src/usr.bin/sudo/parse.h - diff

Return to parse.h CVS log

Up to [local] / src / usr.bin / sudo

Diff for /src/usr.bin/sudo/Attic/parse.h between version 1.6 and 1.7

-version 1.6, 2008/07/31 16:44:03
+version 1.7, 2008/11/14 11:58:08
 Line 1
 Line 1
 Line 1
  /*
-  * Copyright (c) 1996, 1998-2000, 2004, 2007
+  * Copyright (c) 1996, 1998-2000, 2004, 2007-2008
   *      Todd C. Miller <Todd.Miller@courtesan.com>
   *
   * Permission to use, copy, modify, and distribute this software for any
 Line 14
 Line 14
 Line 14
   * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   *
-  * $Sudo: parse.h,v 1.14.2.2 2008/02/09 14:44:48 millert Exp $
+  * $Sudo: parse.h,v 1.44 2008/11/09 14:13:12 millert Exp $
   */
  #ifndef _SUDO_PARSE_H
  #define _SUDO_PARSE_H
- /*
+ #undef UNSPEC
-  * Data structure used in parsing sudoers;
+ #define UNSPEC  -1
-  * top of stack values are the ones that
+ #undef DENY
-  * apply when parsing is done & can be
+ #define DENY     0
-  * accessed by *_matches macros
+ #undef ALLOW
-  */
+ #define ALLOW    1
- #define STACKINCREMENT (32)
+ #undef IMPLIED
- struct matchstack {
+ #define IMPLIED  2
-         int user;
-         int cmnd;
-         int host;
-         int runas;
-         int nopass;
-         int noexec;
-         int setenv;
-         char *role;
-         char *type;
- };
  /*
-  * Data structure describing a command in the
+  * A command with args. XXX - merge into struct member.
-  * sudoers file.
   */
  struct sudo_command {
      char *cmnd;
-Line 49
+Line 38
 Line 49
 Line 38
  };
  /*
+  * Tags associated with a command.
+  * Possible valus: TRUE, FALSE, UNSPEC.
+  */
+ struct cmndtag {
+     __signed char nopasswd;
+     __signed char noexec;
+     __signed char setenv;
+     __signed char extra;
+ };
+ /*
   * SELinux-specific container struct.
   * Currently just contains a role and type.
   */
 Line 57
 Line 57
 Line 57
      char *type;
  };
- #define user_matches    (match[top-1].user)
+ /*
- #define cmnd_matches    (match[top-1].cmnd)
+  * The parses sudoers file is stored as a collection of linked lists,
- #define host_matches    (match[top-1].host)
+  * modelled after the yacc grammar.
- #define runas_matches   (match[top-1].runas)
+  *
- #define no_passwd       (match[top-1].nopass)
+  * Other than the alias struct, which is stored in a red-black tree,
- #define no_execve       (match[top-1].noexec)
+  * the data structure used is basically a doubly-linked tail queue without
- #define setenv_ok       (match[top-1].setenv)
+  * a separate head struct--the first entry acts as the head where the prev
+  * pointer does double duty as the tail pointer.  This makes it possible
+  * to trivally append sub-lists.  In addition, the prev pointer is always
+  * valid (even if it points to itself).  Unlike a circle queue, the next
+  * pointer of the last entry is NULL and does not point back to the head.
+  *
+  * Note that each list struct must contain a "prev" and "next" pointer as
+  * the first two members of the struct (in that order).
+  */
  /*
-  * Structure containing command matches if "sudo -l" is used.
+  * Tail queue list head structure.
   */
- struct command_match {
+ TQ_DECLARE(defaults)
-     char *runas;
+ TQ_DECLARE(userspec)
-     size_t runas_len;
+ TQ_DECLARE(member)
-     size_t runas_size;
+ TQ_DECLARE(privilege)
-     char *cmnd;
+ TQ_DECLARE(cmndspec)
-     size_t cmnd_len;
-     size_t cmnd_size;
+ /*
-     char *role;
+  * Structure describing a user specification and list thereof.
-     size_t role_len;
+  */
-     size_t role_size;
+ struct userspec {
-     char *type;
+     struct userspec *prev, *next;
-     size_t type_len;
+     struct member_list users;           /* list of users */
-     size_t type_size;
+     struct privilege_list privileges;   /* list of privileges */
-     int nopasswd;
-     int noexecve;
-     int setenv;
  };
  /*
-  * Structure describing an alias match in parser.
+  * Structure describing a privilege specification.
   */
- typedef struct {
+ struct privilege {
-     int type;
+     struct privilege *prev, *next;
-     char *name;
+     struct member_list hostlist;        /* list of hosts */
-     int val;
+     struct cmndspec_list cmndlist;      /* list of Cmnd_Specs */
- } aliasinfo;
+ };
  /*
-  * Structure containing Cmnd_Alias's if "sudo -l" is used.
+  * Structure describing a linked list of Cmnd_Specs.
   */
- struct generic_alias {
+ struct cmndspec {
-     int type;
+     struct cmndspec *prev, *next;
-     char *alias;
+     struct member_list runasuserlist;   /* list of runas users */
-     char *entries;
+     struct member_list runasgrouplist;  /* list of runas groups */
-     size_t entries_size;
+     struct member *cmnd;                /* command to allow/deny */
-     size_t entries_len;
+     struct cmndtag tags;                /* tag specificaion */
+ #ifdef HAVE_SELINUX
+     char *role, *type;                  /* SELinux role and type */
+ #endif
  };
- /* The matching stack and number of entries on it. */
+ /*
- extern struct matchstack *match;
+  * Generic structure to hold users, hosts, commands.
- extern int top;
+  */
+ struct member {
+     struct member *prev, *next;
+     char *name;                         /* member name */
+     short type;                         /* type (see gram.h) */
+     short negated;                      /* negated via '!'? */
+ };
+ struct runascontainer {
+     struct member *runasusers;
+     struct member *runasgroups;
+ };
  /*
+  * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
+  * Aliases are stored in a red-black tree, sorted by name and type.
+  */
+ struct alias {
+     char *name;                         /* alias name */
+     unsigned short type;                /* {USER,HOST,RUNAS,CMND}ALIAS */
+     unsigned short seqno;               /* sequence number */
+     struct member_list members;         /* list of alias members */
+ };
+ /*
+  * Structure describing a Defaults entry and a list thereof.
+  */
+ struct defaults {
+     struct defaults *prev, *next;
+     char *var;                          /* variable name */
+     char *val;                          /* variable value */
+     struct member_list binding;         /* user/host/runas binding */
+     int type;                           /* DEFAULTS{,_USER,_RUNAS,_HOST} */
+     int op;                             /* TRUE, FALSE, '+', '-' */
+ };
+ /*
+  * Parsed sudoers info.
+  */
+ extern struct userspec_list userspecs;
+ extern struct defaults_list defaults;
+ /*
+  * Alias sequence number to avoid loops.
+  */
+ extern unsigned int alias_seqno;
+ /*
   * Prototypes
   */
+ char *alias_add         __P((char *, int, struct member *));
  int addr_matches        __P((char *));
+ int alias_remove        __P((char *, int));
+ int cmnd_matches        __P((struct member *));
+ int cmndlist_matches    __P((struct member_list *));
  int command_matches     __P((char *, char *));
+ int hostlist_matches    __P((struct member_list *));
  int hostname_matches    __P((char *, char *, char *));
  int netgr_matches       __P((char *, char *, char *, char *));
- int userpw_matches      __P((char *, char *, struct passwd *));
+ int no_aliases          __P((void));
+ int runaslist_matches   __P((struct member_list *, struct member_list *));
+ int userlist_matches    __P((struct passwd *, struct member_list *));
  int usergr_matches      __P((char *, char *, struct passwd *));
+ int userpw_matches      __P((char *, char *, struct passwd *));
+ int group_matches       __P((char *, struct group *));
+ struct alias *find_alias __P((char *, int));
+ void alias_apply        __P((int (*)(void *, void *), void *));
+ void init_aliases       __P((void));
+ void init_parser        __P((char *, int));
  #endif /* _SUDO_PARSE_H */