| version 1.20, 2008/01/21 19:44:29 |
version 1.21, 2008/07/31 16:44:03 |
|
|
| #endif /* HAVE_LSEARCH */ |
#endif /* HAVE_LSEARCH */ |
| |
|
| #ifndef lint |
#ifndef lint |
| __unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.10 2008/01/16 23:20:53 millert Exp $"; |
__unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.13 2008/02/27 20:34:42 millert Exp $"; |
| #endif /* lint */ |
#endif /* lint */ |
| |
|
| /* |
/* |
|
|
| match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ |
match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ |
| match[top].noexec = def_noexec ? TRUE : UNSPEC; \ |
match[top].noexec = def_noexec ? TRUE : UNSPEC; \ |
| match[top].setenv = def_setenv ? TRUE : UNSPEC; \ |
match[top].setenv = def_setenv ? TRUE : UNSPEC; \ |
| |
match[top].role = NULL; \ |
| |
match[top].type = NULL; \ |
| top++; \ |
top++; \ |
| } while (0) |
} while (0) |
| |
|
|
|
| match[top].nopass = match[top-1].nopass; \ |
match[top].nopass = match[top-1].nopass; \ |
| match[top].noexec = match[top-1].noexec; \ |
match[top].noexec = match[top-1].noexec; \ |
| match[top].setenv = match[top-1].setenv; \ |
match[top].setenv = match[top-1].setenv; \ |
| |
match[top].role = estrdup(match[top-1].role); \ |
| |
match[top].type = estrdup(match[top-1].type); \ |
| top++; \ |
top++; \ |
| } while (0) |
} while (0) |
| |
|
|
|
| do { \ |
do { \ |
| if (top == 0) \ |
if (top == 0) \ |
| yyerror("matching stack underflow"); \ |
yyerror("matching stack underflow"); \ |
| else \ |
else { \ |
| |
efree(match[top-1].role); \ |
| |
efree(match[top-1].type); \ |
| top--; \ |
top--; \ |
| |
} \ |
| } while (0) |
} while (0) |
| |
|
| |
|
|
|
| #define append_runas(s, p) append(s, &cm_list[cm_list_len].runas, \ |
#define append_runas(s, p) append(s, &cm_list[cm_list_len].runas, \ |
| &cm_list[cm_list_len].runas_len, &cm_list[cm_list_len].runas_size, p) |
&cm_list[cm_list_len].runas_len, &cm_list[cm_list_len].runas_size, p) |
| |
|
| |
#define append_role(s, p) append(s, &cm_list[cm_list_len].role, \ |
| |
&cm_list[cm_list_len].role_len, &cm_list[cm_list_len].role_size, p) |
| |
|
| |
#define append_type(s, p) append(s, &cm_list[cm_list_len].type, \ |
| |
&cm_list[cm_list_len].type_len, &cm_list[cm_list_len].type_size, p) |
| |
|
| #define append_entries(s, p) append(s, &ga_list[ga_list_len-1].entries, \ |
#define append_entries(s, p) append(s, &ga_list[ga_list_len-1].entries, \ |
| &ga_list[ga_list_len-1].entries_len, \ |
&ga_list[ga_list_len-1].entries_len, \ |
| &ga_list[ga_list_len-1].entries_size, p) |
&ga_list[ga_list_len-1].entries_size, p) |
|
|
| int BOOLEAN; |
int BOOLEAN; |
| struct sudo_command command; |
struct sudo_command command; |
| int tok; |
int tok; |
| |
struct selinux_info seinfo; |
| } |
} |
| |
|
| %start file /* special start symbol */ |
%start file /* special start symbol */ |
|
|
| %token <tok> RUNASALIAS /* Runas_Alias keyword */ |
%token <tok> RUNASALIAS /* Runas_Alias keyword */ |
| %token <tok> ':' '=' ',' '!' '+' '-' /* union member tokens */ |
%token <tok> ':' '=' ',' '!' '+' '-' /* union member tokens */ |
| %token <tok> ERROR |
%token <tok> ERROR |
| |
%token <tok> TYPE /* SELinux type */ |
| |
%token <tok> ROLE /* SELinux role */ |
| |
|
| /* |
/* |
| * NOTE: these are not true booleans as there are actually 4 possible values: |
* NOTE: these are not true booleans as there are actually 4 possible values: |
|
|
| %type <BOOLEAN> oprunasuser |
%type <BOOLEAN> oprunasuser |
| %type <BOOLEAN> runaslist |
%type <BOOLEAN> runaslist |
| %type <BOOLEAN> user |
%type <BOOLEAN> user |
| |
%type <seinfo> selinux |
| |
%type <string> rolespec |
| |
%type <string> typespec |
| |
|
| %% |
%% |
| |
|
|
|
| no_passwd = def_authenticate ? UNSPEC : TRUE; |
no_passwd = def_authenticate ? UNSPEC : TRUE; |
| no_execve = def_noexec ? TRUE : UNSPEC; |
no_execve = def_noexec ? TRUE : UNSPEC; |
| setenv_ok = def_setenv ? TRUE : UNSPEC; |
setenv_ok = def_setenv ? TRUE : UNSPEC; |
| |
#ifdef HAVE_SELINUX |
| |
efree(match[top-1].role); |
| |
match[top-1].role = NULL; |
| |
efree(match[top-1].type); |
| |
match[top-1].type = NULL; |
| |
#endif |
| } |
} |
| ; |
; |
| |
|
|
|
| | cmndspeclist ',' cmndspec |
| cmndspeclist ',' cmndspec |
| ; |
; |
| |
|
| cmndspec : { SETENV_RESET; } runasspec cmndtag opcmnd { |
cmndspec : { SETENV_RESET; } runasspec selinux cmndtag opcmnd { |
| |
#ifdef HAVE_SELINUX |
| |
/* Replace inherited role/type as needed. */ |
| |
if ($3.role != NULL) { |
| |
efree(match[top-1].role); |
| |
match[top-1].role = $3.role; |
| |
} |
| |
if ($3.type != NULL) { |
| |
efree(match[top-1].type); |
| |
match[top-1].type = $3.type; |
| |
} |
| |
#endif |
| /* |
/* |
| * Push the entry onto the stack if it is worth |
* Push the entry onto the stack if it is worth |
| * saving and reset cmnd_matches for next cmnd. |
* saving and reset cmnd_matches for next cmnd. |
|
|
| pushcp; |
pushcp; |
| else if (user_matches == TRUE && keepall) |
else if (user_matches == TRUE && keepall) |
| pushcp; |
pushcp; |
| |
|
| cmnd_matches = UNSPEC; |
cmnd_matches = UNSPEC; |
| } |
} |
| ; |
; |
|
|
| } |
} |
| ; |
; |
| |
|
| |
rolespec : ROLE '=' WORD { |
| |
#ifdef HAVE_SELINUX |
| |
if (printmatches == TRUE && host_matches == TRUE && |
| |
user_matches == TRUE && runas_matches == TRUE) |
| |
append_role($3, NULL); |
| |
$$ = $3; |
| |
#else |
| |
free($3); |
| |
$$ = NULL; |
| |
#endif /* HAVE_SELINUX */ |
| |
} |
| |
; |
| |
|
| |
typespec : TYPE '=' WORD { |
| |
#ifdef HAVE_SELINUX |
| |
if (printmatches == TRUE && host_matches == TRUE && |
| |
user_matches == TRUE && runas_matches == TRUE) |
| |
append_type($3, NULL); |
| |
$$ = $3; |
| |
#else |
| |
free($3); |
| |
$$ = NULL; |
| |
#endif /* HAVE_SELINUX */ |
| |
} |
| |
; |
| |
|
| |
selinux : /* empty */ { |
| |
#ifdef HAVE_SELINUX |
| |
if (printmatches == TRUE && host_matches == TRUE && |
| |
user_matches == TRUE && runas_matches == TRUE) { |
| |
/* Inherit role. */ |
| |
cm_list[cm_list_len].role = |
| |
estrdup(cm_list[cm_list_len-1].role); |
| |
cm_list[cm_list_len].role_len = |
| |
cm_list[cm_list_len-1].role_len; |
| |
cm_list[cm_list_len].role_size = |
| |
cm_list[cm_list_len-1].role_len + 1; |
| |
/* Inherit type. */ |
| |
cm_list[cm_list_len].type = |
| |
estrdup(cm_list[cm_list_len-1].type); |
| |
cm_list[cm_list_len].type_len = |
| |
cm_list[cm_list_len-1].type_len; |
| |
cm_list[cm_list_len].type_size = |
| |
cm_list[cm_list_len-1].type_len + 1; |
| |
} |
| |
#endif /* HAVE_SELINUX */ |
| |
$$.role = NULL; |
| |
$$.type = NULL; |
| |
} |
| |
| rolespec { |
| |
#ifdef HAVE_SELINUX |
| |
if (printmatches == TRUE && host_matches == TRUE && |
| |
user_matches == TRUE && runas_matches == TRUE) { |
| |
/* Inherit type. */ |
| |
cm_list[cm_list_len].type = |
| |
estrdup(cm_list[cm_list_len-1].type); |
| |
cm_list[cm_list_len].type_len = |
| |
cm_list[cm_list_len-1].type_len; |
| |
cm_list[cm_list_len].type_size = |
| |
cm_list[cm_list_len-1].type_len + 1; |
| |
} |
| |
#endif /* HAVE_SELINUX */ |
| |
$$.role = $1; |
| |
$$.type = NULL; |
| |
} |
| |
| typespec { |
| |
#ifdef HAVE_SELINUX |
| |
if (printmatches == TRUE && host_matches == TRUE && |
| |
user_matches == TRUE && runas_matches == TRUE) { |
| |
/* Inherit role. */ |
| |
cm_list[cm_list_len].role = |
| |
estrdup(cm_list[cm_list_len-1].role); |
| |
cm_list[cm_list_len].role_len = |
| |
cm_list[cm_list_len-1].role_len; |
| |
cm_list[cm_list_len].role_size = |
| |
cm_list[cm_list_len-1].role_len + 1; |
| |
} |
| |
#endif /* HAVE_SELINUX */ |
| |
$$.type = $1; |
| |
$$.role = NULL; |
| |
} |
| |
| rolespec typespec { |
| |
$$.role = $1; |
| |
$$.type = $2; |
| |
} |
| |
| typespec rolespec { |
| |
$$.type = $1; |
| |
$$.role = $2; |
| |
} |
| |
; |
| |
|
| runasspec : /* empty */ { |
runasspec : /* empty */ { |
| if (printmatches == TRUE && host_matches == TRUE && |
if (printmatches == TRUE && host_matches == TRUE && |
| user_matches == TRUE) { |
user_matches == TRUE) { |
|
|
| cm_list[cm_list_len].runas_len = |
cm_list[cm_list_len].runas_len = |
| cm_list[cm_list_len-1].runas_len; |
cm_list[cm_list_len-1].runas_len; |
| cm_list[cm_list_len].runas_size = |
cm_list[cm_list_len].runas_size = |
| cm_list[cm_list_len-1].runas_size; |
cm_list[cm_list_len-1].runas_len + 1; |
| } |
} |
| } |
} |
| /* |
/* |
|
|
| (void) printf("(%s) ", def_runas_default); |
(void) printf("(%s) ", def_runas_default); |
| } |
} |
| |
|
| |
#ifdef HAVE_SELINUX |
| |
/* SELinux role and type */ |
| |
if (cm_list[count].role != NULL) |
| |
(void) printf("ROLE=%s ", cm_list[count].role); |
| |
if (cm_list[count].type != NULL) |
| |
(void) printf("TYPE=%s ", cm_list[count].type); |
| |
#endif |
| |
|
| /* Is execve(2) disabled? */ |
/* Is execve(2) disabled? */ |
| if (cm_list[count].noexecve == TRUE && !def_noexec) |
if (cm_list[count].noexecve == TRUE && !def_noexec) |
| (void) fputs("NOEXEC: ", stdout); |
(void) fputs("NOEXEC: ", stdout); |
|
|
| for (count = 0; count < cm_list_len; count++) { |
for (count = 0; count < cm_list_len; count++) { |
| efree(cm_list[count].runas); |
efree(cm_list[count].runas); |
| efree(cm_list[count].cmnd); |
efree(cm_list[count].cmnd); |
| |
efree(cm_list[count].role); |
| |
efree(cm_list[count].type); |
| } |
} |
| efree(cm_list); |
efree(cm_list); |
| cm_list = NULL; |
cm_list = NULL; |
|
|
| } |
} |
| |
|
| cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL; |
cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL; |
| |
cm_list[cm_list_len].type = cm_list[cm_list_len].role = NULL; |
| cm_list[cm_list_len].nopasswd = FALSE; |
cm_list[cm_list_len].nopasswd = FALSE; |
| cm_list[cm_list_len].noexecve = FALSE; |
cm_list[cm_list_len].noexecve = FALSE; |
| cm_list[cm_list_len].setenv = FALSE; |
cm_list[cm_list_len].setenv = FALSE; |
![[BACK]](/icons/back.gif){kind=icon}
Return to parse.yacc CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo