9 #define yyclearin (yychar=(YYEMPTY))
10 #define yyerrok (yyerrflag=0)
11 #define YYRECOVERING() (yyerrflag!=0)
15 * Copyright (c) 1996, 1998-2005, 2007-2010
16 * Todd C. Miller <Todd.Miller@courtesan.com>
18 * Permission to use, copy, modify, and distribute this software for any
19 * purpose with or without fee is hereby granted, provided that the above
20 * copyright notice and this permission notice appear in all copies.
22 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
23 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
25 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
27 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
28 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
30 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Sponsored in part by the Defense Advanced Research Projects
33 * Agency (DARPA) and Air Force Research Laboratory, Air Force
34 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
39 #include <sys/types.h>
40 #include <sys/param.h>
49 #endif /* STDC_HEADERS */
52 #endif /* HAVE_STRING_H */
55 #endif /* HAVE_STRINGS_H */
58 #endif /* HAVE_UNISTD_H */
59 #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
61 #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
68 * We must define SIZE_MAX for yacc's skeleton.c.
69 * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
70 * could be signed (as it is on SunOS 4.x).
74 # define SIZE_MAX SIZE_T_MAX
76 # define SIZE_MAX INT_MAX
77 # endif /* SIZE_T_MAX */
83 extern int sudolineno;
89 char *errorfile = NULL;
91 struct defaults_list defaults;
92 struct userspec_list userspecs;
97 static void add_defaults __P((int, struct member *, struct defaults *));
98 static void add_userspec __P((struct member *, struct privilege *));
99 static struct defaults *new_default __P((char *, char *, int));
100 static struct member *new_member __P((char *, int));
101 void yyerror __P((const char *));
107 /* Save the line the first error occurred on. */
108 if (errorlineno == -1) {
109 errorlineno = sudolineno ? sudolineno - 1 : 0;
110 errorfile = estrdup(sudoers);
112 if (verbose && s != NULL) {
114 (void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
115 sudolineno ? sudolineno - 1 : 0);
117 (void) fprintf(stderr, "<*> ");
123 #ifndef YYSTYPE_DEFINED
124 #define YYSTYPE_DEFINED
126 struct cmndspec *cmndspec;
127 struct defaults *defaults;
128 struct member *member;
129 struct runascontainer *runas;
130 struct privilege *privilege;
131 struct sudo_command command;
133 struct selinux_info seinfo;
137 #endif /* YYSTYPE_DEFINED */
144 #define USERGROUP 262
147 #define DEFAULTS_HOST 265
148 #define DEFAULTS_USER 266
149 #define DEFAULTS_RUNAS 267
150 #define DEFAULTS_CMND 268
157 #define LOG_INPUT 275
158 #define NOLOG_INPUT 276
159 #define LOG_OUTPUT 277
160 #define NOLOG_OUTPUT 278
163 #define HOSTALIAS 281
164 #define CMNDALIAS 282
165 #define USERALIAS 283
166 #define RUNASALIAS 284
170 #define YYERRCODE 256
171 #if defined(__cplusplus) || defined(__STDC__)
172 const short yylhs[] =
177 0, 0, 25, 25, 26, 26, 26, 26, 26, 26,
178 26, 26, 26, 26, 26, 26, 4, 4, 3, 3,
179 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
180 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
181 22, 22, 22, 22, 22, 17, 17, 18, 18, 18,
182 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
183 21, 5, 5, 5, 28, 28, 31, 9, 9, 29,
184 29, 32, 7, 7, 30, 30, 33, 27, 27, 34,
185 13, 13, 11, 11, 12, 12, 12, 12, 12, 16,
186 16, 14, 14, 15, 15, 15,
188 #if defined(__cplusplus) || defined(__STDC__)
189 const short yylen[] =
194 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
195 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
196 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
197 1, 1, 1, 1, 3, 4, 1, 2, 3, 3,
198 0, 1, 1, 2, 2, 0, 3, 1, 3, 2,
199 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
200 2, 1, 1, 1, 1, 3, 3, 1, 3, 1,
201 3, 3, 1, 3, 1, 3, 3, 1, 3, 3,
202 1, 3, 1, 2, 1, 1, 1, 1, 1, 1,
205 #if defined(__cplusplus) || defined(__STDC__)
206 const short yydefred[] =
211 0, 85, 87, 88, 89, 0, 0, 0, 0, 0,
212 86, 5, 0, 0, 0, 0, 0, 0, 81, 83,
213 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
214 31, 33, 30, 0, 27, 0, 68, 0, 0, 64,
215 63, 62, 0, 37, 73, 0, 0, 0, 65, 0,
216 0, 70, 0, 0, 78, 0, 0, 75, 84, 0,
217 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
218 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
219 0, 0, 0, 0, 0, 82, 0, 0, 21, 22,
220 23, 18, 69, 74, 0, 66, 0, 71, 0, 79,
221 0, 76, 0, 34, 0, 0, 25, 0, 0, 0,
222 0, 0, 0, 51, 0, 0, 94, 96, 95, 0,
223 90, 92, 0, 0, 47, 35, 0, 0, 0, 44,
224 45, 93, 0, 0, 40, 39, 52, 53, 54, 55,
225 56, 57, 58, 59, 60, 61, 36, 91,
227 #if defined(__cplusplus) || defined(__STDC__)
228 const short yydgoto[] =
233 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
234 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
235 129, 114, 115, 116, 22, 23, 54, 48, 51, 57,
238 #if defined(__cplusplus) || defined(__STDC__)
239 const short yysindex[] =
244 -270, 0, 0, 0, 0, -29, 567, 594, 594, -2,
245 0, 0, -240, -222, -216, -212, -241, 0, 0, 0,
246 -25, 475, 0, 0, -10, -207, 0, 9, 0, 0,
247 0, 0, 0, -235, 0, -33, 0, -31, -31, 0,
248 0, 0, -242, 0, 0, -30, -7, 3, 0, -6,
249 4, 0, -5, 6, 0, -1, 8, 0, 0, 594,
250 -20, 0, 10, 0, -205, -196, -194, 0, -29, 0,
251 567, 9, 9, 9, 0, -2, 9, 567, -240, -2,
252 -222, 594, -216, 594, -212, 0, 31, 567, 0, 0,
253 0, 0, 0, 0, 26, 0, 28, 0, 29, 0,
254 29, 0, 541, 0, 32, -247, 0, 86, -15, 33,
255 31, 14, 16, 0, -208, -204, 0, 0, 0, -231,
256 0, 0, 38, 86, 0, 0, -179, -178, 491, 0,
257 0, 0, 86, 38, 0, 0, 0, 0, 0, 0,
258 0, 0, 0, 0, 0, 0, 0, 0,};
259 #if defined(__cplusplus) || defined(__STDC__)
260 const short yyrindex[] =
265 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
267 0, 90, 0, 0, 1, 0, 0, 177, 0, 0,
268 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
269 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
270 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
271 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
272 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
273 0, 0, 0, 0, 0, 0, -26, 0, 0, 0,
274 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
275 118, 0, 0, 0, 148, 514, 0, 0, 45, 0,
276 -26, 0, 0, 0, 537, 565, 0, 0, 0, 0,
277 0, 0, 50, 0, 0, 0, 0, 0, 0, 0,
278 0, 0, 0, 52, 0, 0, 0, 0, 0, 0,
279 0, 0, 0, 0, 0, 0, 0, 0,};
280 #if defined(__cplusplus) || defined(__STDC__)
281 const short yygindex[] =
286 -17, 0, 27, 11, 54, -64, 15, 64, 2, 34,
287 39, 84, -3, -27, -18, -21, 0, 0, 19, 0,
288 0, 0, -12, -4, 0, 88, 0, 0, 0, 0,
291 #define YYTABLESIZE 873
292 #if defined(__cplusplus) || defined(__STDC__)
293 const short yytable[] =
298 19, 26, 26, 26, 38, 39, 46, 34, 36, 24,
299 71, 94, 60, 76, 40, 41, 2, 47, 60, 3,
300 4, 5, 29, 71, 30, 31, 117, 32, 60, 67,
301 43, 118, 66, 19, 67, 50, 42, 11, 112, 113,
302 87, 53, 124, 33, 19, 56, 72, 119, 73, 74,
303 65, 68, 69, 78, 80, 82, 77, 89, 72, 84,
304 79, 81, 67, 83, 147, 85, 90, 88, 91, 71,
305 103, 76, 60, 125, 127, 111, 128, 112, 99, 95,
306 101, 133, 113, 135, 136, 48, 1, 67, 80, 2,
307 50, 72, 49, 126, 97, 92, 75, 70, 86, 109,
308 59, 132, 134, 131, 93, 148, 107, 102, 0, 64,
309 130, 0, 0, 96, 0, 0, 72, 77, 120, 100,
310 98, 80, 0, 0, 0, 0, 0, 0, 0, 0,
311 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
312 0, 0, 0, 0, 0, 0, 80, 26, 0, 0,
313 77, 0, 0, 0, 0, 0, 0, 0, 0, 0,
314 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
315 0, 0, 0, 0, 0, 77, 12, 0, 0, 0,
316 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
317 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
318 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
319 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
320 0, 0, 0, 0, 0, 25, 0, 25, 25, 25,
321 46, 46, 29, 0, 30, 31, 10, 32, 0, 9,
322 0, 0, 46, 46, 46, 46, 46, 46, 46, 46,
323 46, 46, 46, 33, 40, 41, 19, 0, 19, 46,
324 46, 19, 19, 19, 19, 19, 19, 19, 19, 10,
325 8, 0, 0, 0, 0, 0, 42, 0, 0, 19,
326 19, 19, 19, 19, 19, 67, 0, 67, 0, 0,
327 67, 67, 67, 67, 67, 67, 67, 67, 0, 11,
328 0, 0, 0, 8, 0, 0, 0, 0, 67, 67,
329 67, 67, 67, 67, 72, 0, 72, 0, 0, 72,
330 72, 72, 72, 72, 72, 72, 72, 0, 7, 0,
331 0, 0, 11, 0, 0, 0, 0, 72, 72, 72,
332 72, 72, 72, 117, 80, 0, 80, 0, 118, 80,
333 80, 80, 80, 80, 80, 80, 80, 15, 0, 0,
334 0, 7, 0, 0, 119, 0, 0, 80, 80, 80,
335 80, 80, 80, 77, 0, 77, 0, 0, 77, 77,
336 77, 77, 77, 77, 77, 77, 13, 0, 0, 0,
337 15, 0, 0, 0, 0, 0, 77, 77, 77, 77,
338 77, 77, 0, 26, 0, 26, 0, 0, 26, 26,
339 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
340 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
341 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
342 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
343 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
344 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
345 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
346 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
347 9, 0, 10, 0, 10, 0, 0, 10, 10, 10,
348 10, 10, 10, 10, 10, 0, 0, 17, 0, 0,
349 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
350 10, 0, 0, 43, 0, 0, 8, 0, 8, 0,
351 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
352 0, 0, 0, 0, 0, 0, 41, 0, 0, 8,
353 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
354 11, 11, 11, 11, 11, 11, 11, 11, 0, 42,
355 0, 0, 0, 17, 0, 0, 0, 0, 11, 11,
356 11, 11, 11, 11, 7, 0, 7, 0, 0, 7,
357 7, 7, 7, 7, 7, 7, 7, 43, 108, 34,
358 0, 0, 0, 0, 0, 0, 0, 7, 7, 7,
359 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
360 15, 15, 15, 15, 15, 15, 17, 0, 0, 0,
361 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
362 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
363 13, 13, 13, 13, 13, 0, 0, 0, 0, 0,
364 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
365 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
366 14, 14, 14, 14, 14, 0, 0, 0, 0, 0,
367 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
368 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
369 16, 16, 16, 16, 0, 0, 0, 0, 0, 0,
370 0, 0, 0, 0, 16, 16, 16, 16, 16, 16,
371 1, 0, 2, 0, 0, 3, 4, 5, 6, 7,
372 8, 9, 10, 0, 0, 0, 0, 40, 41, 0,
373 0, 0, 0, 11, 12, 13, 14, 15, 16, 137,
374 138, 139, 140, 141, 142, 143, 144, 145, 146, 42,
375 41, 41, 0, 0, 0, 0, 0, 0, 0, 0,
376 0, 0, 41, 41, 41, 41, 41, 41, 41, 41,
377 41, 41, 41, 42, 42, 0, 0, 0, 2, 0,
378 0, 3, 4, 5, 0, 42, 42, 42, 42, 42,
379 42, 42, 42, 42, 42, 42, 0, 0, 0, 11,
380 0, 43, 43, 0, 29, 0, 30, 31, 0, 32,
381 0, 0, 0, 43, 43, 43, 43, 43, 43, 43,
382 43, 43, 43, 43, 0, 33, 0, 0, 0, 0,
383 0, 2, 0, 0, 3, 4, 5, 0, 0, 0,
384 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
387 #if defined(__cplusplus) || defined(__STDC__)
388 const short yycheck[] =
393 0, 33, 33, 33, 8, 9, 33, 33, 7, 280,
394 44, 76, 44, 44, 257, 258, 258, 258, 44, 261,
395 262, 263, 258, 44, 260, 261, 258, 263, 44, 0,
396 33, 263, 43, 33, 45, 258, 279, 279, 286, 287,
397 61, 258, 58, 279, 44, 258, 36, 279, 38, 39,
398 61, 259, 44, 61, 61, 61, 46, 263, 0, 61,
399 58, 58, 33, 58, 129, 58, 263, 58, 263, 44,
400 40, 44, 44, 41, 61, 44, 61, 286, 82, 78,
401 84, 44, 287, 263, 263, 41, 0, 58, 0, 0,
402 41, 33, 41, 111, 80, 69, 43, 34, 60, 103,
403 17, 120, 124, 116, 71, 133, 88, 85, -1, 22,
404 115, -1, -1, 79, -1, -1, 58, 0, 33, 83,
405 81, 33, -1, -1, -1, -1, -1, -1, -1, -1,
406 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
407 -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
408 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
409 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
410 -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
411 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
412 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
413 -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
414 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
415 -1, -1, -1, -1, -1, 259, -1, 259, 259, 259,
416 257, 258, 258, -1, 260, 261, 0, 263, -1, 33,
417 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
418 277, 278, 279, 279, 257, 258, 256, -1, 258, 286,
419 287, 261, 262, 263, 264, 265, 266, 267, 268, 33,
420 0, -1, -1, -1, -1, -1, 279, -1, -1, 279,
421 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
422 261, 262, 263, 264, 265, 266, 267, 268, -1, 0,
423 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
424 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
425 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
426 -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
427 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
428 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
429 -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
430 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
431 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
432 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
433 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
434 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
435 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
436 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
437 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
438 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
439 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
440 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
441 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
442 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
443 264, 265, 266, 267, 268, -1, -1, 33, -1, -1,
444 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
445 284, -1, -1, 33, -1, -1, 256, -1, 258, -1,
446 -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
447 -1, -1, -1, -1, -1, -1, 33, -1, -1, 279,
448 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
449 261, 262, 263, 264, 265, 266, 267, 268, -1, 33,
450 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
451 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
452 262, 263, 264, 265, 266, 267, 268, 33, 58, 33,
453 -1, -1, -1, -1, -1, -1, -1, 279, 280, 281,
454 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
455 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
456 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
457 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
458 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
459 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
460 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
461 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
462 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
463 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
464 265, 266, 267, 268, -1, -1, -1, -1, -1, -1,
465 -1, -1, -1, -1, 279, 280, 281, 282, 283, 284,
466 256, -1, 258, -1, -1, 261, 262, 263, 264, 265,
467 266, 267, 268, -1, -1, -1, -1, 257, 258, -1,
468 -1, -1, -1, 279, 280, 281, 282, 283, 284, 269,
469 270, 271, 272, 273, 274, 275, 276, 277, 278, 279,
470 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
471 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
472 277, 278, 279, 257, 258, -1, -1, -1, 258, -1,
473 -1, 261, 262, 263, -1, 269, 270, 271, 272, 273,
474 274, 275, 276, 277, 278, 279, -1, -1, -1, 279,
475 -1, 257, 258, -1, 258, -1, 260, 261, -1, 263,
476 -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
477 276, 277, 278, 279, -1, 279, -1, -1, -1, -1,
478 -1, 258, -1, -1, 261, 262, 263, -1, -1, -1,
479 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
486 #define YYMAXTOKEN 287
488 #if defined(__cplusplus) || defined(__STDC__)
489 const char * const yyname[] =
494 "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
495 "'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
496 0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
497 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
498 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
499 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
500 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
501 "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
502 "DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
503 "PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
504 "LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
505 "RUNASALIAS","ERROR","TYPE","ROLE",
507 #if defined(__cplusplus) || defined(__STDC__)
508 const char * const yyrule[] =
518 "entry : error COMMENT",
519 "entry : userlist privileges",
520 "entry : USERALIAS useraliases",
521 "entry : HOSTALIAS hostaliases",
522 "entry : CMNDALIAS cmndaliases",
523 "entry : RUNASALIAS runasaliases",
524 "entry : DEFAULTS defaults_list",
525 "entry : DEFAULTS_USER userlist defaults_list",
526 "entry : DEFAULTS_RUNAS userlist defaults_list",
527 "entry : DEFAULTS_HOST hostlist defaults_list",
528 "entry : DEFAULTS_CMND cmndlist defaults_list",
529 "defaults_list : defaults_entry",
530 "defaults_list : defaults_list ',' defaults_entry",
531 "defaults_entry : DEFVAR",
532 "defaults_entry : '!' DEFVAR",
533 "defaults_entry : DEFVAR '=' WORD",
534 "defaults_entry : DEFVAR '+' WORD",
535 "defaults_entry : DEFVAR '-' WORD",
536 "privileges : privilege",
537 "privileges : privileges ':' privilege",
538 "privilege : hostlist '=' cmndspeclist",
546 "cmndspeclist : cmndspec",
547 "cmndspeclist : cmndspeclist ',' cmndspec",
548 "cmndspec : runasspec selinux cmndtag opcmnd",
551 "rolespec : ROLE '=' WORD",
552 "typespec : TYPE '=' WORD",
554 "selinux : rolespec",
555 "selinux : typespec",
556 "selinux : rolespec typespec",
557 "selinux : typespec rolespec",
559 "runasspec : '(' runaslist ')'",
560 "runaslist : userlist",
561 "runaslist : userlist ':' grouplist",
562 "runaslist : ':' grouplist",
564 "cmndtag : cmndtag NOPASSWD",
565 "cmndtag : cmndtag PASSWD",
566 "cmndtag : cmndtag NOEXEC",
567 "cmndtag : cmndtag EXEC",
568 "cmndtag : cmndtag SETENV",
569 "cmndtag : cmndtag NOSETENV",
570 "cmndtag : cmndtag LOG_INPUT",
571 "cmndtag : cmndtag NOLOG_INPUT",
572 "cmndtag : cmndtag LOG_OUTPUT",
573 "cmndtag : cmndtag NOLOG_OUTPUT",
577 "hostaliases : hostalias",
578 "hostaliases : hostaliases ':' hostalias",
579 "hostalias : ALIAS '=' hostlist",
581 "hostlist : hostlist ',' ophost",
582 "cmndaliases : cmndalias",
583 "cmndaliases : cmndaliases ':' cmndalias",
584 "cmndalias : ALIAS '=' cmndlist",
586 "cmndlist : cmndlist ',' opcmnd",
587 "runasaliases : runasalias",
588 "runasaliases : runasaliases ':' runasalias",
589 "runasalias : ALIAS '=' userlist",
590 "useraliases : useralias",
591 "useraliases : useraliases ':' useralias",
592 "useralias : ALIAS '=' userlist",
594 "userlist : userlist ',' opuser",
602 "grouplist : opgroup",
603 "grouplist : grouplist ',' opgroup",
605 "opgroup : '!' group",
613 #define YYMAXDEPTH YYSTACKSIZE
616 #define YYSTACKSIZE YYMAXDEPTH
618 #define YYSTACKSIZE 10000
619 #define YYMAXDEPTH 10000
622 #define YYINITSTACKSIZE 200
637 static struct defaults *
638 new_default(var, val, op)
645 d = emalloc(sizeof(struct defaults));
648 tq_init(&d->binding);
657 static struct member *
658 new_member(name, type)
664 m = emalloc(sizeof(struct member));
674 * Add a list of defaults structures to the defaults list.
675 * The binding, if non-NULL, specifies a list of hosts, users, or
676 * runas users the entries apply to (specified by the type).
679 add_defaults(type, bmem, defs)
682 struct defaults *defs;
685 struct member_list binding;
688 * We can only call list2tq once on bmem as it will zero
689 * out the prev pointer when it consumes bmem.
691 list2tq(&binding, bmem);
694 * Set type and binding (who it applies to) for new entries.
696 for (d = defs; d != NULL; d = d->next) {
698 d->binding = binding;
700 tq_append(&defaults, defs);
704 * Allocate a new struct userspec, populate it, and insert it at the
705 * and of the userspecs list.
708 add_userspec(members, privs)
709 struct member *members;
710 struct privilege *privs;
714 u = emalloc(sizeof(*u));
715 list2tq(&u->users, members);
716 list2tq(&u->privileges, privs);
719 tq_append(&userspecs, u);
723 * Free up space used by data structures from a previous parser run and sets
724 * the current sudoers file to path.
727 init_parser(path, quiet)
732 struct member *m, *binding;
734 struct privilege *priv;
736 struct sudo_command *c;
738 while ((us = tq_pop(&userspecs)) != NULL) {
739 while ((m = tq_pop(&us->users)) != NULL) {
743 while ((priv = tq_pop(&us->privileges)) != NULL) {
744 struct member *runasuser = NULL, *runasgroup = NULL;
746 char *role = NULL, *type = NULL;
747 #endif /* HAVE_SELINUX */
749 while ((m = tq_pop(&priv->hostlist)) != NULL) {
753 while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
755 /* Only free the first instance of a role/type. */
756 if (cs->role != role) {
760 if (cs->type != type) {
764 #endif /* HAVE_SELINUX */
765 if (tq_last(&cs->runasuserlist) != runasuser) {
766 runasuser = tq_last(&cs->runasuserlist);
767 while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
772 if (tq_last(&cs->runasgrouplist) != runasgroup) {
773 runasgroup = tq_last(&cs->runasgrouplist);
774 while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
779 if (cs->cmnd->type == COMMAND) {
780 c = (struct sudo_command *) cs->cmnd->name;
784 efree(cs->cmnd->name);
795 while ((d = tq_pop(&defaults)) != NULL) {
796 if (tq_last(&d->binding) != binding) {
797 binding = tq_last(&d->binding);
798 while ((m = tq_pop(&d->binding)) != NULL) {
799 if (m->type == COMMAND) {
800 c = (struct sudo_command *) m->name;
819 sudoers = path ? estrdup(path) : NULL;
827 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
828 #if defined(__cplusplus) || defined(__STDC__)
829 static int yygrowstack(void)
831 static int yygrowstack()
838 if ((newsize = yystacksize) == 0)
839 newsize = YYINITSTACKSIZE;
840 else if (newsize >= YYMAXDEPTH)
842 else if ((newsize *= 2) > YYMAXDEPTH)
843 newsize = YYMAXDEPTH;
846 #define YY_SIZE_MAX SIZE_MAX
848 #define YY_SIZE_MAX 0x7fffffff
850 if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
852 newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
853 (short *)malloc(newsize * sizeof *newss); /* overflow check above */
858 if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
860 newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
861 (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
866 yystacksize = newsize;
867 yysslim = yyss + newsize - 1;
880 #define YYABORT goto yyabort
881 #define YYREJECT goto yyabort
882 #define YYACCEPT goto yyaccept
883 #define YYERROR goto yyerrlab
885 #if defined(__cplusplus) || defined(__STDC__)
891 int yym, yyn, yystate;
893 #if defined(__cplusplus) || defined(__STDC__)
895 #else /* !(defined(__cplusplus) || defined(__STDC__)) */
897 #endif /* !(defined(__cplusplus) || defined(__STDC__)) */
899 if ((yys = getenv("YYDEBUG")))
902 if (yyn >= '0' && yyn <= '9')
911 if (yyss == NULL && yygrowstack()) goto yyoverflow;
914 *yyssp = yystate = 0;
917 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
920 if ((yychar = yylex()) < 0) yychar = 0;
925 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
926 if (!yys) yys = "illegal-symbol";
927 printf("%sdebug: state %d, reading %d (%s)\n",
928 YYPREFIX, yystate, yychar, yys);
932 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
933 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
937 printf("%sdebug: state %d, shifting to state %d\n",
938 YYPREFIX, yystate, yytable[yyn]);
940 if (yyssp >= yysslim && yygrowstack())
944 *++yyssp = yystate = yytable[yyn];
947 if (yyerrflag > 0) --yyerrflag;
950 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
951 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
956 if (yyerrflag) goto yyinrecovery;
957 #if defined(lint) || defined(__GNUC__)
961 yyerror("syntax error");
962 #if defined(lint) || defined(__GNUC__)
973 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
974 yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
978 printf("%sdebug: state %d, error recovery shifting\
979 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
981 if (yyssp >= yysslim && yygrowstack())
985 *++yyssp = yystate = yytable[yyn];
993 printf("%sdebug: error recovery discarding state %d\n",
996 if (yyssp <= yyss) goto yyabort;
1004 if (yychar == 0) goto yyabort;
1009 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1010 if (!yys) yys = "illegal-symbol";
1011 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1012 YYPREFIX, yystate, yychar, yys);
1021 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1022 YYPREFIX, yystate, yyn, yyrule[yyn]);
1026 yyval = yyvsp[1-yym];
1028 memset(&yyval, 0, sizeof yyval);
1050 add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
1080 add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
1086 add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
1092 add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
1098 add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
1104 add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
1110 list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
1111 yyval.defaults = yyvsp[-2].defaults;
1117 yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
1123 yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
1129 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
1135 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
1141 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
1147 list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
1148 yyval.privilege = yyvsp[-2].privilege;
1154 struct privilege *p = emalloc(sizeof(*p));
1155 list2tq(&p->hostlist, yyvsp[-2].member);
1156 list2tq(&p->cmndlist, yyvsp[0].cmndspec);
1159 yyval.privilege = p;
1165 yyval.member = yyvsp[0].member;
1166 yyval.member->negated = FALSE;
1172 yyval.member = yyvsp[0].member;
1173 yyval.member->negated = TRUE;
1179 yyval.member = new_member(yyvsp[0].string, ALIAS);
1185 yyval.member = new_member(NULL, ALL);
1191 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1197 yyval.member = new_member(yyvsp[0].string, NTWKADDR);
1203 yyval.member = new_member(yyvsp[0].string, WORD);
1209 list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
1211 /* propagate role and type */
1212 if (yyvsp[0].cmndspec->role == NULL)
1213 yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
1214 if (yyvsp[0].cmndspec->type == NULL)
1215 yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
1216 #endif /* HAVE_SELINUX */
1217 /* propagate tags and runas list */
1218 if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
1219 yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
1220 if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
1221 yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
1222 if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
1223 yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
1224 yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
1225 if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
1226 yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
1227 if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
1228 yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
1229 if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
1230 tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
1231 (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
1232 !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
1233 yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
1234 yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
1236 yyval.cmndspec = yyvsp[-2].cmndspec;
1242 struct cmndspec *cs = emalloc(sizeof(*cs));
1243 if (yyvsp[-3].runas != NULL) {
1244 list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers);
1245 list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups);
1246 efree(yyvsp[-3].runas);
1248 tq_init(&cs->runasuserlist);
1249 tq_init(&cs->runasgrouplist);
1252 cs->role = yyvsp[-2].seinfo.role;
1253 cs->type = yyvsp[-2].seinfo.type;
1255 cs->tags = yyvsp[-1].tag;
1256 cs->cmnd = yyvsp[0].member;
1259 /* sudo "ALL" implies the SETENV tag */
1260 if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
1261 cs->tags.setenv == UNSPEC)
1262 cs->tags.setenv = IMPLIED;
1263 yyval.cmndspec = cs;
1269 yyval.member = yyvsp[0].member;
1270 yyval.member->negated = FALSE;
1276 yyval.member = yyvsp[0].member;
1277 yyval.member->negated = TRUE;
1283 yyval.string = yyvsp[0].string;
1289 yyval.string = yyvsp[0].string;
1295 yyval.seinfo.role = NULL;
1296 yyval.seinfo.type = NULL;
1302 yyval.seinfo.role = yyvsp[0].string;
1303 yyval.seinfo.type = NULL;
1309 yyval.seinfo.type = yyvsp[0].string;
1310 yyval.seinfo.role = NULL;
1316 yyval.seinfo.role = yyvsp[-1].string;
1317 yyval.seinfo.type = yyvsp[0].string;
1323 yyval.seinfo.type = yyvsp[-1].string;
1324 yyval.seinfo.role = yyvsp[0].string;
1336 yyval.runas = yyvsp[-1].runas;
1342 yyval.runas = emalloc(sizeof(struct runascontainer));
1343 yyval.runas->runasusers = yyvsp[0].member;
1344 yyval.runas->runasgroups = NULL;
1350 yyval.runas = emalloc(sizeof(struct runascontainer));
1351 yyval.runas->runasusers = yyvsp[-2].member;
1352 yyval.runas->runasgroups = yyvsp[0].member;
1358 yyval.runas = emalloc(sizeof(struct runascontainer));
1359 yyval.runas->runasusers = NULL;
1360 yyval.runas->runasgroups = yyvsp[0].member;
1366 yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
1367 yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
1373 yyval.tag.nopasswd = TRUE;
1379 yyval.tag.nopasswd = FALSE;
1385 yyval.tag.noexec = TRUE;
1391 yyval.tag.noexec = FALSE;
1397 yyval.tag.setenv = TRUE;
1403 yyval.tag.setenv = FALSE;
1409 yyval.tag.log_input = TRUE;
1415 yyval.tag.log_input = FALSE;
1421 yyval.tag.log_output = TRUE;
1427 yyval.tag.log_output = FALSE;
1433 yyval.member = new_member(NULL, ALL);
1439 yyval.member = new_member(yyvsp[0].string, ALIAS);
1445 struct sudo_command *c = emalloc(sizeof(*c));
1446 c->cmnd = yyvsp[0].command.cmnd;
1447 c->args = yyvsp[0].command.args;
1448 yyval.member = new_member((char *)c, COMMAND);
1455 if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
1464 list_append(yyvsp[-2].member, yyvsp[0].member);
1465 yyval.member = yyvsp[-2].member;
1472 if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
1481 list_append(yyvsp[-2].member, yyvsp[0].member);
1482 yyval.member = yyvsp[-2].member;
1489 if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
1499 if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
1508 list_append(yyvsp[-2].member, yyvsp[0].member);
1509 yyval.member = yyvsp[-2].member;
1515 yyval.member = yyvsp[0].member;
1516 yyval.member->negated = FALSE;
1522 yyval.member = yyvsp[0].member;
1523 yyval.member->negated = TRUE;
1529 yyval.member = new_member(yyvsp[0].string, ALIAS);
1535 yyval.member = new_member(NULL, ALL);
1541 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1547 yyval.member = new_member(yyvsp[0].string, USERGROUP);
1553 yyval.member = new_member(yyvsp[0].string, WORD);
1559 list_append(yyvsp[-2].member, yyvsp[0].member);
1560 yyval.member = yyvsp[-2].member;
1566 yyval.member = yyvsp[0].member;
1567 yyval.member->negated = FALSE;
1573 yyval.member = yyvsp[0].member;
1574 yyval.member->negated = TRUE;
1580 yyval.member = new_member(yyvsp[0].string, ALIAS);
1586 yyval.member = new_member(NULL, ALL);
1592 yyval.member = new_member(yyvsp[0].string, WORD);
1595 #line 1543 "y.tab.c"
1601 if (yystate == 0 && yym == 0)
1605 printf("%sdebug: after reduction, shifting from state 0 to\
1606 state %d\n", YYPREFIX, YYFINAL);
1613 if ((yychar = yylex()) < 0) yychar = 0;
1618 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1619 if (!yys) yys = "illegal-symbol";
1620 printf("%sdebug: state %d, reading %d (%s)\n",
1621 YYPREFIX, YYFINAL, yychar, yys);
1625 if (yychar == 0) goto yyaccept;
1628 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1629 yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
1630 yystate = yytable[yyn];
1632 yystate = yydgoto[yym];
1635 printf("%sdebug: after reduction, shifting from state %d \
1636 to state %d\n", YYPREFIX, *yyssp, yystate);
1638 if (yyssp >= yysslim && yygrowstack())
1646 yyerror("yacc stack overflow");
1652 yyss = yyssp = NULL;
1653 yyvs = yyvsp = NULL;
1661 yyss = yyssp = NULL;
1662 yyvs = yyvsp = NULL;
projects / debian / sudo / blob