Annotation of src/usr.bin/sudo/parse.h, Revision 1.7
1.1 millert 1: /*
1.7 ! millert 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2008
1.5 millert 3: * Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 4: *
1.4 millert 5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 millert 16: *
1.7 ! millert 17: * $Sudo: parse.h,v 1.44 2008/11/09 14:13:12 millert Exp $
1.1 millert 18: */
19:
20: #ifndef _SUDO_PARSE_H
21: #define _SUDO_PARSE_H
22:
1.7 ! millert 23: #undef UNSPEC
! 24: #define UNSPEC -1
! 25: #undef DENY
! 26: #define DENY 0
! 27: #undef ALLOW
! 28: #define ALLOW 1
! 29: #undef IMPLIED
! 30: #define IMPLIED 2
1.1 millert 31:
32: /*
1.7 ! millert 33: * A command with args. XXX - merge into struct member.
1.1 millert 34: */
35: struct sudo_command {
36: char *cmnd;
37: char *args;
38: };
39:
1.6 millert 40: /*
1.7 ! millert 41: * Tags associated with a command.
! 42: * Possible valus: TRUE, FALSE, UNSPEC.
! 43: */
! 44: struct cmndtag {
! 45: __signed char nopasswd;
! 46: __signed char noexec;
! 47: __signed char setenv;
! 48: __signed char extra;
! 49: };
! 50:
! 51: /*
1.6 millert 52: * SELinux-specific container struct.
53: * Currently just contains a role and type.
54: */
55: struct selinux_info {
56: char *role;
57: char *type;
58: };
59:
1.7 ! millert 60: /*
! 61: * The parses sudoers file is stored as a collection of linked lists,
! 62: * modelled after the yacc grammar.
! 63: *
! 64: * Other than the alias struct, which is stored in a red-black tree,
! 65: * the data structure used is basically a doubly-linked tail queue without
! 66: * a separate head struct--the first entry acts as the head where the prev
! 67: * pointer does double duty as the tail pointer. This makes it possible
! 68: * to trivally append sub-lists. In addition, the prev pointer is always
! 69: * valid (even if it points to itself). Unlike a circle queue, the next
! 70: * pointer of the last entry is NULL and does not point back to the head.
! 71: *
! 72: * Note that each list struct must contain a "prev" and "next" pointer as
! 73: * the first two members of the struct (in that order).
! 74: */
! 75:
! 76: /*
! 77: * Tail queue list head structure.
! 78: */
! 79: TQ_DECLARE(defaults)
! 80: TQ_DECLARE(userspec)
! 81: TQ_DECLARE(member)
! 82: TQ_DECLARE(privilege)
! 83: TQ_DECLARE(cmndspec)
! 84:
! 85: /*
! 86: * Structure describing a user specification and list thereof.
! 87: */
! 88: struct userspec {
! 89: struct userspec *prev, *next;
! 90: struct member_list users; /* list of users */
! 91: struct privilege_list privileges; /* list of privileges */
! 92: };
1.1 millert 93:
94: /*
1.7 ! millert 95: * Structure describing a privilege specification.
! 96: */
! 97: struct privilege {
! 98: struct privilege *prev, *next;
! 99: struct member_list hostlist; /* list of hosts */
! 100: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
! 101: };
! 102:
! 103: /*
! 104: * Structure describing a linked list of Cmnd_Specs.
! 105: */
! 106: struct cmndspec {
! 107: struct cmndspec *prev, *next;
! 108: struct member_list runasuserlist; /* list of runas users */
! 109: struct member_list runasgrouplist; /* list of runas groups */
! 110: struct member *cmnd; /* command to allow/deny */
! 111: struct cmndtag tags; /* tag specificaion */
! 112: #ifdef HAVE_SELINUX
! 113: char *role, *type; /* SELinux role and type */
! 114: #endif
! 115: };
! 116:
! 117: /*
! 118: * Generic structure to hold users, hosts, commands.
! 119: */
! 120: struct member {
! 121: struct member *prev, *next;
! 122: char *name; /* member name */
! 123: short type; /* type (see gram.h) */
! 124: short negated; /* negated via '!'? */
! 125: };
! 126:
! 127: struct runascontainer {
! 128: struct member *runasusers;
! 129: struct member *runasgroups;
1.1 millert 130: };
131:
132: /*
1.7 ! millert 133: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
! 134: * Aliases are stored in a red-black tree, sorted by name and type.
1.1 millert 135: */
1.7 ! millert 136: struct alias {
! 137: char *name; /* alias name */
! 138: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
! 139: unsigned short seqno; /* sequence number */
! 140: struct member_list members; /* list of alias members */
! 141: };
1.1 millert 142:
143: /*
1.7 ! millert 144: * Structure describing a Defaults entry and a list thereof.
1.1 millert 145: */
1.7 ! millert 146: struct defaults {
! 147: struct defaults *prev, *next;
! 148: char *var; /* variable name */
! 149: char *val; /* variable value */
! 150: struct member_list binding; /* user/host/runas binding */
! 151: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
! 152: int op; /* TRUE, FALSE, '+', '-' */
1.1 millert 153: };
154:
1.7 ! millert 155: /*
! 156: * Parsed sudoers info.
! 157: */
! 158: extern struct userspec_list userspecs;
! 159: extern struct defaults_list defaults;
! 160:
! 161: /*
! 162: * Alias sequence number to avoid loops.
! 163: */
! 164: extern unsigned int alias_seqno;
1.1 millert 165:
166: /*
167: * Prototypes
168: */
1.7 ! millert 169: char *alias_add __P((char *, int, struct member *));
1.1 millert 170: int addr_matches __P((char *));
1.7 ! millert 171: int alias_remove __P((char *, int));
! 172: int cmnd_matches __P((struct member *));
! 173: int cmndlist_matches __P((struct member_list *));
1.4 millert 174: int command_matches __P((char *, char *));
1.7 ! millert 175: int hostlist_matches __P((struct member_list *));
1.3 millert 176: int hostname_matches __P((char *, char *, char *));
1.2 millert 177: int netgr_matches __P((char *, char *, char *, char *));
1.7 ! millert 178: int no_aliases __P((void));
! 179: int runaslist_matches __P((struct member_list *, struct member_list *));
! 180: int userlist_matches __P((struct passwd *, struct member_list *));
! 181: int usergr_matches __P((char *, char *, struct passwd *));
1.4 millert 182: int userpw_matches __P((char *, char *, struct passwd *));
1.7 ! millert 183: int group_matches __P((char *, struct group *));
! 184: struct alias *find_alias __P((char *, int));
! 185: void alias_apply __P((int (*)(void *, void *), void *));
! 186: void init_aliases __P((void));
! 187: void init_parser __P((char *, int));
1.1 millert 188:
189: #endif /* _SUDO_PARSE_H */