Annotation of embedaddon/sudo/plugins/sudoers/parse.h, revision 1.1.1.3
1.1 misho 1: /*
2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2011
3: * Todd C. Miller <Todd.Miller@courtesan.com>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: #ifndef _SUDO_PARSE_H
19: #define _SUDO_PARSE_H
20:
21: #undef UNSPEC
22: #define UNSPEC -1
23: #undef DENY
24: #define DENY 0
25: #undef ALLOW
26: #define ALLOW 1
27: #undef IMPLIED
28: #define IMPLIED 2
29:
30: /*
31: * A command with args. XXX - merge into struct member.
32: */
33: struct sudo_command {
34: char *cmnd;
35: char *args;
36: };
37:
38: /*
39: * Tags associated with a command.
1.1.1.2 misho 40: * Possible values: true, false, UNSPEC.
1.1 misho 41: */
42: struct cmndtag {
43: __signed int nopasswd: 3;
44: __signed int noexec: 3;
45: __signed int setenv: 3;
46: __signed int log_input: 3;
47: __signed int log_output: 3;
48: };
49:
50: /*
51: * SELinux-specific container struct.
52: * Currently just contains a role and type.
53: */
54: struct selinux_info {
55: char *role;
56: char *type;
57: };
58:
59: /*
1.1.1.3 ! misho 60: * Solaris privileges container struct
! 61: * Currently just contains permitted and limit privileges.
! 62: * It could have PFEXEC and PRIV_AWARE flags added in the future.
! 63: */
! 64: struct solaris_privs_info {
! 65: char *privs;
! 66: char *limitprivs;
! 67: };
! 68:
! 69: /*
! 70: * The parsed sudoers file is stored as a collection of linked lists,
1.1 misho 71: * modelled after the yacc grammar.
72: *
73: * Other than the alias struct, which is stored in a red-black tree,
74: * the data structure used is basically a doubly-linked tail queue without
75: * a separate head struct--the first entry acts as the head where the prev
76: * pointer does double duty as the tail pointer. This makes it possible
77: * to trivally append sub-lists. In addition, the prev pointer is always
78: * valid (even if it points to itself). Unlike a circle queue, the next
79: * pointer of the last entry is NULL and does not point back to the head.
80: *
81: * Note that each list struct must contain a "prev" and "next" pointer as
82: * the first two members of the struct (in that order).
83: */
84:
85: /*
86: * Tail queue list head structure.
87: */
88: TQ_DECLARE(defaults)
89: TQ_DECLARE(userspec)
90: TQ_DECLARE(member)
91: TQ_DECLARE(privilege)
92: TQ_DECLARE(cmndspec)
93:
94: /*
95: * Structure describing a user specification and list thereof.
96: */
97: struct userspec {
98: struct userspec *prev, *next;
99: struct member_list users; /* list of users */
100: struct privilege_list privileges; /* list of privileges */
101: };
102:
103: /*
104: * Structure describing a privilege specification.
105: */
106: struct privilege {
107: struct privilege *prev, *next;
108: struct member_list hostlist; /* list of hosts */
109: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
110: };
111:
112: /*
113: * Structure describing a linked list of Cmnd_Specs.
114: */
115: struct cmndspec {
116: struct cmndspec *prev, *next;
117: struct member_list runasuserlist; /* list of runas users */
118: struct member_list runasgrouplist; /* list of runas groups */
119: struct member *cmnd; /* command to allow/deny */
120: struct cmndtag tags; /* tag specificaion */
121: #ifdef HAVE_SELINUX
122: char *role, *type; /* SELinux role and type */
123: #endif
1.1.1.3 ! misho 124: #ifdef HAVE_PRIV_SET
! 125: char *privs, *limitprivs; /* Solaris privilege sets */
! 126: #endif
1.1 misho 127: };
128:
129: /*
130: * Generic structure to hold users, hosts, commands.
131: */
132: struct member {
133: struct member *prev, *next;
134: char *name; /* member name */
135: short type; /* type (see gram.h) */
136: short negated; /* negated via '!'? */
137: };
138:
139: struct runascontainer {
140: struct member *runasusers;
141: struct member *runasgroups;
142: };
143:
144: /*
145: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
146: * Aliases are stored in a red-black tree, sorted by name and type.
147: */
148: struct alias {
149: char *name; /* alias name */
150: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
151: unsigned short seqno; /* sequence number */
152: struct member_list members; /* list of alias members */
153: };
154:
155: /*
156: * Structure describing a Defaults entry and a list thereof.
157: */
158: struct defaults {
159: struct defaults *prev, *next;
160: char *var; /* variable name */
161: char *val; /* variable value */
162: struct member_list binding; /* user/host/runas binding */
163: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
1.1.1.2 misho 164: int op; /* true, false, '+', '-' */
1.1 misho 165: };
166:
167: /*
168: * Parsed sudoers info.
169: */
170: extern struct userspec_list userspecs;
171: extern struct defaults_list defaults;
172:
173: /*
174: * Alias sequence number to avoid loops.
175: */
176: extern unsigned int alias_seqno;
177:
178: /*
179: * Prototypes
180: */
181: char *alias_add(char *, int, struct member *);
1.1.1.2 misho 182: bool addr_matches(char *);
1.1 misho 183: int cmnd_matches(struct member *);
184: int cmndlist_matches(struct member_list *);
1.1.1.2 misho 185: bool command_matches(char *, char *);
1.1 misho 186: int hostlist_matches(struct member_list *);
1.1.1.2 misho 187: bool hostname_matches(char *, char *, char *);
188: bool netgr_matches(char *, char *, char *, char *);
189: bool no_aliases(void);
1.1.1.3 ! misho 190: int runaslist_matches(struct member_list *, struct member_list *, struct member **, struct member **);
1.1 misho 191: int userlist_matches(struct passwd *, struct member_list *);
1.1.1.2 misho 192: bool usergr_matches(char *, char *, struct passwd *);
193: bool userpw_matches(char *, char *, struct passwd *);
194: bool group_matches(char *, struct group *);
1.1 misho 195: struct alias *alias_find(char *, int);
196: struct alias *alias_remove(char *, int);
197: void alias_free(void *);
198: void alias_apply(int (*)(void *, void *), void *);
199: void init_aliases(void);
200: void init_lexer(void);
1.1.1.3 ! misho 201: void init_parser(const char *, bool);
1.1 misho 202: int alias_compare(const void *, const void *);
203:
204: #endif /* _SUDO_PARSE_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>