3 * Copyright (c) 1996, 1998-2005, 2007-2008
4 * Todd C. Miller <Todd.Miller@courtesan.com>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
18 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
19 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21 * Sponsored in part by the Defense Advanced Research Projects
22 * Agency (DARPA) and Air Force Research Laboratory, Air Force
23 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
28 #include <sys/types.h>
29 #include <sys/param.h>
38 #endif /* STDC_HEADERS */
42 # ifdef HAVE_STRINGS_H
45 #endif /* HAVE_STRING_H */
48 #endif /* HAVE_UNISTD_H */
49 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
51 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
58 __unused static const char rcsid[] = "$Sudo: toke.l,v 1.27 2008/11/24 00:41:36 millert Exp $";
61 extern YYSTYPE yylval;
64 static int sawspace = 0;
65 static int arg_len = 0;
66 static int arg_size = 0;
68 static int append __P((char *, int));
69 static int _fill __P((char *, int, int));
70 static int fill_cmnd __P((char *, int));
71 static int fill_args __P((char *, int, int));
72 static int switch_buffer __P((char *));
73 static int ipv6_valid __P((const char *s));
74 static char *parse_include __P((char *));
75 extern void yyerror __P((const char *));
77 #define fill(a, b) _fill(a, b, 0)
79 #define push_include(_p) (switch_buffer((_p)))
80 #define pop_include() (switch_buffer(NULL))
82 /* realloc() to size + COMMANDARGINC to make room for command args */
83 #define COMMANDARGINC 64
86 #define LEXTRACE(msg) fputs(msg, stderr)
92 HEX16 [0-9A-Fa-f]{1,4}
93 OCTET (1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])
94 IPV4ADDR {OCTET}(\.{OCTET}){3}
95 IPV6ADDR ({HEX16}?:){2,7}{HEX16}?|({HEX16}?:){2,6}:{IPV4ADDR}
97 HOSTNAME [[:alnum:]_-]+
98 WORD ([^#>!=:,\(\) \t\n\\]|\\[^\n])+
100 PATH \/(\\[\,:= \t#]|[^\,:=\\ \t\n#])+
101 ENVAR ([^#!=, \t\n\\\"]|\\[^\n])([^#=, \t\n\\\"]|\\[^\n])*
114 <GOTDEFS>[[:blank:]]+ BEGIN STARTDEFS;
116 <STARTDEFS>{DEFVAR} {
119 if (!fill(yytext, yyleng))
147 LEXTRACE("BEGINSTR ");
148 yylval.string = NULL;
153 LEXTRACE("WORD(2) ");
154 if (!fill(yytext, yyleng))
161 \\[[:blank:]]*\n[[:blank:]]* {
162 /* Line continuation char followed by newline. */
174 LEXTRACE("BACKSLASH ");
175 if (!append(yytext, yyleng))
180 LEXTRACE("STRBODY ");
181 if (!append(yytext, yyleng))
188 /* quoted fnmatch glob char, pass verbatim */
189 LEXTRACE("QUOTEDCHAR ");
190 if (!fill_args(yytext, 2, sawspace))
196 /* quoted sudoers special char, strip backslash */
197 LEXTRACE("QUOTEDCHAR ");
198 if (!fill_args(yytext + 1, 1, sawspace))
207 } /* end of command line args */
211 if (!fill_args(yytext, yyleng, sawspace))
214 } /* a command line arg */
217 <INITIAL>^#include[[:blank:]]+\/.*\n {
220 if ((path = parse_include(yytext)) == NULL)
223 LEXTRACE("INCLUDE\n");
225 /* Push current buffer and switch to include file */
226 if (!push_include(path))
230 <INITIAL>^[[:blank:]]*Defaults([:@>\!]{WORD})? {
232 for (n = 0; isblank((unsigned char)yytext[n]); n++)
236 switch (yytext[n++]) {
239 LEXTRACE("DEFAULTS_USER ");
240 return(DEFAULTS_USER);
243 LEXTRACE("DEFAULTS_RUNAS ");
244 return(DEFAULTS_RUNAS);
247 LEXTRACE("DEFAULTS_HOST ");
248 return(DEFAULTS_HOST);
251 LEXTRACE("DEFAULTS_CMND ");
252 return(DEFAULTS_CMND);
254 LEXTRACE("DEFAULTS ");
259 <INITIAL>^[[:blank:]]*(Host|Cmnd|User|Runas)_Alias {
261 for (n = 0; isblank((unsigned char)yytext[n]); n++)
265 LEXTRACE("HOSTALIAS ");
268 LEXTRACE("CMNDALIAS ");
271 LEXTRACE("USERALIAS ");
274 LEXTRACE("RUNASALIAS ");
279 NOPASSWD[[:blank:]]*: {
280 /* cmnd does not require passwd for this user */
281 LEXTRACE("NOPASSWD ");
285 PASSWD[[:blank:]]*: {
286 /* cmnd requires passwd for this user */
291 NOEXEC[[:blank:]]*: {
301 SETENV[[:blank:]]*: {
306 NOSETENV[[:blank:]]*: {
307 LEXTRACE("NOSETENV ");
313 if (!fill(yytext, yyleng))
315 LEXTRACE("NETGROUP ");
321 if (!fill(yytext, yyleng))
323 LEXTRACE("USERGROUP ");
327 {IPV4ADDR}(\/{IPV4ADDR})? {
328 if (!fill(yytext, yyleng))
330 LEXTRACE("NTWKADDR ");
334 {IPV4ADDR}\/([12][0-9]*|3[0-2]*) {
335 if (!fill(yytext, yyleng))
337 LEXTRACE("NTWKADDR ");
341 {IPV6ADDR}(\/{IPV6ADDR})? {
342 if (!ipv6_valid(yytext)) {
346 if (!fill(yytext, yyleng))
348 LEXTRACE("NTWKADDR ");
352 {IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) {
353 if (!ipv6_valid(yytext)) {
357 if (!fill(yytext, yyleng))
359 LEXTRACE("NTWKADDR ");
363 [[:upper:]][[:upper:][:digit:]_]* {
364 if (strcmp(yytext, "ALL") == 0) {
369 /* XXX - restrict type/role to initial state */
370 if (strcmp(yytext, "TYPE") == 0) {
374 if (strcmp(yytext, "ROLE") == 0) {
378 #endif /* HAVE_SELINUX */
379 if (!fill(yytext, yyleng))
385 <GOTDEFS>({PATH}|sudoedit) {
386 /* no command args allowed for Defaults!/path */
387 if (!fill_cmnd(yytext, yyleng))
389 LEXTRACE("COMMAND ");
395 LEXTRACE("COMMAND ");
396 if (!fill_cmnd(yytext, yyleng))
401 /* directories can't have args... */
402 if (yytext[yyleng - 1] == '/') {
403 LEXTRACE("COMMAND ");
404 if (!fill_cmnd(yytext, yyleng))
409 LEXTRACE("COMMAND ");
410 if (!fill_cmnd(yytext, yyleng))
415 <INITIAL,GOTDEFS>({ID}|{WORD}) {
417 if (!fill(yytext, yyleng))
419 LEXTRACE("WORD(4) ");
450 return('!'); /* return '!' */
458 } /* return newline */
460 <*>[[:blank:]]+ { /* throw away space/tabs */
461 sawspace = TRUE; /* but remember for fill_args */
464 <*>\\[[:blank:]]*\n {
465 sawspace = TRUE; /* remember for fill_args */
468 } /* throw away EOL after \ */
470 <INITIAL,STARTDEFS,INDEFS>#([^\n0-9-].*)?\n {
475 } /* return comments */
483 if (YY_START != INITIAL) {
494 _fill(src, len, olen)
501 dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1);
503 yyerror("unable to allocate memory");
508 /* Copy the string and collapse any escaped characters. */
510 for (i = 0, j = 0; i < len; i++, j++) {
511 if (src[i] == '\\' && i != len - 1)
527 if (yylval.string != NULL)
528 olen = strlen(yylval.string);
530 return(_fill(src, len, olen));
534 ((c) == ',' || (c) == ':' || (c) == '=' || (c) == ' ' || (c) == '\t' || (c) == '#')
544 arg_len = arg_size = 0;
546 dst = yylval.command.cmnd = (char *) malloc(len + 1);
547 if (yylval.command.cmnd == NULL) {
548 yyerror("unable to allocate memory");
552 /* Copy the string and collapse any escaped sudo-specific characters. */
553 for (i = 0; i < len; i++) {
554 if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1]))
561 yylval.command.args = NULL;
566 fill_args(s, len, addspace)
574 if (yylval.command.args == NULL) {
578 new_len = arg_len + len + addspace;
580 if (new_len >= arg_size) {
581 /* Allocate more space than we need for subsequent args */
582 while (new_len >= (arg_size += COMMANDARGINC))
585 p = yylval.command.args ?
586 (char *) realloc(yylval.command.args, arg_size) :
587 (char *) malloc(arg_size);
589 efree(yylval.command.args);
590 yyerror("unable to allocate memory");
593 yylval.command.args = p;
596 /* Efficiently append the arg (with a leading space if needed). */
597 p = yylval.command.args + arg_len;
600 if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) {
601 yyerror("fill_args: buffer overflow"); /* paranoia */
608 struct sudoers_state {
614 #define MAX_SUDOERS_DEPTH 128
615 #define SUDOERS_STACK_INCREMENT 16
621 static size_t stacksize, depth;
622 static struct sudoers_state *state;
627 /* push current state */
628 if (depth >= stacksize) {
629 if (depth > MAX_SUDOERS_DEPTH) {
630 yyerror("too many levels of includes");
633 stacksize += SUDOERS_STACK_INCREMENT;
634 state = (struct sudoers_state *) realloc(state,
635 sizeof(state) * stacksize);
637 yyerror("unable to allocate memory");
641 if ((fp = open_sudoers(path, &keepopen)) == NULL) {
645 state[depth].bs = YY_CURRENT_BUFFER;
646 state[depth].path = sudoers;
647 state[depth].lineno = sudolineno;
651 yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
658 fclose(YY_CURRENT_BUFFER->yy_input_file);
659 yy_delete_buffer(YY_CURRENT_BUFFER);
660 yy_switch_to_buffer(state[depth].bs);
662 sudoers = state[depth].path;
663 sudolineno = state[depth].lineno;
673 char *cp, *ep, *path;
676 /* Pull out path from #include line. */
677 cp = base + sizeof("#include");
678 while (isblank((unsigned char) *cp))
681 while (*ep != '\0' && !isspace((unsigned char) *ep))
684 /* Make a copy of path and return it. */
685 len = (int)(ep - cp);
686 if ((path = malloc(len + 1)) == NULL)
687 yyerror("unable to allocate memory");
688 memcpy(path, cp, len);
691 /* Push any excess characters (e.g. comment, newline) back to the lexer */
693 yyless((int)(ep - base));
699 * Check to make sure an IPv6 address does not contain multiple instances
700 * of the string "::". Assumes strlen(s) >= 1.
701 * Returns TRUE if address is valid else FALSE.
709 for (; *s != '\0'; s++) {
710 if (s[0] == ':' && s[1] == ':') {
715 nmatch = 0; /* reset if we hit netmask */
718 return (nmatch <= 1);