Annotation of src/usr.bin/sudo/parse.h, Revision 1.9
1.1 millert 1: /*
1.9 ! millert 2: * Copyright (c) 1996, 1998-2000, 2004, 2007-2009
1.5 millert 3: * Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 4: *
1.4 millert 5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.1 millert 16: *
1.9 ! millert 17: * $Sudo: parse.h,v 1.49 2009/05/25 12:02:41 millert Exp $
1.1 millert 18: */
19:
20: #ifndef _SUDO_PARSE_H
21: #define _SUDO_PARSE_H
22:
1.7 millert 23: #undef UNSPEC
24: #define UNSPEC -1
25: #undef DENY
26: #define DENY 0
27: #undef ALLOW
28: #define ALLOW 1
29: #undef IMPLIED
30: #define IMPLIED 2
1.1 millert 31:
32: /*
1.7 millert 33: * A command with args. XXX - merge into struct member.
1.1 millert 34: */
35: struct sudo_command {
36: char *cmnd;
37: char *args;
38: };
39:
1.6 millert 40: /*
1.7 millert 41: * Tags associated with a command.
42: * Possible valus: TRUE, FALSE, UNSPEC.
43: */
44: struct cmndtag {
45: __signed char nopasswd;
46: __signed char noexec;
47: __signed char setenv;
48: __signed char extra;
49: };
50:
51: /*
1.6 millert 52: * SELinux-specific container struct.
53: * Currently just contains a role and type.
54: */
55: struct selinux_info {
56: char *role;
57: char *type;
58: };
59:
1.7 millert 60: /*
61: * The parses sudoers file is stored as a collection of linked lists,
62: * modelled after the yacc grammar.
63: *
64: * Other than the alias struct, which is stored in a red-black tree,
65: * the data structure used is basically a doubly-linked tail queue without
66: * a separate head struct--the first entry acts as the head where the prev
67: * pointer does double duty as the tail pointer. This makes it possible
68: * to trivally append sub-lists. In addition, the prev pointer is always
69: * valid (even if it points to itself). Unlike a circle queue, the next
70: * pointer of the last entry is NULL and does not point back to the head.
71: *
72: * Note that each list struct must contain a "prev" and "next" pointer as
73: * the first two members of the struct (in that order).
74: */
75:
76: /*
77: * Tail queue list head structure.
78: */
79: TQ_DECLARE(defaults)
80: TQ_DECLARE(userspec)
81: TQ_DECLARE(member)
82: TQ_DECLARE(privilege)
83: TQ_DECLARE(cmndspec)
84:
85: /*
86: * Structure describing a user specification and list thereof.
87: */
88: struct userspec {
89: struct userspec *prev, *next;
90: struct member_list users; /* list of users */
91: struct privilege_list privileges; /* list of privileges */
92: };
1.1 millert 93:
94: /*
1.7 millert 95: * Structure describing a privilege specification.
96: */
97: struct privilege {
98: struct privilege *prev, *next;
99: struct member_list hostlist; /* list of hosts */
100: struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
101: };
102:
103: /*
104: * Structure describing a linked list of Cmnd_Specs.
105: */
106: struct cmndspec {
107: struct cmndspec *prev, *next;
108: struct member_list runasuserlist; /* list of runas users */
109: struct member_list runasgrouplist; /* list of runas groups */
110: struct member *cmnd; /* command to allow/deny */
111: struct cmndtag tags; /* tag specificaion */
112: #ifdef HAVE_SELINUX
113: char *role, *type; /* SELinux role and type */
114: #endif
115: };
116:
117: /*
118: * Generic structure to hold users, hosts, commands.
119: */
120: struct member {
121: struct member *prev, *next;
122: char *name; /* member name */
123: short type; /* type (see gram.h) */
124: short negated; /* negated via '!'? */
125: };
126:
127: struct runascontainer {
128: struct member *runasusers;
129: struct member *runasgroups;
1.1 millert 130: };
131:
132: /*
1.7 millert 133: * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
134: * Aliases are stored in a red-black tree, sorted by name and type.
1.1 millert 135: */
1.7 millert 136: struct alias {
137: char *name; /* alias name */
138: unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
139: unsigned short seqno; /* sequence number */
140: struct member_list members; /* list of alias members */
141: };
1.1 millert 142:
143: /*
1.7 millert 144: * Structure describing a Defaults entry and a list thereof.
1.1 millert 145: */
1.7 millert 146: struct defaults {
147: struct defaults *prev, *next;
148: char *var; /* variable name */
149: char *val; /* variable value */
150: struct member_list binding; /* user/host/runas binding */
151: int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
152: int op; /* TRUE, FALSE, '+', '-' */
1.1 millert 153: };
154:
1.7 millert 155: /*
156: * Parsed sudoers info.
157: */
158: extern struct userspec_list userspecs;
159: extern struct defaults_list defaults;
160:
161: /*
162: * Alias sequence number to avoid loops.
163: */
164: extern unsigned int alias_seqno;
1.1 millert 165:
166: /*
167: * Prototypes
168: */
1.7 millert 169: char *alias_add __P((char *, int, struct member *));
1.1 millert 170: int addr_matches __P((char *));
1.7 millert 171: int cmnd_matches __P((struct member *));
172: int cmndlist_matches __P((struct member_list *));
1.4 millert 173: int command_matches __P((char *, char *));
1.7 millert 174: int hostlist_matches __P((struct member_list *));
1.3 millert 175: int hostname_matches __P((char *, char *, char *));
1.2 millert 176: int netgr_matches __P((char *, char *, char *, char *));
1.7 millert 177: int no_aliases __P((void));
178: int runaslist_matches __P((struct member_list *, struct member_list *));
179: int userlist_matches __P((struct passwd *, struct member_list *));
180: int usergr_matches __P((char *, char *, struct passwd *));
1.4 millert 181: int userpw_matches __P((char *, char *, struct passwd *));
1.7 millert 182: int group_matches __P((char *, struct group *));
1.8 millert 183: struct alias *alias_find __P((char *, int));
184: struct alias *alias_remove __P((char *, int));
185: void alias_free __P((void *));
1.7 millert 186: void alias_apply __P((int (*)(void *, void *), void *));
187: void init_aliases __P((void));
1.9 ! millert 188: void init_lexer __P((void));
1.7 millert 189: void init_parser __P((char *, int));
1.8 millert 190: int alias_compare __P((const void *, const void *));
1.1 millert 191:
192: #endif /* _SUDO_PARSE_H */