9 #define yyclearin (yychar=(YYEMPTY))
10 #define yyerrok (yyerrflag=0)
11 #define YYRECOVERING() (yyerrflag!=0)
12 #define yyparse sudoersparse
13 #define yylex sudoerslex
14 #define yyerror sudoerserror
15 #define yychar sudoerschar
16 #define yyval sudoersval
17 #define yylval sudoerslval
18 #define yydebug sudoersdebug
19 #define yynerrs sudoersnerrs
20 #define yyerrflag sudoerserrflag
21 #define yyss sudoersss
22 #define yysslim sudoerssslim
23 #define yyssp sudoersssp
24 #define yyvs sudoersvs
25 #define yyvsp sudoersvsp
26 #define yystacksize sudoersstacksize
27 #define yylhs sudoerslhs
28 #define yylen sudoerslen
29 #define yydefred sudoersdefred
30 #define yydgoto sudoersdgoto
31 #define yysindex sudoerssindex
32 #define yyrindex sudoersrindex
33 #define yygindex sudoersgindex
34 #define yytable sudoerstable
35 #define yycheck sudoerscheck
36 #define yyname sudoersname
37 #define yyrule sudoersrule
38 #define YYPREFIX "sudoers"
41 * Copyright (c) 1996, 1998-2005, 2007-2013
42 * Todd C. Miller <Todd.Miller@courtesan.com>
44 * Permission to use, copy, modify, and distribute this software for any
45 * purpose with or without fee is hereby granted, provided that the above
46 * copyright notice and this permission notice appear in all copies.
48 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
49 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
50 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
51 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
52 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
53 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
54 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
55 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
56 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
58 * Sponsored in part by the Defense Advanced Research Projects
59 * Agency (DARPA) and Air Force Research Laboratory, Air Force
60 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
65 #include <sys/types.h>
74 #endif /* STDC_HEADERS */
77 #endif /* HAVE_STRING_H */
80 #endif /* HAVE_STRINGS_H */
83 #endif /* HAVE_UNISTD_H */
84 #ifdef HAVE_INTTYPES_H
85 # include <inttypes.h>
87 #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
89 #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
92 #include "sudoers.h" /* XXX */
97 * We must define SIZE_MAX for yacc's skeleton.c.
98 * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
99 * could be signed (as it is on SunOS 4.x).
103 # define SIZE_MAX SIZE_T_MAX
105 # define SIZE_MAX INT_MAX
106 # endif /* SIZE_T_MAX */
107 #endif /* SIZE_MAX */
112 extern int sudolineno;
113 extern int last_token;
114 extern char *sudoers;
115 bool sudoers_warnings = true;
116 bool parse_error = false;
117 int errorlineno = -1;
118 char *errorfile = NULL;
120 struct defaults_list defaults;
121 struct userspec_list userspecs;
126 static void add_defaults(int, struct member *, struct defaults *);
127 static void add_userspec(struct member *, struct privilege *);
128 static struct defaults *new_default(char *, char *, int);
129 static struct member *new_member(char *, int);
130 static struct sudo_digest *new_digest(int, const char *);
132 #ifndef YYSTYPE_DEFINED
133 #define YYSTYPE_DEFINED
135 struct cmndspec *cmndspec;
136 struct defaults *defaults;
137 struct member *member;
138 struct runascontainer *runas;
139 struct privilege *privilege;
140 struct sudo_digest *digest;
141 struct sudo_command command;
143 struct selinux_info seinfo;
144 struct solaris_privs_info privinfo;
148 #endif /* YYSTYPE_DEFINED */
155 #define USERGROUP 262
159 #define DEFAULTS_HOST 266
160 #define DEFAULTS_USER 267
161 #define DEFAULTS_RUNAS 268
162 #define DEFAULTS_CMND 269
169 #define LOG_INPUT 276
170 #define NOLOG_INPUT 277
171 #define LOG_OUTPUT 278
172 #define NOLOG_OUTPUT 279
175 #define HOSTALIAS 282
176 #define CMNDALIAS 283
177 #define USERALIAS 284
178 #define RUNASALIAS 285
183 #define LIMITPRIVS 290
189 #define YYERRCODE 256
190 #if defined(__cplusplus) || defined(__STDC__)
191 const short sudoerslhs[] =
196 0, 0, 30, 30, 31, 31, 31, 31, 31, 31,
197 31, 31, 31, 31, 31, 31, 4, 4, 3, 3,
198 3, 3, 3, 21, 21, 20, 11, 11, 9, 9,
199 9, 9, 9, 2, 2, 1, 29, 29, 29, 29,
200 7, 7, 6, 6, 24, 25, 23, 23, 23, 23,
201 23, 27, 28, 26, 26, 26, 26, 26, 18, 18,
202 19, 19, 19, 19, 19, 22, 22, 22, 22, 22,
203 22, 22, 22, 22, 22, 22, 5, 5, 5, 33,
204 33, 36, 10, 10, 34, 34, 37, 8, 8, 35,
205 35, 38, 32, 32, 39, 14, 14, 12, 12, 13,
206 13, 13, 13, 13, 17, 17, 15, 15, 16, 16,
209 #if defined(__cplusplus) || defined(__STDC__)
210 const short sudoerslen[] =
215 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
216 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
217 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
218 1, 1, 1, 1, 3, 5, 3, 3, 3, 3,
219 1, 2, 1, 2, 3, 3, 0, 1, 1, 2,
220 2, 3, 3, 0, 1, 1, 2, 2, 0, 3,
221 0, 1, 3, 2, 1, 0, 2, 2, 2, 2,
222 2, 2, 2, 2, 2, 2, 1, 1, 1, 1,
223 3, 3, 1, 3, 1, 3, 3, 1, 3, 1,
224 3, 3, 1, 3, 3, 1, 3, 1, 2, 1,
225 1, 1, 1, 1, 1, 3, 1, 2, 1, 1,
228 #if defined(__cplusplus) || defined(__STDC__)
229 const short sudoersdefred[] =
231 short sudoersdefred[] =
234 0, 100, 102, 103, 104, 0, 0, 0, 0, 0,
235 101, 5, 0, 0, 0, 0, 0, 0, 96, 98,
236 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
237 31, 33, 30, 0, 27, 0, 83, 0, 0, 79,
238 78, 77, 0, 0, 0, 0, 0, 43, 41, 88,
239 0, 0, 0, 0, 80, 0, 0, 85, 0, 0,
240 93, 0, 0, 90, 99, 0, 0, 24, 0, 4,
241 0, 0, 0, 20, 0, 28, 0, 0, 0, 0,
242 44, 0, 0, 0, 0, 0, 0, 42, 0, 0,
243 0, 0, 0, 0, 0, 0, 97, 0, 0, 21,
244 22, 23, 18, 84, 37, 38, 39, 40, 89, 0,
245 81, 0, 86, 0, 94, 0, 91, 0, 34, 0,
246 0, 25, 0, 0, 0, 0, 0, 0, 0, 0,
247 0, 109, 111, 110, 0, 105, 107, 0, 0, 60,
248 35, 0, 0, 0, 0, 66, 0, 0, 50, 51,
249 108, 0, 0, 46, 45, 0, 0, 0, 57, 58,
250 106, 52, 53, 67, 68, 69, 70, 71, 72, 73,
253 #if defined(__cplusplus) || defined(__STDC__)
254 const short sudoersdgoto[] =
256 short sudoersdgoto[] =
259 119, 120, 27, 28, 48, 49, 50, 51, 35, 67,
260 37, 19, 20, 21, 136, 137, 138, 121, 125, 68,
261 69, 158, 129, 130, 131, 146, 147, 148, 52, 22,
262 23, 60, 54, 57, 63, 55, 58, 64, 61,
264 #if defined(__cplusplus) || defined(__STDC__)
265 const short sudoerssindex[] =
267 short sudoerssindex[] =
270 -277, 0, 0, 0, 0, -13, 75, 105, 105, -15,
271 0, 0, -246, -241, -217, -210, -226, 0, 0, 0,
272 -5, -33, 0, 0, -3, -244, 0, 5, 0, 0,
273 0, 0, 0, -237, 0, -28, 0, -19, -19, 0,
274 0, 0, -251, -7, -1, 4, 7, 0, 0, 0,
275 -14, -20, -2, 8, 0, 6, 11, 0, 9, 13,
276 0, 12, 14, 0, 0, 105, -11, 0, 18, 0,
277 -203, -200, -188, 0, -13, 0, 75, 5, 5, 5,
278 0, -187, -185, -184, -183, -15, 5, 0, 75, -246,
279 -15, -241, 105, -217, 105, -210, 0, 42, 75, 0,
280 0, 0, 0, 0, 0, 0, 0, 0, 0, 39,
281 0, 40, 0, 43, 0, 43, 0, 45, 0, 44,
282 -279, 0, 135, -6, 49, 42, 25, 32, -243, -195,
283 -192, 0, 0, 0, -236, 0, 0, 54, 135, 0,
284 0, -164, -163, 41, 46, 0, -189, -180, 0, 0,
285 0, 135, 54, 0, 0, -159, -158, 585, 0, 0,
286 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
288 #if defined(__cplusplus) || defined(__STDC__)
289 const short sudoersrindex[] =
291 short sudoersrindex[] =
294 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
295 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
296 0, 110, 0, 0, 1, 0, 0, 181, 0, 0,
297 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
298 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
299 0, 0, 0, 211, 0, 0, 241, 0, 0, 271,
300 0, 0, 301, 0, 0, 0, 0, 0, 331, 0,
301 0, 0, 0, 0, 0, 0, 0, 361, 391, 421,
302 0, 0, 0, 0, 0, 0, 451, 0, 0, 0,
303 0, 0, 0, 0, 0, 0, 0, 467, 0, 0,
304 0, 0, 0, 0, 0, 0, 0, 0, 0, 31,
305 0, 61, 0, 91, 0, 121, 0, 70, 0, 151,
306 495, 0, 71, 72, 0, 467, 0, 0, 615, 525,
307 555, 0, 0, 0, 0, 0, 0, 73, 0, 0,
308 0, 0, 0, 0, 0, 0, 645, 675, 0, 0,
309 0, 0, 74, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
312 #if defined(__cplusplus) || defined(__STDC__)
313 const short sudoersgindex[] =
315 short sudoersgindex[] =
318 -10, 0, 47, 17, 80, 65, -84, 27, 92, -4,
319 48, 62, 112, 2, -25, 10, -9, 0, 0, 33,
320 0, 0, 0, 3, 16, 0, -17, -12, 0, 0,
321 111, 0, 0, 0, 0, 50, 51, 52, 53,
323 #define YYTABLESIZE 970
324 #if defined(__cplusplus) || defined(__STDC__)
325 const short sudoerstable[] =
327 short sudoerstable[] =
330 19, 109, 36, 24, 26, 40, 41, 127, 128, 38,
331 39, 53, 43, 26, 74, 77, 56, 43, 26, 26,
332 29, 132, 30, 31, 66, 32, 133, 34, 42, 86,
333 82, 2, 77, 19, 3, 4, 5, 66, 66, 72,
334 59, 73, 33, 134, 19, 144, 145, 62, 75, 98,
335 82, 139, 78, 11, 79, 80, 83, 71, 89, 100,
336 87, 84, 101, 82, 85, 90, 91, 87, 92, 93,
337 94, 96, 95, 174, 102, 99, 105, 17, 106, 107,
338 108, 118, 77, 86, 110, 142, 66, 126, 82, 140,
339 95, 127, 143, 87, 114, 128, 116, 152, 154, 155,
340 145, 156, 123, 162, 163, 1, 157, 34, 144, 2,
341 61, 65, 62, 64, 63, 141, 88, 112, 87, 124,
342 92, 103, 81, 95, 104, 76, 161, 97, 65, 153,
343 160, 122, 70, 150, 159, 0, 0, 17, 0, 111,
344 0, 0, 113, 0, 151, 149, 115, 117, 95, 0,
345 26, 0, 0, 92, 0, 0, 0, 0, 0, 0,
346 0, 0, 0, 0, 0, 0, 0, 135, 0, 0,
347 0, 0, 0, 0, 0, 0, 0, 0, 92, 0,
348 12, 0, 0, 26, 0, 0, 0, 0, 0, 0,
349 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
350 0, 0, 0, 0, 0, 0, 0, 0, 26, 0,
351 9, 0, 0, 12, 0, 0, 0, 0, 0, 0,
352 0, 0, 1, 0, 2, 0, 0, 3, 4, 5,
353 25, 6, 7, 8, 9, 10, 40, 41, 0, 25,
354 10, 40, 41, 9, 25, 25, 11, 12, 13, 14,
355 15, 16, 29, 0, 30, 31, 19, 32, 19, 42,
356 0, 19, 19, 19, 42, 19, 19, 19, 19, 19,
357 8, 0, 0, 10, 33, 0, 44, 45, 46, 47,
358 19, 19, 19, 19, 19, 19, 82, 0, 82, 0,
359 0, 82, 82, 82, 0, 82, 82, 82, 82, 82,
360 11, 0, 2, 8, 0, 3, 4, 5, 0, 0,
361 82, 82, 82, 82, 82, 82, 87, 0, 87, 0,
362 0, 87, 87, 87, 11, 87, 87, 87, 87, 87,
363 7, 0, 29, 11, 30, 31, 0, 32, 0, 0,
364 87, 87, 87, 87, 87, 87, 95, 0, 95, 0,
365 0, 95, 95, 95, 33, 95, 95, 95, 95, 95,
366 15, 0, 2, 7, 0, 3, 4, 5, 0, 0,
367 95, 95, 95, 95, 95, 95, 92, 0, 92, 0,
368 0, 92, 92, 92, 11, 92, 92, 92, 92, 92,
369 13, 0, 132, 15, 0, 0, 0, 133, 0, 0,
370 92, 92, 92, 92, 92, 92, 26, 0, 26, 0,
371 0, 26, 26, 26, 134, 26, 26, 26, 26, 26,
372 14, 0, 0, 13, 0, 0, 0, 0, 0, 0,
373 26, 26, 26, 26, 26, 26, 12, 0, 12, 0,
374 0, 12, 12, 12, 0, 12, 12, 12, 12, 12,
375 16, 0, 0, 14, 0, 0, 0, 0, 0, 0,
376 12, 12, 12, 12, 12, 12, 9, 0, 9, 0,
377 0, 9, 9, 9, 0, 9, 9, 9, 9, 9,
378 0, 0, 0, 16, 0, 0, 0, 0, 0, 0,
379 9, 9, 9, 9, 9, 9, 10, 0, 10, 59,
380 0, 10, 10, 10, 0, 10, 10, 10, 10, 10,
381 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
382 10, 10, 10, 10, 10, 10, 8, 47, 8, 0,
383 0, 8, 8, 8, 0, 8, 8, 8, 8, 8,
384 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
385 8, 8, 8, 8, 8, 8, 11, 48, 11, 0,
386 0, 11, 11, 11, 0, 11, 11, 11, 11, 11,
387 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
388 11, 11, 11, 11, 11, 11, 7, 49, 7, 0,
389 0, 7, 7, 7, 0, 7, 7, 7, 7, 7,
390 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
391 7, 7, 7, 7, 7, 7, 15, 43, 15, 0,
392 0, 15, 15, 15, 0, 15, 15, 15, 15, 15,
393 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
394 15, 15, 15, 15, 15, 15, 13, 54, 13, 0,
395 0, 13, 13, 13, 0, 13, 13, 13, 13, 13,
396 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
397 13, 13, 13, 13, 13, 13, 14, 55, 14, 0,
398 0, 14, 14, 14, 0, 14, 14, 14, 14, 14,
399 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
400 14, 14, 14, 14, 14, 14, 16, 56, 16, 0,
401 0, 16, 16, 16, 0, 16, 16, 16, 16, 16,
402 0, 0, 0, 59, 59, 0, 0, 0, 0, 0,
403 16, 16, 16, 16, 16, 16, 59, 59, 59, 59,
404 59, 59, 59, 59, 59, 59, 59, 0, 0, 0,
405 0, 47, 47, 59, 59, 59, 59, 0, 59, 59,
406 59, 59, 0, 0, 47, 47, 47, 47, 47, 47,
407 47, 47, 47, 47, 47, 0, 0, 0, 0, 0,
408 0, 48, 48, 47, 47, 0, 47, 47, 47, 47,
409 0, 0, 0, 0, 48, 48, 48, 48, 48, 48,
410 48, 48, 48, 48, 48, 0, 0, 0, 0, 0,
411 0, 49, 49, 48, 48, 0, 48, 48, 48, 48,
412 0, 0, 0, 0, 49, 49, 49, 49, 49, 49,
413 49, 49, 49, 49, 49, 0, 0, 0, 0, 0,
414 0, 40, 41, 49, 49, 0, 49, 49, 49, 49,
415 0, 0, 0, 0, 164, 165, 166, 167, 168, 169,
416 170, 171, 172, 173, 42, 0, 0, 0, 0, 0,
417 0, 54, 54, 0, 0, 0, 44, 45, 46, 47,
418 0, 0, 0, 0, 54, 54, 54, 54, 54, 54,
419 54, 54, 54, 54, 54, 0, 0, 0, 0, 0,
420 0, 55, 55, 0, 0, 0, 54, 54, 54, 54,
421 0, 0, 0, 0, 55, 55, 55, 55, 55, 55,
422 55, 55, 55, 55, 55, 0, 0, 0, 0, 0,
423 0, 56, 56, 0, 0, 0, 55, 55, 55, 55,
424 0, 0, 0, 0, 56, 56, 56, 56, 56, 56,
425 56, 56, 56, 56, 56, 0, 0, 0, 0, 0,
426 0, 0, 0, 0, 0, 0, 56, 56, 56, 56,
428 #if defined(__cplusplus) || defined(__STDC__)
429 const short sudoerscheck[] =
431 short sudoerscheck[] =
434 0, 86, 7, 281, 33, 257, 258, 287, 288, 8,
435 9, 258, 33, 33, 259, 44, 258, 33, 33, 33,
436 258, 258, 260, 261, 44, 263, 263, 33, 280, 44,
437 0, 258, 44, 33, 261, 262, 263, 44, 44, 43,
438 258, 45, 280, 280, 44, 289, 290, 258, 44, 61,
439 58, 58, 36, 280, 38, 39, 58, 61, 61, 263,
440 0, 58, 263, 33, 58, 58, 61, 51, 58, 61,
441 58, 58, 61, 158, 263, 58, 264, 33, 264, 264,
442 264, 40, 44, 44, 89, 61, 44, 44, 58, 41,
443 0, 287, 61, 33, 93, 288, 95, 44, 263, 263,
444 290, 61, 58, 263, 263, 0, 61, 33, 289, 0,
445 41, 41, 41, 41, 41, 126, 52, 91, 58, 118,
446 0, 75, 43, 33, 77, 34, 152, 66, 17, 139,
447 148, 99, 22, 131, 147, -1, -1, 33, -1, 90,
448 -1, -1, 92, -1, 135, 130, 94, 96, 58, -1,
449 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
450 -1, -1, -1, -1, -1, -1, -1, 33, -1, -1,
451 -1, -1, -1, -1, -1, -1, -1, -1, 58, -1,
452 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
453 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
454 -1, -1, -1, -1, -1, -1, -1, -1, 58, -1,
455 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
456 -1, -1, 256, -1, 258, -1, -1, 261, 262, 263,
457 259, 265, 266, 267, 268, 269, 257, 258, -1, 259,
458 0, 257, 258, 33, 259, 259, 280, 281, 282, 283,
459 284, 285, 258, -1, 260, 261, 256, 263, 258, 280,
460 -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
461 0, -1, -1, 33, 280, -1, 292, 293, 294, 295,
462 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
463 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
464 0, -1, 258, 33, -1, 261, 262, 263, -1, -1,
465 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
466 -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
467 0, -1, 258, 33, 260, 261, -1, 263, -1, -1,
468 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
469 -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
470 0, -1, 258, 33, -1, 261, 262, 263, -1, -1,
471 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
472 -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
473 0, -1, 258, 33, -1, -1, -1, 263, -1, -1,
474 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
475 -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
476 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
477 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
478 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
479 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
480 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
481 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
482 -1, -1, -1, 33, -1, -1, -1, -1, -1, -1,
483 280, 281, 282, 283, 284, 285, 256, -1, 258, 33,
484 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
485 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
486 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
487 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
488 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
489 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
490 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
491 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
492 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
493 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
494 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
495 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
496 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
497 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
498 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
499 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
500 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
501 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
502 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
503 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
504 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
505 -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
506 -1, -1, -1, 257, 258, -1, -1, -1, -1, -1,
507 280, 281, 282, 283, 284, 285, 270, 271, 272, 273,
508 274, 275, 276, 277, 278, 279, 280, -1, -1, -1,
509 -1, 257, 258, 287, 288, 289, 290, -1, 292, 293,
510 294, 295, -1, -1, 270, 271, 272, 273, 274, 275,
511 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
512 -1, 257, 258, 289, 290, -1, 292, 293, 294, 295,
513 -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
514 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
515 -1, 257, 258, 289, 290, -1, 292, 293, 294, 295,
516 -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
517 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
518 -1, 257, 258, 289, 290, -1, 292, 293, 294, 295,
519 -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
520 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
521 -1, 257, 258, -1, -1, -1, 292, 293, 294, 295,
522 -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
523 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
524 -1, 257, 258, -1, -1, -1, 292, 293, 294, 295,
525 -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
526 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
527 -1, 257, 258, -1, -1, -1, 292, 293, 294, 295,
528 -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
529 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
530 -1, -1, -1, -1, -1, -1, 292, 293, 294, 295,
536 #define YYMAXTOKEN 295
538 #if defined(__cplusplus) || defined(__STDC__)
539 const char * const sudoersname[] =
541 char *sudoersname[] =
544 "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
545 "'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
546 0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
547 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
548 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
549 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
550 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
551 "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DIGEST",
552 "DEFAULTS","DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND",
553 "NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT",
554 "NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS",
555 "CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS",
556 "MYSELF","SHA224","SHA256","SHA384","SHA512",
558 #if defined(__cplusplus) || defined(__STDC__)
559 const char * const sudoersrule[] =
561 char *sudoersrule[] =
569 "entry : error COMMENT",
570 "entry : userlist privileges",
571 "entry : USERALIAS useraliases",
572 "entry : HOSTALIAS hostaliases",
573 "entry : CMNDALIAS cmndaliases",
574 "entry : RUNASALIAS runasaliases",
575 "entry : DEFAULTS defaults_list",
576 "entry : DEFAULTS_USER userlist defaults_list",
577 "entry : DEFAULTS_RUNAS userlist defaults_list",
578 "entry : DEFAULTS_HOST hostlist defaults_list",
579 "entry : DEFAULTS_CMND cmndlist defaults_list",
580 "defaults_list : defaults_entry",
581 "defaults_list : defaults_list ',' defaults_entry",
582 "defaults_entry : DEFVAR",
583 "defaults_entry : '!' DEFVAR",
584 "defaults_entry : DEFVAR '=' WORD",
585 "defaults_entry : DEFVAR '+' WORD",
586 "defaults_entry : DEFVAR '-' WORD",
587 "privileges : privilege",
588 "privileges : privileges ':' privilege",
589 "privilege : hostlist '=' cmndspeclist",
597 "cmndspeclist : cmndspec",
598 "cmndspeclist : cmndspeclist ',' cmndspec",
599 "cmndspec : runasspec selinux solarisprivs cmndtag digcmnd",
600 "digest : SHA224 ':' DIGEST",
601 "digest : SHA256 ':' DIGEST",
602 "digest : SHA384 ':' DIGEST",
603 "digest : SHA512 ':' DIGEST",
605 "digcmnd : digest opcmnd",
608 "rolespec : ROLE '=' WORD",
609 "typespec : TYPE '=' WORD",
611 "selinux : rolespec",
612 "selinux : typespec",
613 "selinux : rolespec typespec",
614 "selinux : typespec rolespec",
615 "privsspec : PRIVS '=' WORD",
616 "limitprivsspec : LIMITPRIVS '=' WORD",
618 "solarisprivs : privsspec",
619 "solarisprivs : limitprivsspec",
620 "solarisprivs : privsspec limitprivsspec",
621 "solarisprivs : limitprivsspec privsspec",
623 "runasspec : '(' runaslist ')'",
625 "runaslist : userlist",
626 "runaslist : userlist ':' grouplist",
627 "runaslist : ':' grouplist",
630 "cmndtag : cmndtag NOPASSWD",
631 "cmndtag : cmndtag PASSWD",
632 "cmndtag : cmndtag NOEXEC",
633 "cmndtag : cmndtag EXEC",
634 "cmndtag : cmndtag SETENV",
635 "cmndtag : cmndtag NOSETENV",
636 "cmndtag : cmndtag LOG_INPUT",
637 "cmndtag : cmndtag NOLOG_INPUT",
638 "cmndtag : cmndtag LOG_OUTPUT",
639 "cmndtag : cmndtag NOLOG_OUTPUT",
643 "hostaliases : hostalias",
644 "hostaliases : hostaliases ':' hostalias",
645 "hostalias : ALIAS '=' hostlist",
647 "hostlist : hostlist ',' ophost",
648 "cmndaliases : cmndalias",
649 "cmndaliases : cmndaliases ':' cmndalias",
650 "cmndalias : ALIAS '=' cmndlist",
651 "cmndlist : digcmnd",
652 "cmndlist : cmndlist ',' digcmnd",
653 "runasaliases : runasalias",
654 "runasaliases : runasaliases ':' runasalias",
655 "runasalias : ALIAS '=' userlist",
656 "useraliases : useralias",
657 "useraliases : useraliases ':' useralias",
658 "useralias : ALIAS '=' userlist",
660 "userlist : userlist ',' opuser",
668 "grouplist : opgroup",
669 "grouplist : grouplist ',' opgroup",
671 "opgroup : '!' group",
679 #define YYMAXDEPTH YYSTACKSIZE
682 #define YYSTACKSIZE YYMAXDEPTH
684 #define YYSTACKSIZE 10000
685 #define YYMAXDEPTH 10000
688 #define YYINITSTACKSIZE 200
704 sudoerserror(const char *s)
706 debug_decl(sudoerserror, SUDO_DEBUG_PARSER)
708 /* If we last saw a newline the error is on the preceding line. */
709 if (last_token == COMMENT)
712 /* Save the line the first error occurred on. */
713 if (errorlineno == -1) {
714 errorlineno = sudolineno;
715 errorfile = estrdup(sudoers);
717 if (sudoers_warnings && s != NULL) {
720 if (trace_print == NULL || trace_print == sudoers_trace_print) {
721 const char fmt[] = ">>> %s: %s near line %d <<<\n";
724 /* Warnings are displayed in the user's locale. */
725 sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
726 sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno);
727 sudoers_setlocale(oldlocale, NULL);
735 static struct defaults *
736 new_default(char *var, char *val, int op)
739 debug_decl(new_default, SUDO_DEBUG_PARSER)
741 d = ecalloc(1, sizeof(struct defaults));
744 tq_init(&d->binding);
748 /* d->next = NULL; */
753 static struct member *
754 new_member(char *name, int type)
757 debug_decl(new_member, SUDO_DEBUG_PARSER)
759 m = ecalloc(1, sizeof(struct member));
763 /* m->next = NULL; */
769 new_digest(int digest_type, const char *digest_str)
771 struct sudo_digest *dig;
772 debug_decl(new_digest, SUDO_DEBUG_PARSER)
774 dig = emalloc(sizeof(*dig));
775 dig->digest_type = digest_type;
776 dig->digest_str = estrdup(digest_str);
778 debug_return_ptr(dig);
782 * Add a list of defaults structures to the defaults list.
783 * The binding, if non-NULL, specifies a list of hosts, users, or
784 * runas users the entries apply to (specified by the type).
787 add_defaults(int type, struct member *bmem, struct defaults *defs)
790 struct member_list binding;
791 debug_decl(add_defaults, SUDO_DEBUG_PARSER)
794 * We can only call list2tq once on bmem as it will zero
795 * out the prev pointer when it consumes bmem.
797 list2tq(&binding, bmem);
800 * Set type and binding (who it applies to) for new entries.
802 for (d = defs; d != NULL; d = d->next) {
804 d->binding = binding;
806 tq_append(&defaults, defs);
812 * Allocate a new struct userspec, populate it, and insert it at the
813 * and of the userspecs list.
816 add_userspec(struct member *members, struct privilege *privs)
819 debug_decl(add_userspec, SUDO_DEBUG_PARSER)
821 u = ecalloc(1, sizeof(*u));
822 list2tq(&u->users, members);
823 list2tq(&u->privileges, privs);
825 /* u->next = NULL; */
826 tq_append(&userspecs, u);
832 * Free up space used by data structures from a previous parser run and sets
833 * the current sudoers file to path.
836 init_parser(const char *path, bool quiet)
839 struct member *m, *binding;
841 struct privilege *priv;
843 struct sudo_command *c;
844 debug_decl(init_parser, SUDO_DEBUG_PARSER)
846 while ((us = tq_pop(&userspecs)) != NULL) {
847 while ((m = tq_pop(&us->users)) != NULL) {
851 while ((priv = tq_pop(&us->privileges)) != NULL) {
852 struct member *runasuser = NULL, *runasgroup = NULL;
854 char *role = NULL, *type = NULL;
855 #endif /* HAVE_SELINUX */
857 char *privs = NULL, *limitprivs = NULL;
858 #endif /* HAVE_PRIV_SET */
860 while ((m = tq_pop(&priv->hostlist)) != NULL) {
864 while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
866 /* Only free the first instance of a role/type. */
867 if (cs->role != role) {
871 if (cs->type != type) {
875 #endif /* HAVE_SELINUX */
877 /* Only free the first instance of privs/limitprivs. */
878 if (cs->privs != privs) {
882 if (cs->limitprivs != limitprivs) {
883 limitprivs = cs->limitprivs;
884 efree(cs->limitprivs);
886 #endif /* HAVE_PRIV_SET */
887 if (tq_last(&cs->runasuserlist) != runasuser) {
888 runasuser = tq_last(&cs->runasuserlist);
889 while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
894 if (tq_last(&cs->runasgrouplist) != runasgroup) {
895 runasgroup = tq_last(&cs->runasgrouplist);
896 while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
901 if (cs->cmnd->type == COMMAND) {
902 c = (struct sudo_command *) cs->cmnd->name;
906 efree(cs->cmnd->name);
917 while ((d = tq_pop(&defaults)) != NULL) {
918 if (tq_last(&d->binding) != binding) {
919 binding = tq_last(&d->binding);
920 while ((m = tq_pop(&d->binding)) != NULL) {
921 if (m->type == COMMAND) {
922 c = (struct sudo_command *) m->name;
941 sudoers = path ? estrdup(path) : NULL;
946 sudoers_warnings = !quiet;
951 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
952 #if defined(__cplusplus) || defined(__STDC__)
953 static int yygrowstack(void)
955 static int yygrowstack()
962 newsize = yystacksize ? yystacksize : YYINITSTACKSIZE;
963 if (newsize >= YYMAXDEPTH)
965 else if ((newsize *= 2) > YYMAXDEPTH)
966 newsize = YYMAXDEPTH;
968 #define YY_SIZE_MAX SIZE_MAX
970 #define YY_SIZE_MAX 0x7fffffff
972 if (YY_SIZE_MAX / newsize < sizeof *newss)
975 newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
976 (short *)malloc(newsize * sizeof *newss); /* overflow check above */
981 newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
982 (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
987 yystacksize = newsize;
988 yysslim = yyss + newsize - 1;
1001 #define YYABORT goto yyabort
1002 #define YYREJECT goto yyabort
1003 #define YYACCEPT goto yyaccept
1004 #define YYERROR goto yyerrlab
1006 #if defined(__cplusplus) || defined(__STDC__)
1012 int yym, yyn, yystate;
1014 #if defined(__cplusplus) || defined(__STDC__)
1016 #else /* !(defined(__cplusplus) || defined(__STDC__)) */
1018 #endif /* !(defined(__cplusplus) || defined(__STDC__)) */
1020 if ((yys = getenv("YYDEBUG")))
1023 if (yyn >= '0' && yyn <= '9')
1024 yydebug = yyn - '0';
1026 #endif /* YYDEBUG */
1032 if (yyss == NULL && yygrowstack()) goto yyoverflow;
1035 *yyssp = yystate = 0;
1038 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
1041 if ((yychar = yylex()) < 0) yychar = 0;
1046 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1047 if (!yys) yys = "illegal-symbol";
1048 printf("%sdebug: state %d, reading %d (%s)\n",
1049 YYPREFIX, yystate, yychar, yys);
1053 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
1054 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
1058 printf("%sdebug: state %d, shifting to state %d\n",
1059 YYPREFIX, yystate, yytable[yyn]);
1061 if (yyssp >= yysslim && yygrowstack())
1065 *++yyssp = yystate = yytable[yyn];
1068 if (yyerrflag > 0) --yyerrflag;
1071 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
1072 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
1077 if (yyerrflag) goto yyinrecovery;
1078 #if defined(lint) || defined(__GNUC__)
1082 yyerror("syntax error");
1083 #if defined(lint) || defined(__GNUC__)
1094 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
1095 yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
1099 printf("%sdebug: state %d, error recovery shifting\
1100 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
1102 if (yyssp >= yysslim && yygrowstack())
1106 *++yyssp = yystate = yytable[yyn];
1114 printf("%sdebug: error recovery discarding state %d\n",
1117 if (yyssp <= yyss) goto yyabort;
1125 if (yychar == 0) goto yyabort;
1130 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1131 if (!yys) yys = "illegal-symbol";
1132 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1133 YYPREFIX, yystate, yychar, yys);
1142 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1143 YYPREFIX, yystate, yyn, yyrule[yyn]);
1147 yyval = yyvsp[1-yym];
1149 memset(&yyval, 0, sizeof yyval);
1171 add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
1201 add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
1207 add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
1213 add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
1219 add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
1225 add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
1231 list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
1232 yyval.defaults = yyvsp[-2].defaults;
1238 yyval.defaults = new_default(yyvsp[0].string, NULL, true);
1244 yyval.defaults = new_default(yyvsp[0].string, NULL, false);
1250 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
1256 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
1262 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
1268 list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
1269 yyval.privilege = yyvsp[-2].privilege;
1275 struct privilege *p = ecalloc(1, sizeof(*p));
1276 list2tq(&p->hostlist, yyvsp[-2].member);
1277 list2tq(&p->cmndlist, yyvsp[0].cmndspec);
1279 /* p->next = NULL; */
1280 yyval.privilege = p;
1286 yyval.member = yyvsp[0].member;
1287 yyval.member->negated = false;
1293 yyval.member = yyvsp[0].member;
1294 yyval.member->negated = true;
1300 yyval.member = new_member(yyvsp[0].string, ALIAS);
1306 yyval.member = new_member(NULL, ALL);
1312 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1318 yyval.member = new_member(yyvsp[0].string, NTWKADDR);
1324 yyval.member = new_member(yyvsp[0].string, WORD);
1330 list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
1332 /* propagate role and type */
1333 if (yyvsp[0].cmndspec->role == NULL)
1334 yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
1335 if (yyvsp[0].cmndspec->type == NULL)
1336 yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
1337 #endif /* HAVE_SELINUX */
1338 #ifdef HAVE_PRIV_SET
1339 /* propagate privs & limitprivs */
1340 if (yyvsp[0].cmndspec->privs == NULL)
1341 yyvsp[0].cmndspec->privs = yyvsp[0].cmndspec->prev->privs;
1342 if (yyvsp[0].cmndspec->limitprivs == NULL)
1343 yyvsp[0].cmndspec->limitprivs = yyvsp[0].cmndspec->prev->limitprivs;
1344 #endif /* HAVE_PRIV_SET */
1345 /* propagate tags and runas list */
1346 if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
1347 yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
1348 if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
1349 yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
1350 if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
1351 yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
1352 yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
1353 if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
1354 yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
1355 if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
1356 yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
1357 if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
1358 tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
1359 (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
1360 !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
1361 yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
1362 yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
1364 yyval.cmndspec = yyvsp[-2].cmndspec;
1370 struct cmndspec *cs = ecalloc(1, sizeof(*cs));
1371 if (yyvsp[-4].runas != NULL) {
1372 list2tq(&cs->runasuserlist, yyvsp[-4].runas->runasusers);
1373 list2tq(&cs->runasgrouplist, yyvsp[-4].runas->runasgroups);
1374 efree(yyvsp[-4].runas);
1376 tq_init(&cs->runasuserlist);
1377 tq_init(&cs->runasgrouplist);
1380 cs->role = yyvsp[-3].seinfo.role;
1381 cs->type = yyvsp[-3].seinfo.type;
1383 #ifdef HAVE_PRIV_SET
1384 cs->privs = yyvsp[-2].privinfo.privs;
1385 cs->limitprivs = yyvsp[-2].privinfo.limitprivs;
1387 cs->tags = yyvsp[-1].tag;
1388 cs->cmnd = yyvsp[0].member;
1391 /* sudo "ALL" implies the SETENV tag */
1392 if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
1393 cs->tags.setenv == UNSPEC)
1394 cs->tags.setenv = IMPLIED;
1395 yyval.cmndspec = cs;
1401 yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string);
1407 yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string);
1413 yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string);
1419 yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string);
1425 yyval.member = yyvsp[0].member;
1432 struct sudo_command *c = (struct sudo_command *)(yyvsp[0].member->name);
1433 c->digest = yyvsp[-1].digest;
1434 yyval.member = yyvsp[0].member;
1440 yyval.member = yyvsp[0].member;
1441 yyval.member->negated = false;
1447 yyval.member = yyvsp[0].member;
1448 yyval.member->negated = true;
1454 yyval.string = yyvsp[0].string;
1460 yyval.string = yyvsp[0].string;
1466 yyval.seinfo.role = NULL;
1467 yyval.seinfo.type = NULL;
1473 yyval.seinfo.role = yyvsp[0].string;
1474 yyval.seinfo.type = NULL;
1480 yyval.seinfo.type = yyvsp[0].string;
1481 yyval.seinfo.role = NULL;
1487 yyval.seinfo.role = yyvsp[-1].string;
1488 yyval.seinfo.type = yyvsp[0].string;
1494 yyval.seinfo.type = yyvsp[-1].string;
1495 yyval.seinfo.role = yyvsp[0].string;
1501 yyval.string = yyvsp[0].string;
1507 yyval.string = yyvsp[0].string;
1513 yyval.privinfo.privs = NULL;
1514 yyval.privinfo.limitprivs = NULL;
1520 yyval.privinfo.privs = yyvsp[0].string;
1521 yyval.privinfo.limitprivs = NULL;
1527 yyval.privinfo.privs = NULL;
1528 yyval.privinfo.limitprivs = yyvsp[0].string;
1534 yyval.privinfo.privs = yyvsp[-1].string;
1535 yyval.privinfo.limitprivs = yyvsp[0].string;
1541 yyval.privinfo.limitprivs = yyvsp[-1].string;
1542 yyval.privinfo.privs = yyvsp[0].string;
1554 yyval.runas = yyvsp[-1].runas;
1560 yyval.runas = ecalloc(1, sizeof(struct runascontainer));
1561 yyval.runas->runasusers = new_member(NULL, MYSELF);
1562 /* $$->runasgroups = NULL; */
1568 yyval.runas = ecalloc(1, sizeof(struct runascontainer));
1569 yyval.runas->runasusers = yyvsp[0].member;
1570 /* $$->runasgroups = NULL; */
1576 yyval.runas = ecalloc(1, sizeof(struct runascontainer));
1577 yyval.runas->runasusers = yyvsp[-2].member;
1578 yyval.runas->runasgroups = yyvsp[0].member;
1584 yyval.runas = ecalloc(1, sizeof(struct runascontainer));
1585 /* $$->runasusers = NULL; */
1586 yyval.runas->runasgroups = yyvsp[0].member;
1592 yyval.runas = ecalloc(1, sizeof(struct runascontainer));
1593 yyval.runas->runasusers = new_member(NULL, MYSELF);
1594 /* $$->runasgroups = NULL; */
1600 yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
1601 yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
1607 yyval.tag.nopasswd = true;
1613 yyval.tag.nopasswd = false;
1619 yyval.tag.noexec = true;
1625 yyval.tag.noexec = false;
1631 yyval.tag.setenv = true;
1637 yyval.tag.setenv = false;
1643 yyval.tag.log_input = true;
1649 yyval.tag.log_input = false;
1655 yyval.tag.log_output = true;
1661 yyval.tag.log_output = false;
1667 yyval.member = new_member(NULL, ALL);
1673 yyval.member = new_member(yyvsp[0].string, ALIAS);
1679 struct sudo_command *c = ecalloc(1, sizeof(*c));
1680 c->cmnd = yyvsp[0].command.cmnd;
1681 c->args = yyvsp[0].command.args;
1682 yyval.member = new_member((char *)c, COMMAND);
1689 if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
1698 list_append(yyvsp[-2].member, yyvsp[0].member);
1699 yyval.member = yyvsp[-2].member;
1706 if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
1715 list_append(yyvsp[-2].member, yyvsp[0].member);
1716 yyval.member = yyvsp[-2].member;
1723 if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
1733 if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
1742 list_append(yyvsp[-2].member, yyvsp[0].member);
1743 yyval.member = yyvsp[-2].member;
1749 yyval.member = yyvsp[0].member;
1750 yyval.member->negated = false;
1756 yyval.member = yyvsp[0].member;
1757 yyval.member->negated = true;
1763 yyval.member = new_member(yyvsp[0].string, ALIAS);
1769 yyval.member = new_member(NULL, ALL);
1775 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1781 yyval.member = new_member(yyvsp[0].string, USERGROUP);
1787 yyval.member = new_member(yyvsp[0].string, WORD);
1793 list_append(yyvsp[-2].member, yyvsp[0].member);
1794 yyval.member = yyvsp[-2].member;
1800 yyval.member = yyvsp[0].member;
1801 yyval.member->negated = false;
1807 yyval.member = yyvsp[0].member;
1808 yyval.member->negated = true;
1814 yyval.member = new_member(yyvsp[0].string, ALIAS);
1820 yyval.member = new_member(NULL, ALL);
1826 yyval.member = new_member(yyvsp[0].string, WORD);
1835 if (yystate == 0 && yym == 0)
1839 printf("%sdebug: after reduction, shifting from state 0 to\
1840 state %d\n", YYPREFIX, YYFINAL);
1847 if ((yychar = yylex()) < 0) yychar = 0;
1852 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1853 if (!yys) yys = "illegal-symbol";
1854 printf("%sdebug: state %d, reading %d (%s)\n",
1855 YYPREFIX, YYFINAL, yychar, yys);
1859 if (yychar == 0) goto yyaccept;
1862 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1863 yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
1864 yystate = yytable[yyn];
1866 yystate = yydgoto[yym];
1869 printf("%sdebug: after reduction, shifting from state %d \
1870 to state %d\n", YYPREFIX, *yyssp, yystate);
1872 if (yyssp >= yysslim && yygrowstack())
1880 yyerror("yacc stack overflow");
1886 yyss = yyssp = NULL;
1887 yyvs = yyvsp = NULL;
1895 yyss = yyssp = NULL;
1896 yyvs = yyvsp = NULL;