Annotation of embedaddon/sudo/plugins/sudoers/parse.h, revision 1.1.1.4
1.1 misho 1: /*
1.1.1.4 ! misho 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2013
1.1 misho 3: * Todd C. Miller <Todd.Miller@courtesan.com>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
1.1.1.4 ! misho 18: #ifndef _SUDOERS_PARSE_H
! 19: #define _SUDOERS_PARSE_H
1.1 misho 20:
21: #undef UNSPEC
22: #define UNSPEC -1
23: #undef DENY
24: #define DENY 0
25: #undef ALLOW
26: #define ALLOW 1
27: #undef IMPLIED
28: #define IMPLIED 2
29:
1.1.1.4 ! misho 30: #define SUDO_DIGEST_SHA224 0
! 31: #define SUDO_DIGEST_SHA256 1
! 32: #define SUDO_DIGEST_SHA384 2
! 33: #define SUDO_DIGEST_SHA512 3
! 34: #define SUDO_DIGEST_INVALID 4
! 35:
! 36: struct sudo_digest {
! 37: int digest_type;
! 38: char *digest_str;
! 39: };
! 40:
1.1 misho 41: /*
1.1.1.4 ! misho 42: * A command with option args and digest.
! 43: * XXX - merge into struct member
1.1 misho 44: */
45: struct sudo_command {
46: char *cmnd;
47: char *args;
1.1.1.4 ! misho 48: struct sudo_digest *digest;
1.1 misho 49: };
50:
51: /*
52: * Tags associated with a command.
1.1.1.4 ! misho 53: * Possible values: true, false, IMPLIED, UNSPEC.
1.1 misho 54: */
55: struct cmndtag {
56: __signed int nopasswd: 3;
57: __signed int noexec: 3;
58: __signed int setenv: 3;
59: __signed int log_input: 3;
60: __signed int log_output: 3;
61: };
62:
63: /*
64: * SELinux-specific container struct.
65: * Currently just contains a role and type.
66: */
67: struct selinux_info {
68: char *role;
69: char *type;
70: };
71:
72: /*
1.1.1.3 misho 73: * Solaris privileges container struct
74: * Currently just contains permitted and limit privileges.
75: * It could have PFEXEC and PRIV_AWARE flags added in the future.
76: */
77: struct solaris_privs_info {
78: char *privs;
79: char *limitprivs;
80: };
81:
82: /*
83: * The parsed sudoers file is stored as a collection of linked lists,
1.1 misho 84: * modelled after the yacc grammar.
85: *
86: * Other than the alias struct, which is stored in a red-black tree,
87: * the data structure used is basically a doubly-linked tail queue without
88: * a separate head struct--the first entry acts as the head where the prev
89: * pointer does double duty as the tail pointer. This makes it possible
90: * to trivally append sub-lists. In addition, the prev pointer is always
91: * valid (even if it points to itself). Unlike a circle queue, the next
92: * pointer of the last entry is NULL and does not point back to the head.
93: *
94: * Note that each list struct must contain a "prev" and "next" pointer as
95: * the first two members of the struct (in that order).
96: */
97:
98: /*
99: * Tail queue list head structure.
100: */
101: TQ_DECLARE(defaults)
102: TQ_DECLARE(userspec)
103: TQ_DECLARE(member)
104: TQ_DECLARE(privilege)
105: TQ_DECLARE(cmndspec)
106:
107: /*
108: * Structure describing a user specification and list thereof.
109: */
110: struct userspec {
111: struct userspec *prev, *next;
112: struct member_list users; /* list of users */
113: struct privilege_list privileges; /* list of privileges */
114: };
115:
116: /*
117: * Structure describing a privilege specification.
118: */
119: struct privilege {
120: struct privilege *prev, *next;
121: struct member_list hostlist; /* list of hosts */
122: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
123: };
124:
125: /*
126: * Structure describing a linked list of Cmnd_Specs.
127: */
128: struct cmndspec {
129: struct cmndspec *prev, *next;
130: struct member_list runasuserlist; /* list of runas users */
131: struct member_list runasgrouplist; /* list of runas groups */
132: struct member *cmnd; /* command to allow/deny */
1.1.1.4 ! misho 133: char *digest; /* optional command digest */
1.1 misho 134: struct cmndtag tags; /* tag specificaion */
135: #ifdef HAVE_SELINUX
136: char *role, *type; /* SELinux role and type */
137: #endif
1.1.1.3 misho 138: #ifdef HAVE_PRIV_SET
139: char *privs, *limitprivs; /* Solaris privilege sets */
140: #endif
1.1 misho 141: };
142:
143: /*
144: * Generic structure to hold users, hosts, commands.
145: */
146: struct member {
147: struct member *prev, *next;
148: char *name; /* member name */
149: short type; /* type (see gram.h) */
150: short negated; /* negated via '!'? */
151: };
152:
153: struct runascontainer {
154: struct member *runasusers;
155: struct member *runasgroups;
156: };
157:
158: /*
159: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
160: * Aliases are stored in a red-black tree, sorted by name and type.
161: */
162: struct alias {
163: char *name; /* alias name */
164: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
1.1.1.4 ! misho 165: bool used; /* "used" flag for cycle detection */
1.1 misho 166: struct member_list members; /* list of alias members */
167: };
168:
169: /*
170: * Structure describing a Defaults entry and a list thereof.
171: */
172: struct defaults {
173: struct defaults *prev, *next;
174: char *var; /* variable name */
175: char *val; /* variable value */
176: struct member_list binding; /* user/host/runas binding */
177: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
1.1.1.2 misho 178: int op; /* true, false, '+', '-' */
1.1 misho 179: };
180:
181: /*
182: * Parsed sudoers info.
183: */
184: extern struct userspec_list userspecs;
185: extern struct defaults_list defaults;
186:
1.1.1.4 ! misho 187: /* alias.c */
1.1.1.2 misho 188: bool no_aliases(void);
1.1.1.4 ! misho 189: char *alias_add(char *name, int type, struct member *members);
! 190: int alias_compare(const void *a1, const void *a2);
! 191: struct alias *alias_get(char *name, int type);
! 192: struct alias *alias_remove(char *name, int type);
! 193: void alias_apply(int (*func)(void *, void *), void *cookie);
! 194: void alias_free(void *a);
! 195: void alias_put(struct alias *a);
1.1 misho 196: void init_aliases(void);
1.1.1.4 ! misho 197:
! 198: /* gram.c */
1.1.1.3 misho 199: void init_parser(const char *, bool);
1.1 misho 200:
1.1.1.4 ! misho 201: /* match_addr.c */
! 202: bool addr_matches(char *n);
! 203:
! 204: /* match.c */
! 205: bool command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest);
! 206: bool group_matches(char *sudoers_group, struct group *gr);
! 207: bool hostname_matches(char *shost, char *lhost, char *pattern);
! 208: bool netgr_matches(char *netgr, char *lhost, char *shost, char *user);
! 209: bool usergr_matches(char *group, char *user, struct passwd *pw);
! 210: bool userpw_matches(char *sudoers_user, char *user, struct passwd *pw);
! 211: int cmnd_matches(struct member *m);
! 212: int cmndlist_matches(struct member_list *list);
! 213: int hostlist_matches(struct member_list *list);
! 214: int runaslist_matches(struct member_list *user_list, struct member_list *group_list, struct member **matching_user, struct member **matching_group);
! 215: int userlist_matches(struct passwd *pw, struct member_list *list);
! 216:
! 217: /* toke.c */
! 218: void init_lexer(void);
! 219:
! 220: /* hexchar.c */
! 221: int hexchar(const char *s);
! 222:
! 223: /* base64.c */
! 224: size_t base64_decode(const char *str, unsigned char *dst, size_t dsize);
! 225:
! 226: #endif /* _SUDOERS_PARSE_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>