version 1.6, 2008/07/31 16:44:03 |
version 1.7, 2008/11/14 11:58:08 |
|
|
/* |
/* |
* Copyright (c) 1996, 1998-2000, 2004, 2007 |
* Copyright (c) 1996, 1998-2000, 2004, 2007-2008 |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* Todd C. Miller <Todd.Miller@courtesan.com> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
* |
* |
* $Sudo: parse.h,v 1.14.2.2 2008/02/09 14:44:48 millert Exp $ |
* $Sudo: parse.h,v 1.44 2008/11/09 14:13:12 millert Exp $ |
*/ |
*/ |
|
|
#ifndef _SUDO_PARSE_H |
#ifndef _SUDO_PARSE_H |
#define _SUDO_PARSE_H |
#define _SUDO_PARSE_H |
|
|
/* |
#undef UNSPEC |
* Data structure used in parsing sudoers; |
#define UNSPEC -1 |
* top of stack values are the ones that |
#undef DENY |
* apply when parsing is done & can be |
#define DENY 0 |
* accessed by *_matches macros |
#undef ALLOW |
*/ |
#define ALLOW 1 |
#define STACKINCREMENT (32) |
#undef IMPLIED |
struct matchstack { |
#define IMPLIED 2 |
int user; |
|
int cmnd; |
|
int host; |
|
int runas; |
|
int nopass; |
|
int noexec; |
|
int setenv; |
|
char *role; |
|
char *type; |
|
}; |
|
|
|
/* |
/* |
* Data structure describing a command in the |
* A command with args. XXX - merge into struct member. |
* sudoers file. |
|
*/ |
*/ |
struct sudo_command { |
struct sudo_command { |
char *cmnd; |
char *cmnd; |
|
|
}; |
}; |
|
|
/* |
/* |
|
* Tags associated with a command. |
|
* Possible valus: TRUE, FALSE, UNSPEC. |
|
*/ |
|
struct cmndtag { |
|
__signed char nopasswd; |
|
__signed char noexec; |
|
__signed char setenv; |
|
__signed char extra; |
|
}; |
|
|
|
/* |
* SELinux-specific container struct. |
* SELinux-specific container struct. |
* Currently just contains a role and type. |
* Currently just contains a role and type. |
*/ |
*/ |
|
|
char *type; |
char *type; |
}; |
}; |
|
|
#define user_matches (match[top-1].user) |
/* |
#define cmnd_matches (match[top-1].cmnd) |
* The parses sudoers file is stored as a collection of linked lists, |
#define host_matches (match[top-1].host) |
* modelled after the yacc grammar. |
#define runas_matches (match[top-1].runas) |
* |
#define no_passwd (match[top-1].nopass) |
* Other than the alias struct, which is stored in a red-black tree, |
#define no_execve (match[top-1].noexec) |
* the data structure used is basically a doubly-linked tail queue without |
#define setenv_ok (match[top-1].setenv) |
* a separate head struct--the first entry acts as the head where the prev |
|
* pointer does double duty as the tail pointer. This makes it possible |
|
* to trivally append sub-lists. In addition, the prev pointer is always |
|
* valid (even if it points to itself). Unlike a circle queue, the next |
|
* pointer of the last entry is NULL and does not point back to the head. |
|
* |
|
* Note that each list struct must contain a "prev" and "next" pointer as |
|
* the first two members of the struct (in that order). |
|
*/ |
|
|
/* |
/* |
* Structure containing command matches if "sudo -l" is used. |
* Tail queue list head structure. |
*/ |
*/ |
struct command_match { |
TQ_DECLARE(defaults) |
char *runas; |
TQ_DECLARE(userspec) |
size_t runas_len; |
TQ_DECLARE(member) |
size_t runas_size; |
TQ_DECLARE(privilege) |
char *cmnd; |
TQ_DECLARE(cmndspec) |
size_t cmnd_len; |
|
size_t cmnd_size; |
/* |
char *role; |
* Structure describing a user specification and list thereof. |
size_t role_len; |
*/ |
size_t role_size; |
struct userspec { |
char *type; |
struct userspec *prev, *next; |
size_t type_len; |
struct member_list users; /* list of users */ |
size_t type_size; |
struct privilege_list privileges; /* list of privileges */ |
int nopasswd; |
|
int noexecve; |
|
int setenv; |
|
}; |
}; |
|
|
/* |
/* |
* Structure describing an alias match in parser. |
* Structure describing a privilege specification. |
*/ |
*/ |
typedef struct { |
struct privilege { |
int type; |
struct privilege *prev, *next; |
char *name; |
struct member_list hostlist; /* list of hosts */ |
int val; |
struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ |
} aliasinfo; |
}; |
|
|
/* |
/* |
* Structure containing Cmnd_Alias's if "sudo -l" is used. |
* Structure describing a linked list of Cmnd_Specs. |
*/ |
*/ |
struct generic_alias { |
struct cmndspec { |
int type; |
struct cmndspec *prev, *next; |
char *alias; |
struct member_list runasuserlist; /* list of runas users */ |
char *entries; |
struct member_list runasgrouplist; /* list of runas groups */ |
size_t entries_size; |
struct member *cmnd; /* command to allow/deny */ |
size_t entries_len; |
struct cmndtag tags; /* tag specificaion */ |
|
#ifdef HAVE_SELINUX |
|
char *role, *type; /* SELinux role and type */ |
|
#endif |
}; |
}; |
|
|
/* The matching stack and number of entries on it. */ |
/* |
extern struct matchstack *match; |
* Generic structure to hold users, hosts, commands. |
extern int top; |
*/ |
|
struct member { |
|
struct member *prev, *next; |
|
char *name; /* member name */ |
|
short type; /* type (see gram.h) */ |
|
short negated; /* negated via '!'? */ |
|
}; |
|
|
|
struct runascontainer { |
|
struct member *runasusers; |
|
struct member *runasgroups; |
|
}; |
|
|
/* |
/* |
|
* Generic structure to hold {User,Host,Runas,Cmnd}_Alias |
|
* Aliases are stored in a red-black tree, sorted by name and type. |
|
*/ |
|
struct alias { |
|
char *name; /* alias name */ |
|
unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ |
|
unsigned short seqno; /* sequence number */ |
|
struct member_list members; /* list of alias members */ |
|
}; |
|
|
|
/* |
|
* Structure describing a Defaults entry and a list thereof. |
|
*/ |
|
struct defaults { |
|
struct defaults *prev, *next; |
|
char *var; /* variable name */ |
|
char *val; /* variable value */ |
|
struct member_list binding; /* user/host/runas binding */ |
|
int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ |
|
int op; /* TRUE, FALSE, '+', '-' */ |
|
}; |
|
|
|
/* |
|
* Parsed sudoers info. |
|
*/ |
|
extern struct userspec_list userspecs; |
|
extern struct defaults_list defaults; |
|
|
|
/* |
|
* Alias sequence number to avoid loops. |
|
*/ |
|
extern unsigned int alias_seqno; |
|
|
|
/* |
* Prototypes |
* Prototypes |
*/ |
*/ |
|
char *alias_add __P((char *, int, struct member *)); |
int addr_matches __P((char *)); |
int addr_matches __P((char *)); |
|
int alias_remove __P((char *, int)); |
|
int cmnd_matches __P((struct member *)); |
|
int cmndlist_matches __P((struct member_list *)); |
int command_matches __P((char *, char *)); |
int command_matches __P((char *, char *)); |
|
int hostlist_matches __P((struct member_list *)); |
int hostname_matches __P((char *, char *, char *)); |
int hostname_matches __P((char *, char *, char *)); |
int netgr_matches __P((char *, char *, char *, char *)); |
int netgr_matches __P((char *, char *, char *, char *)); |
int userpw_matches __P((char *, char *, struct passwd *)); |
int no_aliases __P((void)); |
|
int runaslist_matches __P((struct member_list *, struct member_list *)); |
|
int userlist_matches __P((struct passwd *, struct member_list *)); |
int usergr_matches __P((char *, char *, struct passwd *)); |
int usergr_matches __P((char *, char *, struct passwd *)); |
|
int userpw_matches __P((char *, char *, struct passwd *)); |
|
int group_matches __P((char *, struct group *)); |
|
struct alias *find_alias __P((char *, int)); |
|
void alias_apply __P((int (*)(void *, void *), void *)); |
|
void init_aliases __P((void)); |
|
void init_parser __P((char *, int)); |
|
|
#endif /* _SUDO_PARSE_H */ |
#endif /* _SUDO_PARSE_H */ |