Annotation of embedaddon/sudo/plugins/sudoers/parse.h, revision 1.1.1.5
1.1 misho 1: /*
1.1.1.5 ! misho 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2014
1.1 misho 3: * Todd C. Miller <Todd.Miller@courtesan.com>
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
1.1.1.4 misho 18: #ifndef _SUDOERS_PARSE_H
19: #define _SUDOERS_PARSE_H
1.1 misho 20:
21: #undef UNSPEC
22: #define UNSPEC -1
23: #undef DENY
24: #define DENY 0
25: #undef ALLOW
26: #define ALLOW 1
27: #undef IMPLIED
28: #define IMPLIED 2
29:
1.1.1.4 misho 30: #define SUDO_DIGEST_SHA224 0
31: #define SUDO_DIGEST_SHA256 1
32: #define SUDO_DIGEST_SHA384 2
33: #define SUDO_DIGEST_SHA512 3
34: #define SUDO_DIGEST_INVALID 4
35:
36: struct sudo_digest {
1.1.1.5 ! misho 37: unsigned int digest_type;
1.1.1.4 misho 38: char *digest_str;
39: };
40:
1.1 misho 41: /*
1.1.1.4 misho 42: * A command with option args and digest.
43: * XXX - merge into struct member
1.1 misho 44: */
45: struct sudo_command {
46: char *cmnd;
47: char *args;
1.1.1.4 misho 48: struct sudo_digest *digest;
1.1 misho 49: };
50:
51: /*
52: * Tags associated with a command.
1.1.1.4 misho 53: * Possible values: true, false, IMPLIED, UNSPEC.
1.1 misho 54: */
55: struct cmndtag {
1.1.1.5 ! misho 56: signed int nopasswd: 3;
! 57: signed int noexec: 3;
! 58: signed int setenv: 3;
! 59: signed int log_input: 3;
! 60: signed int log_output: 3;
1.1 misho 61: };
62:
63: /*
64: * SELinux-specific container struct.
65: * Currently just contains a role and type.
66: */
67: struct selinux_info {
68: char *role;
69: char *type;
70: };
71:
72: /*
1.1.1.3 misho 73: * Solaris privileges container struct
74: * Currently just contains permitted and limit privileges.
75: * It could have PFEXEC and PRIV_AWARE flags added in the future.
76: */
77: struct solaris_privs_info {
78: char *privs;
79: char *limitprivs;
80: };
81:
82: /*
83: * The parsed sudoers file is stored as a collection of linked lists,
1.1 misho 84: * modelled after the yacc grammar.
85: *
86: * Other than the alias struct, which is stored in a red-black tree,
1.1.1.5 ! misho 87: * the data structure used is a doubly-linked tail queue. While sudoers
! 88: * is being parsed, a headless tail queue is used where the first entry
! 89: * acts as the head and the prev pointer does double duty as the tail pointer.
! 90: * This makes it possible to trivally append sub-lists. In addition, the prev
! 91: * pointer is always valid (even if it points to itself). Unlike a circle
! 92: * queue, the next pointer of the last entry is NULL and does not point back
! 93: * to the head. When the tail queue is finalized, it is converted to a
! 94: * normal BSD tail queue.
1.1 misho 95: */
96:
97: /*
98: * Tail queue list head structure.
99: */
1.1.1.5 ! misho 100: TAILQ_HEAD(defaults_list, defaults);
! 101: TAILQ_HEAD(userspec_list, userspec);
! 102: TAILQ_HEAD(member_list, member);
! 103: TAILQ_HEAD(privilege_list, privilege);
! 104: TAILQ_HEAD(cmndspec_list, cmndspec);
1.1 misho 105:
106: /*
107: * Structure describing a user specification and list thereof.
108: */
109: struct userspec {
1.1.1.5 ! misho 110: TAILQ_ENTRY(userspec) entries;
1.1 misho 111: struct member_list users; /* list of users */
112: struct privilege_list privileges; /* list of privileges */
113: };
114:
115: /*
116: * Structure describing a privilege specification.
117: */
118: struct privilege {
1.1.1.5 ! misho 119: TAILQ_ENTRY(privilege) entries;
1.1 misho 120: struct member_list hostlist; /* list of hosts */
121: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
122: };
123:
124: /*
125: * Structure describing a linked list of Cmnd_Specs.
126: */
127: struct cmndspec {
1.1.1.5 ! misho 128: TAILQ_ENTRY(cmndspec) entries;
! 129: struct member_list *runasuserlist; /* list of runas users */
! 130: struct member_list *runasgrouplist; /* list of runas groups */
1.1 misho 131: struct member *cmnd; /* command to allow/deny */
132: struct cmndtag tags; /* tag specificaion */
133: #ifdef HAVE_SELINUX
134: char *role, *type; /* SELinux role and type */
135: #endif
1.1.1.3 misho 136: #ifdef HAVE_PRIV_SET
137: char *privs, *limitprivs; /* Solaris privilege sets */
138: #endif
1.1 misho 139: };
140:
141: /*
142: * Generic structure to hold users, hosts, commands.
143: */
144: struct member {
1.1.1.5 ! misho 145: TAILQ_ENTRY(member) entries;
1.1 misho 146: char *name; /* member name */
147: short type; /* type (see gram.h) */
148: short negated; /* negated via '!'? */
149: };
150:
151: struct runascontainer {
152: struct member *runasusers;
153: struct member *runasgroups;
154: };
155:
156: /*
157: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
158: * Aliases are stored in a red-black tree, sorted by name and type.
159: */
160: struct alias {
161: char *name; /* alias name */
162: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
1.1.1.4 misho 163: bool used; /* "used" flag for cycle detection */
1.1 misho 164: struct member_list members; /* list of alias members */
165: };
166:
167: /*
168: * Structure describing a Defaults entry and a list thereof.
169: */
170: struct defaults {
1.1.1.5 ! misho 171: TAILQ_ENTRY(defaults) entries;
1.1 misho 172: char *var; /* variable name */
173: char *val; /* variable value */
1.1.1.5 ! misho 174: struct member_list *binding; /* user/host/runas binding */
1.1 misho 175: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
1.1.1.2 misho 176: int op; /* true, false, '+', '-' */
1.1 misho 177: };
178:
179: /*
180: * Parsed sudoers info.
181: */
182: extern struct userspec_list userspecs;
183: extern struct defaults_list defaults;
184:
1.1.1.4 misho 185: /* alias.c */
1.1.1.2 misho 186: bool no_aliases(void);
1.1.1.4 misho 187: char *alias_add(char *name, int type, struct member *members);
188: int alias_compare(const void *a1, const void *a2);
189: struct alias *alias_get(char *name, int type);
190: struct alias *alias_remove(char *name, int type);
191: void alias_apply(int (*func)(void *, void *), void *cookie);
192: void alias_free(void *a);
193: void alias_put(struct alias *a);
1.1 misho 194: void init_aliases(void);
1.1.1.4 misho 195:
196: /* gram.c */
1.1.1.3 misho 197: void init_parser(const char *, bool);
1.1 misho 198:
1.1.1.4 misho 199: /* match_addr.c */
200: bool addr_matches(char *n);
201:
202: /* match.c */
1.1.1.5 ! misho 203: bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest);
! 204: bool group_matches(const char *sudoers_group, const struct group *gr);
! 205: bool hostname_matches(const char *shost, const char *lhost, const char *pattern);
! 206: bool netgr_matches(const char *netgr, const char *lhost, const char *shost, const char *user);
! 207: bool usergr_matches(const char *group, const char *user, const struct passwd *pw);
! 208: bool userpw_matches(const char *sudoers_user, const char *user, const struct passwd *pw);
! 209: int cmnd_matches(const struct member *m);
! 210: int cmndlist_matches(const struct member_list *list);
! 211: int hostlist_matches(const struct member_list *list);
! 212: int runaslist_matches(const struct member_list *user_list, const struct member_list *group_list, struct member **matching_user, struct member **matching_group);
! 213: int userlist_matches(const struct passwd *pw, const struct member_list *list);
1.1.1.4 misho 214:
215: /* toke.c */
216: void init_lexer(void);
217:
218: /* hexchar.c */
219: int hexchar(const char *s);
220:
221: /* base64.c */
222: size_t base64_decode(const char *str, unsigned char *dst, size_t dsize);
223:
224: #endif /* _SUDOERS_PARSE_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>