Annotation of src/usr.bin/sudo/parse.h, Revision 1.10
1.1 millert 1: /*
1.9 millert 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2009
1.5 millert 3: * Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 4: *
1.4 millert 5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 millert 16: */
17:
18: #ifndef _SUDO_PARSE_H
19: #define _SUDO_PARSE_H
20:
1.7 millert 21: #undef UNSPEC
22: #define UNSPEC -1
23: #undef DENY
24: #define DENY 0
25: #undef ALLOW
26: #define ALLOW 1
27: #undef IMPLIED
28: #define IMPLIED 2
1.1 millert 29:
30: /*
1.7 millert 31: * A command with args. XXX - merge into struct member.
1.1 millert 32: */
33: struct sudo_command {
34: char *cmnd;
35: char *args;
36: };
37:
1.6 millert 38: /*
1.7 millert 39: * Tags associated with a command.
40: * Possible valus: TRUE, FALSE, UNSPEC.
41: */
42: struct cmndtag {
43: __signed char nopasswd;
44: __signed char noexec;
45: __signed char setenv;
46: __signed char extra;
47: };
48:
49: /*
1.6 millert 50: * SELinux-specific container struct.
51: * Currently just contains a role and type.
52: */
53: struct selinux_info {
54: char *role;
55: char *type;
56: };
57:
1.7 millert 58: /*
59: * The parses sudoers file is stored as a collection of linked lists,
60: * modelled after the yacc grammar.
61: *
62: * Other than the alias struct, which is stored in a red-black tree,
63: * the data structure used is basically a doubly-linked tail queue without
64: * a separate head struct--the first entry acts as the head where the prev
65: * pointer does double duty as the tail pointer. This makes it possible
66: * to trivally append sub-lists. In addition, the prev pointer is always
67: * valid (even if it points to itself). Unlike a circle queue, the next
68: * pointer of the last entry is NULL and does not point back to the head.
69: *
70: * Note that each list struct must contain a "prev" and "next" pointer as
71: * the first two members of the struct (in that order).
72: */
73:
74: /*
75: * Tail queue list head structure.
76: */
77: TQ_DECLARE(defaults)
78: TQ_DECLARE(userspec)
79: TQ_DECLARE(member)
80: TQ_DECLARE(privilege)
81: TQ_DECLARE(cmndspec)
82:
83: /*
84: * Structure describing a user specification and list thereof.
85: */
86: struct userspec {
87: struct userspec *prev, *next;
88: struct member_list users; /* list of users */
89: struct privilege_list privileges; /* list of privileges */
90: };
1.1 millert 91:
92: /*
1.7 millert 93: * Structure describing a privilege specification.
94: */
95: struct privilege {
96: struct privilege *prev, *next;
97: struct member_list hostlist; /* list of hosts */
98: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
99: };
100:
101: /*
102: * Structure describing a linked list of Cmnd_Specs.
103: */
104: struct cmndspec {
105: struct cmndspec *prev, *next;
106: struct member_list runasuserlist; /* list of runas users */
107: struct member_list runasgrouplist; /* list of runas groups */
108: struct member *cmnd; /* command to allow/deny */
109: struct cmndtag tags; /* tag specificaion */
110: #ifdef HAVE_SELINUX
111: char *role, *type; /* SELinux role and type */
112: #endif
113: };
114:
115: /*
116: * Generic structure to hold users, hosts, commands.
117: */
118: struct member {
119: struct member *prev, *next;
120: char *name; /* member name */
121: short type; /* type (see gram.h) */
122: short negated; /* negated via '!'? */
123: };
124:
125: struct runascontainer {
126: struct member *runasusers;
127: struct member *runasgroups;
1.1 millert 128: };
129:
130: /*
1.7 millert 131: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
132: * Aliases are stored in a red-black tree, sorted by name and type.
1.1 millert 133: */
1.7 millert 134: struct alias {
135: char *name; /* alias name */
136: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
137: unsigned short seqno; /* sequence number */
138: struct member_list members; /* list of alias members */
139: };
1.1 millert 140:
141: /*
1.7 millert 142: * Structure describing a Defaults entry and a list thereof.
1.1 millert 143: */
1.7 millert 144: struct defaults {
145: struct defaults *prev, *next;
146: char *var; /* variable name */
147: char *val; /* variable value */
148: struct member_list binding; /* user/host/runas binding */
149: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
150: int op; /* TRUE, FALSE, '+', '-' */
1.1 millert 151: };
152:
1.7 millert 153: /*
154: * Parsed sudoers info.
155: */
156: extern struct userspec_list userspecs;
157: extern struct defaults_list defaults;
158:
159: /*
160: * Alias sequence number to avoid loops.
161: */
162: extern unsigned int alias_seqno;
1.1 millert 163:
164: /*
165: * Prototypes
166: */
1.7 millert 167: char *alias_add __P((char *, int, struct member *));
1.1 millert 168: int addr_matches __P((char *));
1.7 millert 169: int cmnd_matches __P((struct member *));
170: int cmndlist_matches __P((struct member_list *));
1.4 millert 171: int command_matches __P((char *, char *));
1.7 millert 172: int hostlist_matches __P((struct member_list *));
1.3 millert 173: int hostname_matches __P((char *, char *, char *));
1.2 millert 174: int netgr_matches __P((char *, char *, char *, char *));
1.7 millert 175: int no_aliases __P((void));
176: int runaslist_matches __P((struct member_list *, struct member_list *));
177: int userlist_matches __P((struct passwd *, struct member_list *));
178: int usergr_matches __P((char *, char *, struct passwd *));
1.4 millert 179: int userpw_matches __P((char *, char *, struct passwd *));
1.7 millert 180: int group_matches __P((char *, struct group *));
1.8 millert 181: struct alias *alias_find __P((char *, int));
182: struct alias *alias_remove __P((char *, int));
183: void alias_free __P((void *));
1.7 millert 184: void alias_apply __P((int (*)(void *, void *), void *));
185: void init_aliases __P((void));
1.9 millert 186: void init_lexer __P((void));
1.7 millert 187: void init_parser __P((char *, int));
1.8 millert 188: int alias_compare __P((const void *, const void *));
1.1 millert 189:
190: #endif /* _SUDO_PARSE_H */