8 #define yyclearin (yychar=(YYEMPTY))
9 #define yyerrok (yyerrflag=0)
10 #define YYRECOVERING() (yyerrflag!=0)
14 * Copyright (c) 1996, 1998-2005, 2007-2010
15 * Todd C. Miller <Todd.Miller@courtesan.com>
17 * Permission to use, copy, modify, and distribute this software for any
18 * purpose with or without fee is hereby granted, provided that the above
19 * copyright notice and this permission notice appear in all copies.
21 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
22 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
23 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
24 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
25 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
26 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
27 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
28 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 * Sponsored in part by the Defense Advanced Research Projects
32 * Agency (DARPA) and Air Force Research Laboratory, Air Force
33 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
38 #include <sys/types.h>
39 #include <sys/param.h>
48 #endif /* STDC_HEADERS */
51 #endif /* HAVE_STRING_H */
54 #endif /* HAVE_STRINGS_H */
57 #endif /* HAVE_UNISTD_H */
58 #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
60 #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
67 * We must define SIZE_MAX for yacc's skeleton.c.
68 * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
69 * could be signed (as it is on SunOS 4.x).
73 # define SIZE_MAX SIZE_T_MAX
75 # define SIZE_MAX INT_MAX
76 # endif /* SIZE_T_MAX */
82 extern int sudolineno;
88 char *errorfile = NULL;
90 struct defaults_list defaults;
91 struct userspec_list userspecs;
96 static void add_defaults __P((int, struct member *, struct defaults *));
97 static void add_userspec __P((struct member *, struct privilege *));
98 static struct defaults *new_default __P((char *, char *, int));
99 static struct member *new_member __P((char *, int));
100 void yyerror __P((const char *));
106 /* Save the line the first error occurred on. */
107 if (errorlineno == -1) {
108 errorlineno = sudolineno ? sudolineno - 1 : 0;
109 errorfile = estrdup(sudoers);
111 if (verbose && s != NULL) {
113 (void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
114 sudolineno ? sudolineno - 1 : 0);
116 (void) fprintf(stderr, "<*> ");
122 #ifndef YYSTYPE_DEFINED
123 #define YYSTYPE_DEFINED
125 struct cmndspec *cmndspec;
126 struct defaults *defaults;
127 struct member *member;
128 struct runascontainer *runas;
129 struct privilege *privilege;
130 struct sudo_command command;
132 struct selinux_info seinfo;
136 #endif /* YYSTYPE_DEFINED */
143 #define USERGROUP 262
146 #define DEFAULTS_HOST 265
147 #define DEFAULTS_USER 266
148 #define DEFAULTS_RUNAS 267
149 #define DEFAULTS_CMND 268
156 #define LOG_INPUT 275
157 #define NOLOG_INPUT 276
158 #define LOG_OUTPUT 277
159 #define NOLOG_OUTPUT 278
162 #define HOSTALIAS 281
163 #define CMNDALIAS 282
164 #define USERALIAS 283
165 #define RUNASALIAS 284
169 #define YYERRCODE 256
170 #if defined(__cplusplus) || defined(__STDC__)
171 const short yylhs[] =
176 0, 0, 25, 25, 26, 26, 26, 26, 26, 26,
177 26, 26, 26, 26, 26, 26, 4, 4, 3, 3,
178 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
179 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
180 22, 22, 22, 22, 22, 17, 17, 18, 18, 18,
181 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
182 21, 5, 5, 5, 28, 28, 31, 9, 9, 29,
183 29, 32, 7, 7, 30, 30, 33, 27, 27, 34,
184 13, 13, 11, 11, 12, 12, 12, 12, 12, 16,
185 16, 14, 14, 15, 15, 15,
187 #if defined(__cplusplus) || defined(__STDC__)
188 const short yylen[] =
193 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
194 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
195 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
196 1, 1, 1, 1, 3, 4, 1, 2, 3, 3,
197 0, 1, 1, 2, 2, 0, 3, 1, 3, 2,
198 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
199 2, 1, 1, 1, 1, 3, 3, 1, 3, 1,
200 3, 3, 1, 3, 1, 3, 3, 1, 3, 3,
201 1, 3, 1, 2, 1, 1, 1, 1, 1, 1,
204 #if defined(__cplusplus) || defined(__STDC__)
205 const short yydefred[] =
210 0, 85, 87, 88, 89, 0, 0, 0, 0, 0,
211 86, 5, 0, 0, 0, 0, 0, 0, 81, 83,
212 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
213 31, 33, 30, 0, 27, 0, 68, 0, 0, 64,
214 63, 62, 0, 37, 73, 0, 0, 0, 65, 0,
215 0, 70, 0, 0, 78, 0, 0, 75, 84, 0,
216 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
217 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
218 0, 0, 0, 0, 0, 82, 0, 0, 21, 22,
219 23, 18, 69, 74, 0, 66, 0, 71, 0, 79,
220 0, 76, 0, 34, 0, 0, 25, 0, 0, 0,
221 0, 0, 0, 51, 0, 0, 94, 96, 95, 0,
222 90, 92, 0, 0, 47, 35, 0, 0, 0, 44,
223 45, 93, 0, 0, 40, 39, 52, 53, 54, 55,
224 56, 57, 58, 59, 60, 61, 36, 91,
226 #if defined(__cplusplus) || defined(__STDC__)
227 const short yydgoto[] =
232 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
233 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
234 129, 114, 115, 116, 22, 23, 54, 48, 51, 57,
237 #if defined(__cplusplus) || defined(__STDC__)
238 const short yysindex[] =
243 -270, 0, 0, 0, 0, -29, 567, 594, 594, -2,
244 0, 0, -240, -222, -216, -212, -241, 0, 0, 0,
245 -25, 475, 0, 0, -10, -207, 0, 9, 0, 0,
246 0, 0, 0, -235, 0, -33, 0, -31, -31, 0,
247 0, 0, -242, 0, 0, -30, -7, 3, 0, -6,
248 4, 0, -5, 6, 0, -1, 8, 0, 0, 594,
249 -20, 0, 10, 0, -205, -196, -194, 0, -29, 0,
250 567, 9, 9, 9, 0, -2, 9, 567, -240, -2,
251 -222, 594, -216, 594, -212, 0, 31, 567, 0, 0,
252 0, 0, 0, 0, 26, 0, 28, 0, 29, 0,
253 29, 0, 541, 0, 32, -247, 0, 86, -15, 33,
254 31, 14, 16, 0, -208, -204, 0, 0, 0, -231,
255 0, 0, 38, 86, 0, 0, -179, -178, 491, 0,
256 0, 0, 86, 38, 0, 0, 0, 0, 0, 0,
257 0, 0, 0, 0, 0, 0, 0, 0,};
258 #if defined(__cplusplus) || defined(__STDC__)
259 const short yyrindex[] =
264 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
265 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
266 0, 90, 0, 0, 1, 0, 0, 177, 0, 0,
267 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
268 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
269 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
270 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
271 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
272 0, 0, 0, 0, 0, 0, -26, 0, 0, 0,
273 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
274 118, 0, 0, 0, 148, 514, 0, 0, 45, 0,
275 -26, 0, 0, 0, 537, 565, 0, 0, 0, 0,
276 0, 0, 50, 0, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 52, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, 0, 0,};
279 #if defined(__cplusplus) || defined(__STDC__)
280 const short yygindex[] =
285 -17, 0, 27, 11, 54, -64, 15, 64, 2, 34,
286 39, 84, -3, -27, -18, -21, 0, 0, 19, 0,
287 0, 0, -12, -4, 0, 88, 0, 0, 0, 0,
290 #define YYTABLESIZE 873
291 #if defined(__cplusplus) || defined(__STDC__)
292 const short yytable[] =
297 19, 26, 26, 26, 38, 39, 46, 34, 36, 24,
298 71, 94, 60, 76, 40, 41, 2, 47, 60, 3,
299 4, 5, 29, 71, 30, 31, 117, 32, 60, 67,
300 43, 118, 66, 19, 67, 50, 42, 11, 112, 113,
301 87, 53, 124, 33, 19, 56, 72, 119, 73, 74,
302 65, 68, 69, 78, 80, 82, 77, 89, 72, 84,
303 79, 81, 67, 83, 147, 85, 90, 88, 91, 71,
304 103, 76, 60, 125, 127, 111, 128, 112, 99, 95,
305 101, 133, 113, 135, 136, 48, 1, 67, 80, 2,
306 50, 72, 49, 126, 97, 92, 75, 70, 86, 109,
307 59, 132, 134, 131, 93, 148, 107, 102, 0, 64,
308 130, 0, 0, 96, 0, 0, 72, 77, 120, 100,
309 98, 80, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
311 0, 0, 0, 0, 0, 0, 80, 26, 0, 0,
312 77, 0, 0, 0, 0, 0, 0, 0, 0, 0,
313 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
314 0, 0, 0, 0, 0, 77, 12, 0, 0, 0,
315 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
316 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
317 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
318 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
319 0, 0, 0, 0, 0, 25, 0, 25, 25, 25,
320 46, 46, 29, 0, 30, 31, 10, 32, 0, 9,
321 0, 0, 46, 46, 46, 46, 46, 46, 46, 46,
322 46, 46, 46, 33, 40, 41, 19, 0, 19, 46,
323 46, 19, 19, 19, 19, 19, 19, 19, 19, 10,
324 8, 0, 0, 0, 0, 0, 42, 0, 0, 19,
325 19, 19, 19, 19, 19, 67, 0, 67, 0, 0,
326 67, 67, 67, 67, 67, 67, 67, 67, 0, 11,
327 0, 0, 0, 8, 0, 0, 0, 0, 67, 67,
328 67, 67, 67, 67, 72, 0, 72, 0, 0, 72,
329 72, 72, 72, 72, 72, 72, 72, 0, 7, 0,
330 0, 0, 11, 0, 0, 0, 0, 72, 72, 72,
331 72, 72, 72, 117, 80, 0, 80, 0, 118, 80,
332 80, 80, 80, 80, 80, 80, 80, 15, 0, 0,
333 0, 7, 0, 0, 119, 0, 0, 80, 80, 80,
334 80, 80, 80, 77, 0, 77, 0, 0, 77, 77,
335 77, 77, 77, 77, 77, 77, 13, 0, 0, 0,
336 15, 0, 0, 0, 0, 0, 77, 77, 77, 77,
337 77, 77, 0, 26, 0, 26, 0, 0, 26, 26,
338 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
339 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
340 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
341 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
342 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
343 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
344 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
345 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
346 9, 0, 10, 0, 10, 0, 0, 10, 10, 10,
347 10, 10, 10, 10, 10, 0, 0, 17, 0, 0,
348 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
349 10, 0, 0, 43, 0, 0, 8, 0, 8, 0,
350 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
351 0, 0, 0, 0, 0, 0, 41, 0, 0, 8,
352 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
353 11, 11, 11, 11, 11, 11, 11, 11, 0, 42,
354 0, 0, 0, 17, 0, 0, 0, 0, 11, 11,
355 11, 11, 11, 11, 7, 0, 7, 0, 0, 7,
356 7, 7, 7, 7, 7, 7, 7, 43, 108, 34,
357 0, 0, 0, 0, 0, 0, 0, 7, 7, 7,
358 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
359 15, 15, 15, 15, 15, 15, 17, 0, 0, 0,
360 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
361 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
362 13, 13, 13, 13, 13, 0, 0, 0, 0, 0,
363 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
364 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
365 14, 14, 14, 14, 14, 0, 0, 0, 0, 0,
366 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
367 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
368 16, 16, 16, 16, 0, 0, 0, 0, 0, 0,
369 0, 0, 0, 0, 16, 16, 16, 16, 16, 16,
370 1, 0, 2, 0, 0, 3, 4, 5, 6, 7,
371 8, 9, 10, 0, 0, 0, 0, 40, 41, 0,
372 0, 0, 0, 11, 12, 13, 14, 15, 16, 137,
373 138, 139, 140, 141, 142, 143, 144, 145, 146, 42,
374 41, 41, 0, 0, 0, 0, 0, 0, 0, 0,
375 0, 0, 41, 41, 41, 41, 41, 41, 41, 41,
376 41, 41, 41, 42, 42, 0, 0, 0, 2, 0,
377 0, 3, 4, 5, 0, 42, 42, 42, 42, 42,
378 42, 42, 42, 42, 42, 42, 0, 0, 0, 11,
379 0, 43, 43, 0, 29, 0, 30, 31, 0, 32,
380 0, 0, 0, 43, 43, 43, 43, 43, 43, 43,
381 43, 43, 43, 43, 0, 33, 0, 0, 0, 0,
382 0, 2, 0, 0, 3, 4, 5, 0, 0, 0,
383 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
386 #if defined(__cplusplus) || defined(__STDC__)
387 const short yycheck[] =
392 0, 33, 33, 33, 8, 9, 33, 33, 7, 280,
393 44, 76, 44, 44, 257, 258, 258, 258, 44, 261,
394 262, 263, 258, 44, 260, 261, 258, 263, 44, 0,
395 33, 263, 43, 33, 45, 258, 279, 279, 286, 287,
396 61, 258, 58, 279, 44, 258, 36, 279, 38, 39,
397 61, 259, 44, 61, 61, 61, 46, 263, 0, 61,
398 58, 58, 33, 58, 129, 58, 263, 58, 263, 44,
399 40, 44, 44, 41, 61, 44, 61, 286, 82, 78,
400 84, 44, 287, 263, 263, 41, 0, 58, 0, 0,
401 41, 33, 41, 111, 80, 69, 43, 34, 60, 103,
402 17, 120, 124, 116, 71, 133, 88, 85, -1, 22,
403 115, -1, -1, 79, -1, -1, 58, 0, 33, 83,
404 81, 33, -1, -1, -1, -1, -1, -1, -1, -1,
405 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
406 -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
407 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
408 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
409 -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
410 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
411 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
412 -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
413 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
414 -1, -1, -1, -1, -1, 259, -1, 259, 259, 259,
415 257, 258, 258, -1, 260, 261, 0, 263, -1, 33,
416 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
417 277, 278, 279, 279, 257, 258, 256, -1, 258, 286,
418 287, 261, 262, 263, 264, 265, 266, 267, 268, 33,
419 0, -1, -1, -1, -1, -1, 279, -1, -1, 279,
420 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
421 261, 262, 263, 264, 265, 266, 267, 268, -1, 0,
422 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
423 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
424 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
425 -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
426 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
427 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
428 -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
429 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
430 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
431 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
432 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
433 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
434 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
435 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
436 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
437 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
438 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
439 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
440 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
441 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
442 264, 265, 266, 267, 268, -1, -1, 33, -1, -1,
443 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
444 284, -1, -1, 33, -1, -1, 256, -1, 258, -1,
445 -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
446 -1, -1, -1, -1, -1, -1, 33, -1, -1, 279,
447 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
448 261, 262, 263, 264, 265, 266, 267, 268, -1, 33,
449 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
450 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
451 262, 263, 264, 265, 266, 267, 268, 33, 58, 33,
452 -1, -1, -1, -1, -1, -1, -1, 279, 280, 281,
453 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
454 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
455 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
456 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
457 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
458 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
459 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
460 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
461 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
462 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
463 265, 266, 267, 268, -1, -1, -1, -1, -1, -1,
464 -1, -1, -1, -1, 279, 280, 281, 282, 283, 284,
465 256, -1, 258, -1, -1, 261, 262, 263, 264, 265,
466 266, 267, 268, -1, -1, -1, -1, 257, 258, -1,
467 -1, -1, -1, 279, 280, 281, 282, 283, 284, 269,
468 270, 271, 272, 273, 274, 275, 276, 277, 278, 279,
469 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
470 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
471 277, 278, 279, 257, 258, -1, -1, -1, 258, -1,
472 -1, 261, 262, 263, -1, 269, 270, 271, 272, 273,
473 274, 275, 276, 277, 278, 279, -1, -1, -1, 279,
474 -1, 257, 258, -1, 258, -1, 260, 261, -1, 263,
475 -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
476 276, 277, 278, 279, -1, 279, -1, -1, -1, -1,
477 -1, 258, -1, -1, 261, 262, 263, -1, -1, -1,
478 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
485 #define YYMAXTOKEN 287
487 #if defined(__cplusplus) || defined(__STDC__)
488 const char * const yyname[] =
493 "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
494 "'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
495 0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
496 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
497 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
498 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
499 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
500 "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
501 "DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
502 "PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
503 "LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
504 "RUNASALIAS","ERROR","TYPE","ROLE",
506 #if defined(__cplusplus) || defined(__STDC__)
507 const char * const yyrule[] =
517 "entry : error COMMENT",
518 "entry : userlist privileges",
519 "entry : USERALIAS useraliases",
520 "entry : HOSTALIAS hostaliases",
521 "entry : CMNDALIAS cmndaliases",
522 "entry : RUNASALIAS runasaliases",
523 "entry : DEFAULTS defaults_list",
524 "entry : DEFAULTS_USER userlist defaults_list",
525 "entry : DEFAULTS_RUNAS userlist defaults_list",
526 "entry : DEFAULTS_HOST hostlist defaults_list",
527 "entry : DEFAULTS_CMND cmndlist defaults_list",
528 "defaults_list : defaults_entry",
529 "defaults_list : defaults_list ',' defaults_entry",
530 "defaults_entry : DEFVAR",
531 "defaults_entry : '!' DEFVAR",
532 "defaults_entry : DEFVAR '=' WORD",
533 "defaults_entry : DEFVAR '+' WORD",
534 "defaults_entry : DEFVAR '-' WORD",
535 "privileges : privilege",
536 "privileges : privileges ':' privilege",
537 "privilege : hostlist '=' cmndspeclist",
545 "cmndspeclist : cmndspec",
546 "cmndspeclist : cmndspeclist ',' cmndspec",
547 "cmndspec : runasspec selinux cmndtag opcmnd",
550 "rolespec : ROLE '=' WORD",
551 "typespec : TYPE '=' WORD",
553 "selinux : rolespec",
554 "selinux : typespec",
555 "selinux : rolespec typespec",
556 "selinux : typespec rolespec",
558 "runasspec : '(' runaslist ')'",
559 "runaslist : userlist",
560 "runaslist : userlist ':' grouplist",
561 "runaslist : ':' grouplist",
563 "cmndtag : cmndtag NOPASSWD",
564 "cmndtag : cmndtag PASSWD",
565 "cmndtag : cmndtag NOEXEC",
566 "cmndtag : cmndtag EXEC",
567 "cmndtag : cmndtag SETENV",
568 "cmndtag : cmndtag NOSETENV",
569 "cmndtag : cmndtag LOG_INPUT",
570 "cmndtag : cmndtag NOLOG_INPUT",
571 "cmndtag : cmndtag LOG_OUTPUT",
572 "cmndtag : cmndtag NOLOG_OUTPUT",
576 "hostaliases : hostalias",
577 "hostaliases : hostaliases ':' hostalias",
578 "hostalias : ALIAS '=' hostlist",
580 "hostlist : hostlist ',' ophost",
581 "cmndaliases : cmndalias",
582 "cmndaliases : cmndaliases ':' cmndalias",
583 "cmndalias : ALIAS '=' cmndlist",
585 "cmndlist : cmndlist ',' opcmnd",
586 "runasaliases : runasalias",
587 "runasaliases : runasaliases ':' runasalias",
588 "runasalias : ALIAS '=' userlist",
589 "useraliases : useralias",
590 "useraliases : useraliases ':' useralias",
591 "useralias : ALIAS '=' userlist",
593 "userlist : userlist ',' opuser",
601 "grouplist : opgroup",
602 "grouplist : grouplist ',' opgroup",
604 "opgroup : '!' group",
612 #define YYMAXDEPTH YYSTACKSIZE
615 #define YYSTACKSIZE YYMAXDEPTH
617 #define YYSTACKSIZE 10000
618 #define YYMAXDEPTH 10000
621 #define YYINITSTACKSIZE 200
636 static struct defaults *
637 new_default(var, val, op)
644 d = emalloc(sizeof(struct defaults));
647 tq_init(&d->binding);
656 static struct member *
657 new_member(name, type)
663 m = emalloc(sizeof(struct member));
673 * Add a list of defaults structures to the defaults list.
674 * The binding, if non-NULL, specifies a list of hosts, users, or
675 * runas users the entries apply to (specified by the type).
678 add_defaults(type, bmem, defs)
681 struct defaults *defs;
684 struct member_list binding;
687 * We can only call list2tq once on bmem as it will zero
688 * out the prev pointer when it consumes bmem.
690 list2tq(&binding, bmem);
693 * Set type and binding (who it applies to) for new entries.
695 for (d = defs; d != NULL; d = d->next) {
697 d->binding = binding;
699 tq_append(&defaults, defs);
703 * Allocate a new struct userspec, populate it, and insert it at the
704 * and of the userspecs list.
707 add_userspec(members, privs)
708 struct member *members;
709 struct privilege *privs;
713 u = emalloc(sizeof(*u));
714 list2tq(&u->users, members);
715 list2tq(&u->privileges, privs);
718 tq_append(&userspecs, u);
722 * Free up space used by data structures from a previous parser run and sets
723 * the current sudoers file to path.
726 init_parser(path, quiet)
731 struct member *m, *binding;
733 struct privilege *priv;
735 struct sudo_command *c;
737 while ((us = tq_pop(&userspecs)) != NULL) {
738 while ((m = tq_pop(&us->users)) != NULL) {
742 while ((priv = tq_pop(&us->privileges)) != NULL) {
743 struct member *runasuser = NULL, *runasgroup = NULL;
745 char *role = NULL, *type = NULL;
746 #endif /* HAVE_SELINUX */
748 while ((m = tq_pop(&priv->hostlist)) != NULL) {
752 while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
754 /* Only free the first instance of a role/type. */
755 if (cs->role != role) {
759 if (cs->type != type) {
763 #endif /* HAVE_SELINUX */
764 if (tq_last(&cs->runasuserlist) != runasuser) {
765 runasuser = tq_last(&cs->runasuserlist);
766 while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
771 if (tq_last(&cs->runasgrouplist) != runasgroup) {
772 runasgroup = tq_last(&cs->runasgrouplist);
773 while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
778 if (cs->cmnd->type == COMMAND) {
779 c = (struct sudo_command *) cs->cmnd->name;
783 efree(cs->cmnd->name);
794 while ((d = tq_pop(&defaults)) != NULL) {
795 if (tq_last(&d->binding) != binding) {
796 binding = tq_last(&d->binding);
797 while ((m = tq_pop(&d->binding)) != NULL) {
798 if (m->type == COMMAND) {
799 c = (struct sudo_command *) m->name;
818 sudoers = path ? estrdup(path) : NULL;
827 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
828 #if defined(__cplusplus) || defined(__STDC__)
829 static int yygrowstack(void)
831 static int yygrowstack()
838 if ((newsize = yystacksize) == 0)
839 newsize = YYINITSTACKSIZE;
840 else if (newsize >= YYMAXDEPTH)
842 else if ((newsize *= 2) > YYMAXDEPTH)
843 newsize = YYMAXDEPTH;
846 #define YY_SIZE_MAX SIZE_MAX
848 #define YY_SIZE_MAX 0x7fffffff
850 if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
852 newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
853 (short *)malloc(newsize * sizeof *newss); /* overflow check above */
858 if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
860 newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
861 (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
866 yystacksize = newsize;
867 yysslim = yyss + newsize - 1;
880 #define YYABORT goto yyabort
881 #define YYREJECT goto yyabort
882 #define YYACCEPT goto yyaccept
883 #define YYERROR goto yyerrlab
885 #if defined(__cplusplus) || defined(__STDC__)
891 int yym, yyn, yystate;
893 #if defined(__cplusplus) || defined(__STDC__)
895 #else /* !(defined(__cplusplus) || defined(__STDC__)) */
897 #endif /* !(defined(__cplusplus) || defined(__STDC__)) */
899 if ((yys = getenv("YYDEBUG")))
902 if (yyn >= '0' && yyn <= '9')
911 if (yyss == NULL && yygrowstack()) goto yyoverflow;
914 *yyssp = yystate = 0;
917 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
920 if ((yychar = yylex()) < 0) yychar = 0;
925 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
926 if (!yys) yys = "illegal-symbol";
927 printf("%sdebug: state %d, reading %d (%s)\n",
928 YYPREFIX, yystate, yychar, yys);
932 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
933 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
937 printf("%sdebug: state %d, shifting to state %d\n",
938 YYPREFIX, yystate, yytable[yyn]);
940 if (yyssp >= yysslim && yygrowstack())
944 *++yyssp = yystate = yytable[yyn];
947 if (yyerrflag > 0) --yyerrflag;
950 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
951 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
956 if (yyerrflag) goto yyinrecovery;
957 #if defined(lint) || defined(__GNUC__)
961 yyerror("syntax error");
962 #if defined(lint) || defined(__GNUC__)
973 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
974 yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
978 printf("%sdebug: state %d, error recovery shifting\
979 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
981 if (yyssp >= yysslim && yygrowstack())
985 *++yyssp = yystate = yytable[yyn];
993 printf("%sdebug: error recovery discarding state %d\n",
996 if (yyssp <= yyss) goto yyabort;
1004 if (yychar == 0) goto yyabort;
1009 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1010 if (!yys) yys = "illegal-symbol";
1011 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1012 YYPREFIX, yystate, yychar, yys);
1021 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1022 YYPREFIX, yystate, yyn, yyrule[yyn]);
1026 yyval = yyvsp[1-yym];
1028 memset(&yyval, 0, sizeof yyval);
1050 add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
1080 add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
1086 add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
1092 add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
1098 add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
1104 add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
1110 list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
1111 yyval.defaults = yyvsp[-2].defaults;
1117 yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
1123 yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
1129 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
1135 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
1141 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
1147 list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
1148 yyval.privilege = yyvsp[-2].privilege;
1154 struct privilege *p = emalloc(sizeof(*p));
1155 list2tq(&p->hostlist, yyvsp[-2].member);
1156 list2tq(&p->cmndlist, yyvsp[0].cmndspec);
1159 yyval.privilege = p;
1165 yyval.member = yyvsp[0].member;
1166 yyval.member->negated = FALSE;
1172 yyval.member = yyvsp[0].member;
1173 yyval.member->negated = TRUE;
1179 yyval.member = new_member(yyvsp[0].string, ALIAS);
1185 yyval.member = new_member(NULL, ALL);
1191 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1197 yyval.member = new_member(yyvsp[0].string, NTWKADDR);
1203 yyval.member = new_member(yyvsp[0].string, WORD);
1209 list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
1211 /* propagate role and type */
1212 if (yyvsp[0].cmndspec->role == NULL)
1213 yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
1214 if (yyvsp[0].cmndspec->type == NULL)
1215 yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
1216 #endif /* HAVE_SELINUX */
1217 /* propagate tags and runas list */
1218 if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
1219 yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
1220 if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
1221 yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
1222 if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
1223 yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
1224 yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
1225 if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
1226 yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
1227 if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
1228 yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
1229 if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
1230 tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
1231 (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
1232 !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
1233 yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
1234 yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
1236 yyval.cmndspec = yyvsp[-2].cmndspec;
1242 struct cmndspec *cs = emalloc(sizeof(*cs));
1243 if (yyvsp[-3].runas != NULL) {
1244 list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers);
1245 list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups);
1246 efree(yyvsp[-3].runas);
1248 tq_init(&cs->runasuserlist);
1249 tq_init(&cs->runasgrouplist);
1252 cs->role = yyvsp[-2].seinfo.role;
1253 cs->type = yyvsp[-2].seinfo.type;
1255 cs->tags = yyvsp[-1].tag;
1256 cs->cmnd = yyvsp[0].member;
1259 /* sudo "ALL" implies the SETENV tag */
1260 if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
1261 cs->tags.setenv == UNSPEC)
1262 cs->tags.setenv = IMPLIED;
1263 yyval.cmndspec = cs;
1269 yyval.member = yyvsp[0].member;
1270 yyval.member->negated = FALSE;
1276 yyval.member = yyvsp[0].member;
1277 yyval.member->negated = TRUE;
1283 yyval.string = yyvsp[0].string;
1289 yyval.string = yyvsp[0].string;
1295 yyval.seinfo.role = NULL;
1296 yyval.seinfo.type = NULL;
1302 yyval.seinfo.role = yyvsp[0].string;
1303 yyval.seinfo.type = NULL;
1309 yyval.seinfo.type = yyvsp[0].string;
1310 yyval.seinfo.role = NULL;
1316 yyval.seinfo.role = yyvsp[-1].string;
1317 yyval.seinfo.type = yyvsp[0].string;
1323 yyval.seinfo.type = yyvsp[-1].string;
1324 yyval.seinfo.role = yyvsp[0].string;
1336 yyval.runas = yyvsp[-1].runas;
1342 yyval.runas = emalloc(sizeof(struct runascontainer));
1343 yyval.runas->runasusers = yyvsp[0].member;
1344 yyval.runas->runasgroups = NULL;
1350 yyval.runas = emalloc(sizeof(struct runascontainer));
1351 yyval.runas->runasusers = yyvsp[-2].member;
1352 yyval.runas->runasgroups = yyvsp[0].member;
1358 yyval.runas = emalloc(sizeof(struct runascontainer));
1359 yyval.runas->runasusers = NULL;
1360 yyval.runas->runasgroups = yyvsp[0].member;
1366 yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
1367 yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
1373 yyval.tag.nopasswd = TRUE;
1379 yyval.tag.nopasswd = FALSE;
1385 yyval.tag.noexec = TRUE;
1391 yyval.tag.noexec = FALSE;
1397 yyval.tag.setenv = TRUE;
1403 yyval.tag.setenv = FALSE;
1409 yyval.tag.log_input = TRUE;
1415 yyval.tag.log_input = FALSE;
1421 yyval.tag.log_output = TRUE;
1427 yyval.tag.log_output = FALSE;
1433 yyval.member = new_member(NULL, ALL);
1439 yyval.member = new_member(yyvsp[0].string, ALIAS);
1445 struct sudo_command *c = emalloc(sizeof(*c));
1446 c->cmnd = yyvsp[0].command.cmnd;
1447 c->args = yyvsp[0].command.args;
1448 yyval.member = new_member((char *)c, COMMAND);
1455 if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
1464 list_append(yyvsp[-2].member, yyvsp[0].member);
1465 yyval.member = yyvsp[-2].member;
1472 if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
1481 list_append(yyvsp[-2].member, yyvsp[0].member);
1482 yyval.member = yyvsp[-2].member;
1489 if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
1499 if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
1508 list_append(yyvsp[-2].member, yyvsp[0].member);
1509 yyval.member = yyvsp[-2].member;
1515 yyval.member = yyvsp[0].member;
1516 yyval.member->negated = FALSE;
1522 yyval.member = yyvsp[0].member;
1523 yyval.member->negated = TRUE;
1529 yyval.member = new_member(yyvsp[0].string, ALIAS);
1535 yyval.member = new_member(NULL, ALL);
1541 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1547 yyval.member = new_member(yyvsp[0].string, USERGROUP);
1553 yyval.member = new_member(yyvsp[0].string, WORD);
1559 list_append(yyvsp[-2].member, yyvsp[0].member);
1560 yyval.member = yyvsp[-2].member;
1566 yyval.member = yyvsp[0].member;
1567 yyval.member->negated = FALSE;
1573 yyval.member = yyvsp[0].member;
1574 yyval.member->negated = TRUE;
1580 yyval.member = new_member(yyvsp[0].string, ALIAS);
1586 yyval.member = new_member(NULL, ALL);
1592 yyval.member = new_member(yyvsp[0].string, WORD);
1595 #line 1544 "y.tab.c"
1601 if (yystate == 0 && yym == 0)
1605 printf("%sdebug: after reduction, shifting from state 0 to\
1606 state %d\n", YYPREFIX, YYFINAL);
1613 if ((yychar = yylex()) < 0) yychar = 0;
1618 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1619 if (!yys) yys = "illegal-symbol";
1620 printf("%sdebug: state %d, reading %d (%s)\n",
1621 YYPREFIX, YYFINAL, yychar, yys);
1625 if (yychar == 0) goto yyaccept;
1628 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1629 yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
1630 yystate = yytable[yyn];
1632 yystate = yydgoto[yym];
1635 printf("%sdebug: after reduction, shifting from state %d \
1636 to state %d\n", YYPREFIX, *yyssp, yystate);
1638 if (yyssp >= yysslim && yygrowstack())
1646 yyerror("yacc stack overflow");
1652 yyss = yyssp = NULL;
1653 yyvs = yyvsp = NULL;
1661 yyss = yyssp = NULL;
1662 yyvs = yyvsp = NULL;