 155: * Parsed sudoers info. ! 156: */ ! 157: extern struct userspec_list userspecs; ! 158: extern struct defaults_list defaults; ! 159: ! 160: /* ! 161: * Alias sequence number to avoid loops. ! 162: */ ! 163: extern unsigned int alias_seqno; ! 164: ! 165: /* ! 166: * Prototypes ! 167: */ ! 168: char *alias_add(char *, int, struct member *); ! 169: int addr_matches(char *); ! 170: int cmnd_matches(struct member *); ! 171: int cmndlist_matches(struct member_list *); ! 172: int command_matches(char *, char *); ! 173: int hostlist_matches(struct member_list *); ! 174: int hostname_matches(char *, char *, char *); ! 175: int netgr_matches(char *, char *, char *, char *); ! 176: int no_aliases(void); ! 177: int runaslist_matches(struct member_list *, struct member_list *); ! 178: int userlist_matches(struct passwd *, struct member_list *); ! 179: int usergr_matches(char *, char *, struct passwd *); ! 180: int userpw_matches(char *, char *, struct passwd *); ! 181: int group_matches(char *, struct group *); ! 182: struct alias *alias_find(char *, int); ! 183: struct alias *alias_remove(char *, int); ! 184: void alias_free(void *); ! 185: void alias_apply(int (*)(void *, void *), void *); ! 186: void init_aliases(void); ! 187: void init_lexer(void); ! 188: void init_parser(const char *, int); ! 189: int alias_compare(const void *, const void *); ! 190: ! 191: #endif /* _SUDO_PARSE_H */