=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/parse.yacc,v retrieving revision 1.11 retrieving revision 1.12 diff -c -r1.11 -r1.12 *** src/usr.bin/sudo/Attic/parse.yacc 2005/06/19 22:00:08 1.11 --- src/usr.bin/sudo/Attic/parse.yacc 2007/07/26 16:10:16 1.12 *************** *** 1,6 **** %{ /* ! * Copyright (c) 1996, 1998-2004 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above --- 1,7 ---- %{ /* ! * Copyright (c) 1996, 1998-2004, 2007 ! * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above *************** *** 29,35 **** * list_matches() can format things the way it wants. */ ! #include "config.h" #include #include --- 30,36 ---- * list_matches() can format things the way it wants. */ ! #include #include #include *************** *** 71,77 **** #endif /* HAVE_LSEARCH */ #ifndef lint ! static const char rcsid[] = "$Sudo: parse.yacc,v 1.204 2004/08/11 18:29:10 millert Exp $"; #endif /* lint */ /* --- 72,78 ---- #endif /* HAVE_LSEARCH */ #ifndef lint ! __unused static const char rcsid[] = "$Sudo: parse.yacc,v 1.204.2.5 2007/07/09 21:53:01 millert Exp $"; #endif /* lint */ /* *************** *** 124,129 **** --- 125,131 ---- match[top].runas = UNSPEC; \ match[top].nopass = def_authenticate ? UNSPEC : TRUE; \ match[top].noexec = def_noexec ? TRUE : UNSPEC; \ + match[top].setenv = def_setenv ? TRUE : UNSPEC; \ top++; \ } while (0) *************** *** 139,144 **** --- 141,147 ---- match[top].runas = match[top-1].runas; \ match[top].nopass = match[top-1].nopass; \ match[top].noexec = match[top-1].noexec; \ + match[top].setenv = match[top-1].setenv; \ top++; \ } while (0) *************** *** 242,247 **** --- 245,252 ---- %token PASSWD /* passwd req for command (default) */ %token NOEXEC /* preload dummy execve() for cmnd */ %token EXEC /* don't preload dummy execve() */ + %token SETENV /* user may set environment for cmnd */ + %token NOSETENV /* user may not set environment */ %token ALL /* ALL keyword */ %token COMMENT /* comment and/or carriage return */ %token HOSTALIAS /* Host_Alias keyword */ *************** *** 321,327 **** yyerror(NULL); YYERROR; } ! free($1); } | '!' DEFVAR { if (defaults_matches == TRUE && --- 326,332 ---- yyerror(NULL); YYERROR; } ! efree($1); } | '!' DEFVAR { if (defaults_matches == TRUE && *************** *** 329,335 **** yyerror(NULL); YYERROR; } ! free($2); } | DEFVAR '=' WORD { if (defaults_matches == TRUE && --- 334,340 ---- yyerror(NULL); YYERROR; } ! efree($2); } | DEFVAR '=' WORD { if (defaults_matches == TRUE && *************** *** 337,344 **** yyerror(NULL); YYERROR; } ! free($1); ! free($3); } | DEFVAR '+' WORD { if (defaults_matches == TRUE && --- 342,349 ---- yyerror(NULL); YYERROR; } ! efree($1); ! efree($3); } | DEFVAR '+' WORD { if (defaults_matches == TRUE && *************** *** 346,353 **** yyerror(NULL); YYERROR; } ! free($1); ! free($3); } | DEFVAR '-' WORD { if (defaults_matches == TRUE && --- 351,358 ---- yyerror(NULL); YYERROR; } ! efree($1); ! efree($3); } | DEFVAR '-' WORD { if (defaults_matches == TRUE && *************** *** 355,362 **** yyerror(NULL); YYERROR; } ! free($1); ! free($3); } ; --- 360,367 ---- yyerror(NULL); YYERROR; } ! efree($1); ! efree($3); } ; *************** *** 374,379 **** --- 379,385 ---- runas_matches = UNSPEC; no_passwd = def_authenticate ? UNSPEC : TRUE; no_execve = def_noexec ? TRUE : UNSPEC; + setenv_ok = def_setenv ? TRUE : UNSPEC; } ; *************** *** 393,413 **** $$ = TRUE; else $$ = NOMATCH; ! free($1); } | NETGROUP { if (netgr_matches($1, user_host, user_shost, NULL)) $$ = TRUE; else $$ = NOMATCH; ! free($1); } | WORD { if (hostname_matches(user_shost, user_host, $1) == 0) $$ = TRUE; else $$ = NOMATCH; ! free($1); } | ALIAS { aliasinfo *aip = find_alias($1, HOST_ALIAS); --- 399,419 ---- $$ = TRUE; else $$ = NOMATCH; ! efree($1); } | NETGROUP { if (netgr_matches($1, user_host, user_shost, NULL)) $$ = TRUE; else $$ = NOMATCH; ! efree($1); } | WORD { if (hostname_matches(user_shost, user_host, $1) == 0) $$ = TRUE; else $$ = NOMATCH; ! efree($1); } | ALIAS { aliasinfo *aip = find_alias($1, HOST_ALIAS); *************** *** 429,435 **** } $$ = NOMATCH; } ! free($1); } ; --- 435,441 ---- } $$ = NOMATCH; } ! efree($1); } ; *************** *** 549,555 **** $$ = TRUE; else $$ = NOMATCH; ! free($1); used_runas = TRUE; } | USERGROUP { --- 555,561 ---- $$ = TRUE; else $$ = NOMATCH; ! efree($1); used_runas = TRUE; } | USERGROUP { *************** *** 564,570 **** $$ = TRUE; else $$ = NOMATCH; ! free($1); used_runas = TRUE; } | NETGROUP { --- 570,576 ---- $$ = TRUE; else $$ = NOMATCH; ! efree($1); used_runas = TRUE; } | NETGROUP { *************** *** 579,585 **** $$ = TRUE; else $$ = NOMATCH; ! free($1); used_runas = TRUE; } | ALIAS { --- 585,591 ---- $$ = TRUE; else $$ = NOMATCH; ! efree($1); used_runas = TRUE; } | ALIAS { *************** *** 609,615 **** } $$ = NOMATCH; } ! free($1); used_runas = TRUE; } | ALL { --- 615,621 ---- } $$ = NOMATCH; } ! efree($1); used_runas = TRUE; } | ALL { *************** *** 625,631 **** ; cmndtag : /* empty */ { ! /* Inherit {NOPASSWD,PASSWD,NOEXEC,EXEC} status. */ if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { if (no_passwd == TRUE) --- 631,637 ---- ; cmndtag : /* empty */ { ! /* Inherit {NO,}{PASSWD,EXEC,SETENV} status. */ if (printmatches == TRUE && host_matches == TRUE && user_matches == TRUE) { if (no_passwd == TRUE) *************** *** 636,641 **** --- 642,651 ---- cm_list[cm_list_len].noexecve = TRUE; else cm_list[cm_list_len].noexecve = FALSE; + if (setenv_ok == TRUE) + cm_list[cm_list_len].setenv = TRUE; + else + cm_list[cm_list_len].setenv = FALSE; } } | cmndtag NOPASSWD { *************** *** 662,667 **** --- 672,689 ---- user_matches == TRUE) cm_list[cm_list_len].noexecve = FALSE; } + | cmndtag SETENV { + setenv_ok = TRUE; + if (printmatches == TRUE && host_matches == TRUE && + user_matches == TRUE) + cm_list[cm_list_len].setenv = TRUE; + } + | cmndtag NOSETENV { + setenv_ok = FALSE; + if (printmatches == TRUE && host_matches == TRUE && + user_matches == TRUE) + cm_list[cm_list_len].setenv = FALSE; + } ; cmnd : ALL { *************** *** 675,680 **** --- 697,704 ---- } } + efree(safe_cmnd); + safe_cmnd = NULL; $$ = TRUE; } | ALIAS { *************** *** 704,710 **** } $$ = NOMATCH; } ! free($1); } | COMMAND { if (printmatches == TRUE) { --- 728,734 ---- } $$ = NOMATCH; } ! efree($1); } | COMMAND { if (printmatches == TRUE) { *************** *** 727,735 **** else $$ = NOMATCH; ! free($1.cmnd); ! if ($1.args) ! free($1.args); } ; --- 751,758 ---- else $$ = NOMATCH; ! efree($1.cmnd); ! efree($1.args); } ; *************** *** 771,777 **** YYERROR; } pop; ! free($1); if (printmatches == TRUE) in_alias = FALSE; --- 794,800 ---- YYERROR; } pop; ! efree($1); if (printmatches == TRUE) in_alias = FALSE; *************** *** 800,806 **** yyerror(NULL); YYERROR; } ! free($1); if (printmatches == TRUE) in_alias = FALSE; --- 823,829 ---- yyerror(NULL); YYERROR; } ! efree($1); if (printmatches == TRUE) in_alias = FALSE; *************** *** 818,824 **** YYERROR; } pop; ! free($1); } ; --- 841,847 ---- YYERROR; } pop; ! efree($1); } ; *************** *** 839,859 **** $$ = TRUE; else $$ = NOMATCH; ! free($1); } | USERGROUP { if (usergr_matches($1, user_name, sudo_user.pw)) $$ = TRUE; else $$ = NOMATCH; ! free($1); } | NETGROUP { if (netgr_matches($1, NULL, NULL, user_name)) $$ = TRUE; else $$ = NOMATCH; ! free($1); } | ALIAS { aliasinfo *aip = find_alias($1, USER_ALIAS); --- 862,882 ---- $$ = TRUE; else $$ = NOMATCH; ! efree($1); } | USERGROUP { if (usergr_matches($1, user_name, sudo_user.pw)) $$ = TRUE; else $$ = NOMATCH; ! efree($1); } | NETGROUP { if (netgr_matches($1, NULL, NULL, user_name)) $$ = TRUE; else $$ = NOMATCH; ! efree($1); } | ALIAS { aliasinfo *aip = find_alias($1, USER_ALIAS); *************** *** 875,881 **** } $$ = NOMATCH; } ! free($1); } | ALL { $$ = TRUE; --- 898,904 ---- } $$ = NOMATCH; } ! efree($1); } | ALL { $$ = TRUE; *************** *** 1084,1089 **** --- 1107,1118 ---- else if (cm_list[count].nopasswd == FALSE && !def_authenticate) (void) fputs("PASSWD: ", stdout); + /* Is setenv enabled? */ + if (cm_list[count].setenv == TRUE && !def_setenv) + (void) fputs("SETENV: ", stdout); + else if (cm_list[count].setenv == FALSE && def_setenv) + (void) fputs("NOSETENV: ", stdout); + /* Print the actual command or expanded Cmnd_Alias. */ key.alias = cm_list[count].cmnd; key.type = CMND_ALIAS; *************** *** 1096,1112 **** /* Be nice and free up space now that we are done. */ for (count = 0; count < ga_list_len; count++) { ! free(ga_list[count].alias); ! free(ga_list[count].entries); } ! free(ga_list); ga_list = NULL; for (count = 0; count < cm_list_len; count++) { ! free(cm_list[count].runas); ! free(cm_list[count].cmnd); } ! free(cm_list); cm_list = NULL; cm_list_len = 0; cm_list_size = 0; --- 1125,1141 ---- /* Be nice and free up space now that we are done. */ for (count = 0; count < ga_list_len; count++) { ! efree(ga_list[count].alias); ! efree(ga_list[count].entries); } ! efree(ga_list); ga_list = NULL; for (count = 0; count < cm_list_len; count++) { ! efree(cm_list[count].runas); ! efree(cm_list[count].cmnd); } ! efree(cm_list); cm_list = NULL; cm_list_len = 0; cm_list_size = 0; *************** *** 1168,1175 **** if (aliases) { for (n = 0; n < naliases; n++) ! free(aliases[n].name); ! free(aliases); aliases = NULL; } naliases = nslots = 0; --- 1197,1204 ---- if (aliases) { for (n = 0; n < naliases; n++) ! efree(aliases[n].name); ! efree(aliases); aliases = NULL; } naliases = nslots = 0; *************** *** 1211,1216 **** --- 1240,1246 ---- cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL; cm_list[cm_list_len].nopasswd = FALSE; cm_list[cm_list_len].noexecve = FALSE; + cm_list[cm_list_len].setenv = FALSE; } /* *************** *** 1223,1229 **** /* Free up old data structures if we run the parser more than once. */ if (match) { ! free(match); match = NULL; top = 0; parse_error = FALSE; --- 1253,1259 ---- /* Free up old data structures if we run the parser more than once. */ if (match) { ! efree(match); match = NULL; top = 0; parse_error = FALSE;