9 #define yyclearin (yychar=(YYEMPTY))
10 #define yyerrok (yyerrflag=0)
11 #define YYRECOVERING() (yyerrflag!=0)
15 * Copyright (c) 1996, 1998-2005, 2007-2011
16 * Todd C. Miller <Todd.Miller@courtesan.com>
18 * Permission to use, copy, modify, and distribute this software for any
19 * purpose with or without fee is hereby granted, provided that the above
20 * copyright notice and this permission notice appear in all copies.
22 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
23 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
25 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
27 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
28 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
30 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Sponsored in part by the Defense Advanced Research Projects
33 * Agency (DARPA) and Air Force Research Laboratory, Air Force
34 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
39 #include <sys/types.h>
40 #include <sys/param.h>
49 #endif /* STDC_HEADERS */
52 #endif /* HAVE_STRING_H */
55 #endif /* HAVE_STRINGS_H */
58 #endif /* HAVE_UNISTD_H */
59 #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
61 #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
64 #include "sudoers.h" /* XXX */
69 * We must define SIZE_MAX for yacc's skeleton.c.
70 * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
71 * could be signed (as it is on SunOS 4.x).
75 # define SIZE_MAX SIZE_T_MAX
77 # define SIZE_MAX INT_MAX
78 # endif /* SIZE_T_MAX */
84 extern int sudolineno;
86 static int verbose = FALSE;
87 int parse_error = FALSE;
90 char *errorfile = NULL;
92 struct defaults_list defaults;
93 struct userspec_list userspecs;
98 static void add_defaults(int, struct member *, struct defaults *);
99 static void add_userspec(struct member *, struct privilege *);
100 static struct defaults *new_default(char *, char *, int);
101 static struct member *new_member(char *, int);
102 void yyerror(const char *);
105 yyerror(const char *s)
107 /* Save the line the first error occurred on. */
108 if (errorlineno == -1) {
109 errorlineno = sudolineno ? sudolineno - 1 : 0;
110 errorfile = estrdup(sudoers);
112 if (trace_print != NULL) {
114 } else if (verbose && s != NULL) {
115 warningx(_(">>> %s: %s near line %d <<<"), sudoers, s,
116 sudolineno ? sudolineno - 1 : 0);
121 #ifndef YYSTYPE_DEFINED
122 #define YYSTYPE_DEFINED
124 struct cmndspec *cmndspec;
125 struct defaults *defaults;
126 struct member *member;
127 struct runascontainer *runas;
128 struct privilege *privilege;
129 struct sudo_command command;
131 struct selinux_info seinfo;
135 #endif /* YYSTYPE_DEFINED */
142 #define USERGROUP 262
145 #define DEFAULTS_HOST 265
146 #define DEFAULTS_USER 266
147 #define DEFAULTS_RUNAS 267
148 #define DEFAULTS_CMND 268
155 #define LOG_INPUT 275
156 #define NOLOG_INPUT 276
157 #define LOG_OUTPUT 277
158 #define NOLOG_OUTPUT 278
161 #define HOSTALIAS 281
162 #define CMNDALIAS 282
163 #define USERALIAS 283
164 #define RUNASALIAS 284
168 #define YYERRCODE 256
169 #if defined(__cplusplus) || defined(__STDC__)
170 const short yylhs[] =
175 0, 0, 25, 25, 26, 26, 26, 26, 26, 26,
176 26, 26, 26, 26, 26, 26, 4, 4, 3, 3,
177 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
178 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
179 22, 22, 22, 22, 22, 17, 17, 18, 18, 18,
180 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
181 21, 5, 5, 5, 28, 28, 31, 9, 9, 29,
182 29, 32, 7, 7, 30, 30, 33, 27, 27, 34,
183 13, 13, 11, 11, 12, 12, 12, 12, 12, 16,
184 16, 14, 14, 15, 15, 15,
186 #if defined(__cplusplus) || defined(__STDC__)
187 const short yylen[] =
192 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
193 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
194 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
195 1, 1, 1, 1, 3, 4, 1, 2, 3, 3,
196 0, 1, 1, 2, 2, 0, 3, 1, 3, 2,
197 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
198 2, 1, 1, 1, 1, 3, 3, 1, 3, 1,
199 3, 3, 1, 3, 1, 3, 3, 1, 3, 3,
200 1, 3, 1, 2, 1, 1, 1, 1, 1, 1,
203 #if defined(__cplusplus) || defined(__STDC__)
204 const short yydefred[] =
209 0, 85, 87, 88, 89, 0, 0, 0, 0, 0,
210 86, 5, 0, 0, 0, 0, 0, 0, 81, 83,
211 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
212 31, 33, 30, 0, 27, 0, 68, 0, 0, 64,
213 63, 62, 0, 37, 73, 0, 0, 0, 65, 0,
214 0, 70, 0, 0, 78, 0, 0, 75, 84, 0,
215 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
216 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
217 0, 0, 0, 0, 0, 82, 0, 0, 21, 22,
218 23, 18, 69, 74, 0, 66, 0, 71, 0, 79,
219 0, 76, 0, 34, 0, 0, 25, 0, 0, 0,
220 0, 0, 0, 51, 0, 0, 94, 96, 95, 0,
221 90, 92, 0, 0, 47, 35, 0, 0, 0, 44,
222 45, 93, 0, 0, 40, 39, 52, 53, 54, 55,
223 56, 57, 58, 59, 60, 61, 36, 91,
225 #if defined(__cplusplus) || defined(__STDC__)
226 const short yydgoto[] =
231 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
232 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
233 129, 114, 115, 116, 22, 23, 54, 48, 51, 57,
236 #if defined(__cplusplus) || defined(__STDC__)
237 const short yysindex[] =
242 -270, 0, 0, 0, 0, -29, 567, 594, 594, -2,
243 0, 0, -240, -222, -216, -212, -241, 0, 0, 0,
244 -25, 475, 0, 0, -10, -207, 0, 9, 0, 0,
245 0, 0, 0, -235, 0, -33, 0, -31, -31, 0,
246 0, 0, -242, 0, 0, -30, -7, 3, 0, -6,
247 4, 0, -5, 6, 0, -1, 8, 0, 0, 594,
248 -20, 0, 10, 0, -205, -196, -194, 0, -29, 0,
249 567, 9, 9, 9, 0, -2, 9, 567, -240, -2,
250 -222, 594, -216, 594, -212, 0, 31, 567, 0, 0,
251 0, 0, 0, 0, 26, 0, 28, 0, 29, 0,
252 29, 0, 541, 0, 32, -247, 0, 86, -15, 33,
253 31, 14, 16, 0, -208, -204, 0, 0, 0, -231,
254 0, 0, 38, 86, 0, 0, -179, -178, 491, 0,
255 0, 0, 86, 38, 0, 0, 0, 0, 0, 0,
256 0, 0, 0, 0, 0, 0, 0, 0,};
257 #if defined(__cplusplus) || defined(__STDC__)
258 const short yyrindex[] =
263 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
264 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
265 0, 90, 0, 0, 1, 0, 0, 177, 0, 0,
266 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
267 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
268 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
269 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
270 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
271 0, 0, 0, 0, 0, 0, -26, 0, 0, 0,
272 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
273 118, 0, 0, 0, 148, 514, 0, 0, 45, 0,
274 -26, 0, 0, 0, 537, 565, 0, 0, 0, 0,
275 0, 0, 50, 0, 0, 0, 0, 0, 0, 0,
276 0, 0, 0, 52, 0, 0, 0, 0, 0, 0,
277 0, 0, 0, 0, 0, 0, 0, 0,};
278 #if defined(__cplusplus) || defined(__STDC__)
279 const short yygindex[] =
284 -17, 0, 27, 11, 54, -64, 15, 64, 2, 34,
285 39, 84, -3, -27, -18, -21, 0, 0, 19, 0,
286 0, 0, -12, -4, 0, 88, 0, 0, 0, 0,
289 #define YYTABLESIZE 873
290 #if defined(__cplusplus) || defined(__STDC__)
291 const short yytable[] =
296 19, 26, 26, 26, 38, 39, 46, 34, 36, 24,
297 71, 94, 60, 76, 40, 41, 2, 47, 60, 3,
298 4, 5, 29, 71, 30, 31, 117, 32, 60, 67,
299 43, 118, 66, 19, 67, 50, 42, 11, 112, 113,
300 87, 53, 124, 33, 19, 56, 72, 119, 73, 74,
301 65, 68, 69, 78, 80, 82, 77, 89, 72, 84,
302 79, 81, 67, 83, 147, 85, 90, 88, 91, 71,
303 103, 76, 60, 125, 127, 111, 128, 112, 99, 95,
304 101, 133, 113, 135, 136, 48, 1, 67, 80, 2,
305 50, 72, 49, 126, 97, 92, 75, 70, 86, 109,
306 59, 132, 134, 131, 93, 148, 107, 102, 0, 64,
307 130, 0, 0, 96, 0, 0, 72, 77, 120, 100,
308 98, 80, 0, 0, 0, 0, 0, 0, 0, 0,
309 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 80, 26, 0, 0,
311 77, 0, 0, 0, 0, 0, 0, 0, 0, 0,
312 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
313 0, 0, 0, 0, 0, 77, 12, 0, 0, 0,
314 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
315 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
316 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
317 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
318 0, 0, 0, 0, 0, 25, 0, 25, 25, 25,
319 46, 46, 29, 0, 30, 31, 10, 32, 0, 9,
320 0, 0, 46, 46, 46, 46, 46, 46, 46, 46,
321 46, 46, 46, 33, 40, 41, 19, 0, 19, 46,
322 46, 19, 19, 19, 19, 19, 19, 19, 19, 10,
323 8, 0, 0, 0, 0, 0, 42, 0, 0, 19,
324 19, 19, 19, 19, 19, 67, 0, 67, 0, 0,
325 67, 67, 67, 67, 67, 67, 67, 67, 0, 11,
326 0, 0, 0, 8, 0, 0, 0, 0, 67, 67,
327 67, 67, 67, 67, 72, 0, 72, 0, 0, 72,
328 72, 72, 72, 72, 72, 72, 72, 0, 7, 0,
329 0, 0, 11, 0, 0, 0, 0, 72, 72, 72,
330 72, 72, 72, 117, 80, 0, 80, 0, 118, 80,
331 80, 80, 80, 80, 80, 80, 80, 15, 0, 0,
332 0, 7, 0, 0, 119, 0, 0, 80, 80, 80,
333 80, 80, 80, 77, 0, 77, 0, 0, 77, 77,
334 77, 77, 77, 77, 77, 77, 13, 0, 0, 0,
335 15, 0, 0, 0, 0, 0, 77, 77, 77, 77,
336 77, 77, 0, 26, 0, 26, 0, 0, 26, 26,
337 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
338 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
339 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
340 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
341 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
342 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
343 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
344 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
345 9, 0, 10, 0, 10, 0, 0, 10, 10, 10,
346 10, 10, 10, 10, 10, 0, 0, 17, 0, 0,
347 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
348 10, 0, 0, 43, 0, 0, 8, 0, 8, 0,
349 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
350 0, 0, 0, 0, 0, 0, 41, 0, 0, 8,
351 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
352 11, 11, 11, 11, 11, 11, 11, 11, 0, 42,
353 0, 0, 0, 17, 0, 0, 0, 0, 11, 11,
354 11, 11, 11, 11, 7, 0, 7, 0, 0, 7,
355 7, 7, 7, 7, 7, 7, 7, 43, 108, 34,
356 0, 0, 0, 0, 0, 0, 0, 7, 7, 7,
357 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
358 15, 15, 15, 15, 15, 15, 17, 0, 0, 0,
359 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
360 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
361 13, 13, 13, 13, 13, 0, 0, 0, 0, 0,
362 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
363 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
364 14, 14, 14, 14, 14, 0, 0, 0, 0, 0,
365 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
366 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
367 16, 16, 16, 16, 0, 0, 0, 0, 0, 0,
368 0, 0, 0, 0, 16, 16, 16, 16, 16, 16,
369 1, 0, 2, 0, 0, 3, 4, 5, 6, 7,
370 8, 9, 10, 0, 0, 0, 0, 40, 41, 0,
371 0, 0, 0, 11, 12, 13, 14, 15, 16, 137,
372 138, 139, 140, 141, 142, 143, 144, 145, 146, 42,
373 41, 41, 0, 0, 0, 0, 0, 0, 0, 0,
374 0, 0, 41, 41, 41, 41, 41, 41, 41, 41,
375 41, 41, 41, 42, 42, 0, 0, 0, 2, 0,
376 0, 3, 4, 5, 0, 42, 42, 42, 42, 42,
377 42, 42, 42, 42, 42, 42, 0, 0, 0, 11,
378 0, 43, 43, 0, 29, 0, 30, 31, 0, 32,
379 0, 0, 0, 43, 43, 43, 43, 43, 43, 43,
380 43, 43, 43, 43, 0, 33, 0, 0, 0, 0,
381 0, 2, 0, 0, 3, 4, 5, 0, 0, 0,
382 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
385 #if defined(__cplusplus) || defined(__STDC__)
386 const short yycheck[] =
391 0, 33, 33, 33, 8, 9, 33, 33, 7, 280,
392 44, 76, 44, 44, 257, 258, 258, 258, 44, 261,
393 262, 263, 258, 44, 260, 261, 258, 263, 44, 0,
394 33, 263, 43, 33, 45, 258, 279, 279, 286, 287,
395 61, 258, 58, 279, 44, 258, 36, 279, 38, 39,
396 61, 259, 44, 61, 61, 61, 46, 263, 0, 61,
397 58, 58, 33, 58, 129, 58, 263, 58, 263, 44,
398 40, 44, 44, 41, 61, 44, 61, 286, 82, 78,
399 84, 44, 287, 263, 263, 41, 0, 58, 0, 0,
400 41, 33, 41, 111, 80, 69, 43, 34, 60, 103,
401 17, 120, 124, 116, 71, 133, 88, 85, -1, 22,
402 115, -1, -1, 79, -1, -1, 58, 0, 33, 83,
403 81, 33, -1, -1, -1, -1, -1, -1, -1, -1,
404 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
405 -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
406 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
407 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
408 -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
409 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
410 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
411 -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
412 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
413 -1, -1, -1, -1, -1, 259, -1, 259, 259, 259,
414 257, 258, 258, -1, 260, 261, 0, 263, -1, 33,
415 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
416 277, 278, 279, 279, 257, 258, 256, -1, 258, 286,
417 287, 261, 262, 263, 264, 265, 266, 267, 268, 33,
418 0, -1, -1, -1, -1, -1, 279, -1, -1, 279,
419 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
420 261, 262, 263, 264, 265, 266, 267, 268, -1, 0,
421 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
422 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
423 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
424 -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
425 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
426 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
427 -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
428 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
429 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
430 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
431 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
432 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
433 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
434 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
435 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
436 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
437 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
438 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
439 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
440 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
441 264, 265, 266, 267, 268, -1, -1, 33, -1, -1,
442 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
443 284, -1, -1, 33, -1, -1, 256, -1, 258, -1,
444 -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
445 -1, -1, -1, -1, -1, -1, 33, -1, -1, 279,
446 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
447 261, 262, 263, 264, 265, 266, 267, 268, -1, 33,
448 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
449 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
450 262, 263, 264, 265, 266, 267, 268, 33, 58, 33,
451 -1, -1, -1, -1, -1, -1, -1, 279, 280, 281,
452 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
453 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
454 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
455 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
456 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
457 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
458 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
459 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
460 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
461 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
462 265, 266, 267, 268, -1, -1, -1, -1, -1, -1,
463 -1, -1, -1, -1, 279, 280, 281, 282, 283, 284,
464 256, -1, 258, -1, -1, 261, 262, 263, 264, 265,
465 266, 267, 268, -1, -1, -1, -1, 257, 258, -1,
466 -1, -1, -1, 279, 280, 281, 282, 283, 284, 269,
467 270, 271, 272, 273, 274, 275, 276, 277, 278, 279,
468 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
469 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
470 277, 278, 279, 257, 258, -1, -1, -1, 258, -1,
471 -1, 261, 262, 263, -1, 269, 270, 271, 272, 273,
472 274, 275, 276, 277, 278, 279, -1, -1, -1, 279,
473 -1, 257, 258, -1, 258, -1, 260, 261, -1, 263,
474 -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
475 276, 277, 278, 279, -1, 279, -1, -1, -1, -1,
476 -1, 258, -1, -1, 261, 262, 263, -1, -1, -1,
477 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
484 #define YYMAXTOKEN 287
486 #if defined(__cplusplus) || defined(__STDC__)
487 const char * const yyname[] =
492 "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
493 "'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
494 0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
495 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
496 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
497 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
498 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
499 "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
500 "DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
501 "PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
502 "LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
503 "RUNASALIAS","ERROR","TYPE","ROLE",
505 #if defined(__cplusplus) || defined(__STDC__)
506 const char * const yyrule[] =
516 "entry : error COMMENT",
517 "entry : userlist privileges",
518 "entry : USERALIAS useraliases",
519 "entry : HOSTALIAS hostaliases",
520 "entry : CMNDALIAS cmndaliases",
521 "entry : RUNASALIAS runasaliases",
522 "entry : DEFAULTS defaults_list",
523 "entry : DEFAULTS_USER userlist defaults_list",
524 "entry : DEFAULTS_RUNAS userlist defaults_list",
525 "entry : DEFAULTS_HOST hostlist defaults_list",
526 "entry : DEFAULTS_CMND cmndlist defaults_list",
527 "defaults_list : defaults_entry",
528 "defaults_list : defaults_list ',' defaults_entry",
529 "defaults_entry : DEFVAR",
530 "defaults_entry : '!' DEFVAR",
531 "defaults_entry : DEFVAR '=' WORD",
532 "defaults_entry : DEFVAR '+' WORD",
533 "defaults_entry : DEFVAR '-' WORD",
534 "privileges : privilege",
535 "privileges : privileges ':' privilege",
536 "privilege : hostlist '=' cmndspeclist",
544 "cmndspeclist : cmndspec",
545 "cmndspeclist : cmndspeclist ',' cmndspec",
546 "cmndspec : runasspec selinux cmndtag opcmnd",
549 "rolespec : ROLE '=' WORD",
550 "typespec : TYPE '=' WORD",
552 "selinux : rolespec",
553 "selinux : typespec",
554 "selinux : rolespec typespec",
555 "selinux : typespec rolespec",
557 "runasspec : '(' runaslist ')'",
558 "runaslist : userlist",
559 "runaslist : userlist ':' grouplist",
560 "runaslist : ':' grouplist",
562 "cmndtag : cmndtag NOPASSWD",
563 "cmndtag : cmndtag PASSWD",
564 "cmndtag : cmndtag NOEXEC",
565 "cmndtag : cmndtag EXEC",
566 "cmndtag : cmndtag SETENV",
567 "cmndtag : cmndtag NOSETENV",
568 "cmndtag : cmndtag LOG_INPUT",
569 "cmndtag : cmndtag NOLOG_INPUT",
570 "cmndtag : cmndtag LOG_OUTPUT",
571 "cmndtag : cmndtag NOLOG_OUTPUT",
575 "hostaliases : hostalias",
576 "hostaliases : hostaliases ':' hostalias",
577 "hostalias : ALIAS '=' hostlist",
579 "hostlist : hostlist ',' ophost",
580 "cmndaliases : cmndalias",
581 "cmndaliases : cmndaliases ':' cmndalias",
582 "cmndalias : ALIAS '=' cmndlist",
584 "cmndlist : cmndlist ',' opcmnd",
585 "runasaliases : runasalias",
586 "runasaliases : runasaliases ':' runasalias",
587 "runasalias : ALIAS '=' userlist",
588 "useraliases : useralias",
589 "useraliases : useraliases ':' useralias",
590 "useralias : ALIAS '=' userlist",
592 "userlist : userlist ',' opuser",
600 "grouplist : opgroup",
601 "grouplist : grouplist ',' opgroup",
603 "opgroup : '!' group",
611 #define YYMAXDEPTH YYSTACKSIZE
614 #define YYSTACKSIZE YYMAXDEPTH
616 #define YYSTACKSIZE 10000
617 #define YYMAXDEPTH 10000
620 #define YYINITSTACKSIZE 200
635 static struct defaults *
636 new_default(char *var, char *val, int op)
640 d = emalloc(sizeof(struct defaults));
643 tq_init(&d->binding);
652 static struct member *
653 new_member(char *name, int type)
657 m = emalloc(sizeof(struct member));
667 * Add a list of defaults structures to the defaults list.
668 * The binding, if non-NULL, specifies a list of hosts, users, or
669 * runas users the entries apply to (specified by the type).
672 add_defaults(int type, struct member *bmem, struct defaults *defs)
675 struct member_list binding;
678 * We can only call list2tq once on bmem as it will zero
679 * out the prev pointer when it consumes bmem.
681 list2tq(&binding, bmem);
684 * Set type and binding (who it applies to) for new entries.
686 for (d = defs; d != NULL; d = d->next) {
688 d->binding = binding;
690 tq_append(&defaults, defs);
694 * Allocate a new struct userspec, populate it, and insert it at the
695 * and of the userspecs list.
698 add_userspec(struct member *members, struct privilege *privs)
702 u = emalloc(sizeof(*u));
703 list2tq(&u->users, members);
704 list2tq(&u->privileges, privs);
707 tq_append(&userspecs, u);
711 * Free up space used by data structures from a previous parser run and sets
712 * the current sudoers file to path.
715 init_parser(const char *path, int quiet)
718 struct member *m, *binding;
720 struct privilege *priv;
722 struct sudo_command *c;
724 while ((us = tq_pop(&userspecs)) != NULL) {
725 while ((m = tq_pop(&us->users)) != NULL) {
729 while ((priv = tq_pop(&us->privileges)) != NULL) {
730 struct member *runasuser = NULL, *runasgroup = NULL;
732 char *role = NULL, *type = NULL;
733 #endif /* HAVE_SELINUX */
735 while ((m = tq_pop(&priv->hostlist)) != NULL) {
739 while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
741 /* Only free the first instance of a role/type. */
742 if (cs->role != role) {
746 if (cs->type != type) {
750 #endif /* HAVE_SELINUX */
751 if (tq_last(&cs->runasuserlist) != runasuser) {
752 runasuser = tq_last(&cs->runasuserlist);
753 while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
758 if (tq_last(&cs->runasgrouplist) != runasgroup) {
759 runasgroup = tq_last(&cs->runasgrouplist);
760 while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
765 if (cs->cmnd->type == COMMAND) {
766 c = (struct sudo_command *) cs->cmnd->name;
770 efree(cs->cmnd->name);
781 while ((d = tq_pop(&defaults)) != NULL) {
782 if (tq_last(&d->binding) != binding) {
783 binding = tq_last(&d->binding);
784 while ((m = tq_pop(&d->binding)) != NULL) {
785 if (m->type == COMMAND) {
786 c = (struct sudo_command *) m->name;
805 sudoers = path ? estrdup(path) : NULL;
813 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
814 #if defined(__cplusplus) || defined(__STDC__)
815 static int yygrowstack(void)
817 static int yygrowstack()
824 if ((newsize = yystacksize) == 0)
825 newsize = YYINITSTACKSIZE;
826 else if (newsize >= YYMAXDEPTH)
828 else if ((newsize *= 2) > YYMAXDEPTH)
829 newsize = YYMAXDEPTH;
832 #define YY_SIZE_MAX SIZE_MAX
834 #define YY_SIZE_MAX 0x7fffffff
836 if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
838 newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
839 (short *)malloc(newsize * sizeof *newss); /* overflow check above */
844 if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
846 newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
847 (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
852 yystacksize = newsize;
853 yysslim = yyss + newsize - 1;
866 #define YYABORT goto yyabort
867 #define YYREJECT goto yyabort
868 #define YYACCEPT goto yyaccept
869 #define YYERROR goto yyerrlab
871 #if defined(__cplusplus) || defined(__STDC__)
877 int yym, yyn, yystate;
879 #if defined(__cplusplus) || defined(__STDC__)
881 #else /* !(defined(__cplusplus) || defined(__STDC__)) */
883 #endif /* !(defined(__cplusplus) || defined(__STDC__)) */
885 if ((yys = getenv("YYDEBUG")))
888 if (yyn >= '0' && yyn <= '9')
897 if (yyss == NULL && yygrowstack()) goto yyoverflow;
900 *yyssp = yystate = 0;
903 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
906 if ((yychar = yylex()) < 0) yychar = 0;
911 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
912 if (!yys) yys = "illegal-symbol";
913 printf("%sdebug: state %d, reading %d (%s)\n",
914 YYPREFIX, yystate, yychar, yys);
918 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
919 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
923 printf("%sdebug: state %d, shifting to state %d\n",
924 YYPREFIX, yystate, yytable[yyn]);
926 if (yyssp >= yysslim && yygrowstack())
930 *++yyssp = yystate = yytable[yyn];
933 if (yyerrflag > 0) --yyerrflag;
936 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
937 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
942 if (yyerrflag) goto yyinrecovery;
943 #if defined(lint) || defined(__GNUC__)
947 yyerror("syntax error");
948 #if defined(lint) || defined(__GNUC__)
959 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
960 yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
964 printf("%sdebug: state %d, error recovery shifting\
965 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
967 if (yyssp >= yysslim && yygrowstack())
971 *++yyssp = yystate = yytable[yyn];
979 printf("%sdebug: error recovery discarding state %d\n",
982 if (yyssp <= yyss) goto yyabort;
990 if (yychar == 0) goto yyabort;
995 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
996 if (!yys) yys = "illegal-symbol";
997 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
998 YYPREFIX, yystate, yychar, yys);
1007 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1008 YYPREFIX, yystate, yyn, yyrule[yyn]);
1012 yyval = yyvsp[1-yym];
1014 memset(&yyval, 0, sizeof yyval);
1036 add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
1066 add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
1072 add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
1078 add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
1084 add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
1090 add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
1096 list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
1097 yyval.defaults = yyvsp[-2].defaults;
1103 yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
1109 yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
1115 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
1121 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
1127 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
1133 list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
1134 yyval.privilege = yyvsp[-2].privilege;
1140 struct privilege *p = emalloc(sizeof(*p));
1141 list2tq(&p->hostlist, yyvsp[-2].member);
1142 list2tq(&p->cmndlist, yyvsp[0].cmndspec);
1145 yyval.privilege = p;
1151 yyval.member = yyvsp[0].member;
1152 yyval.member->negated = FALSE;
1158 yyval.member = yyvsp[0].member;
1159 yyval.member->negated = TRUE;
1165 yyval.member = new_member(yyvsp[0].string, ALIAS);
1171 yyval.member = new_member(NULL, ALL);
1177 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1183 yyval.member = new_member(yyvsp[0].string, NTWKADDR);
1189 yyval.member = new_member(yyvsp[0].string, WORD);
1195 list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
1197 /* propagate role and type */
1198 if (yyvsp[0].cmndspec->role == NULL)
1199 yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
1200 if (yyvsp[0].cmndspec->type == NULL)
1201 yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
1202 #endif /* HAVE_SELINUX */
1203 /* propagate tags and runas list */
1204 if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
1205 yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
1206 if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
1207 yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
1208 if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
1209 yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
1210 yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
1211 if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
1212 yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
1213 if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
1214 yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
1215 if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
1216 tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
1217 (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
1218 !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
1219 yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
1220 yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
1222 yyval.cmndspec = yyvsp[-2].cmndspec;
1228 struct cmndspec *cs = emalloc(sizeof(*cs));
1229 if (yyvsp[-3].runas != NULL) {
1230 list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers);
1231 list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups);
1232 efree(yyvsp[-3].runas);
1234 tq_init(&cs->runasuserlist);
1235 tq_init(&cs->runasgrouplist);
1238 cs->role = yyvsp[-2].seinfo.role;
1239 cs->type = yyvsp[-2].seinfo.type;
1241 cs->tags = yyvsp[-1].tag;
1242 cs->cmnd = yyvsp[0].member;
1245 /* sudo "ALL" implies the SETENV tag */
1246 if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
1247 cs->tags.setenv == UNSPEC)
1248 cs->tags.setenv = IMPLIED;
1249 yyval.cmndspec = cs;
1255 yyval.member = yyvsp[0].member;
1256 yyval.member->negated = FALSE;
1262 yyval.member = yyvsp[0].member;
1263 yyval.member->negated = TRUE;
1269 yyval.string = yyvsp[0].string;
1275 yyval.string = yyvsp[0].string;
1281 yyval.seinfo.role = NULL;
1282 yyval.seinfo.type = NULL;
1288 yyval.seinfo.role = yyvsp[0].string;
1289 yyval.seinfo.type = NULL;
1295 yyval.seinfo.type = yyvsp[0].string;
1296 yyval.seinfo.role = NULL;
1302 yyval.seinfo.role = yyvsp[-1].string;
1303 yyval.seinfo.type = yyvsp[0].string;
1309 yyval.seinfo.type = yyvsp[-1].string;
1310 yyval.seinfo.role = yyvsp[0].string;
1322 yyval.runas = yyvsp[-1].runas;
1328 yyval.runas = emalloc(sizeof(struct runascontainer));
1329 yyval.runas->runasusers = yyvsp[0].member;
1330 yyval.runas->runasgroups = NULL;
1336 yyval.runas = emalloc(sizeof(struct runascontainer));
1337 yyval.runas->runasusers = yyvsp[-2].member;
1338 yyval.runas->runasgroups = yyvsp[0].member;
1344 yyval.runas = emalloc(sizeof(struct runascontainer));
1345 yyval.runas->runasusers = NULL;
1346 yyval.runas->runasgroups = yyvsp[0].member;
1352 yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
1353 yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
1359 yyval.tag.nopasswd = TRUE;
1365 yyval.tag.nopasswd = FALSE;
1371 yyval.tag.noexec = TRUE;
1377 yyval.tag.noexec = FALSE;
1383 yyval.tag.setenv = TRUE;
1389 yyval.tag.setenv = FALSE;
1395 yyval.tag.log_input = TRUE;
1401 yyval.tag.log_input = FALSE;
1407 yyval.tag.log_output = TRUE;
1413 yyval.tag.log_output = FALSE;
1419 yyval.member = new_member(NULL, ALL);
1425 yyval.member = new_member(yyvsp[0].string, ALIAS);
1431 struct sudo_command *c = emalloc(sizeof(*c));
1432 c->cmnd = yyvsp[0].command.cmnd;
1433 c->args = yyvsp[0].command.args;
1434 yyval.member = new_member((char *)c, COMMAND);
1441 if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
1450 list_append(yyvsp[-2].member, yyvsp[0].member);
1451 yyval.member = yyvsp[-2].member;
1458 if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
1467 list_append(yyvsp[-2].member, yyvsp[0].member);
1468 yyval.member = yyvsp[-2].member;
1475 if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
1485 if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
1494 list_append(yyvsp[-2].member, yyvsp[0].member);
1495 yyval.member = yyvsp[-2].member;
1501 yyval.member = yyvsp[0].member;
1502 yyval.member->negated = FALSE;
1508 yyval.member = yyvsp[0].member;
1509 yyval.member->negated = TRUE;
1515 yyval.member = new_member(yyvsp[0].string, ALIAS);
1521 yyval.member = new_member(NULL, ALL);
1527 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1533 yyval.member = new_member(yyvsp[0].string, USERGROUP);
1539 yyval.member = new_member(yyvsp[0].string, WORD);
1545 list_append(yyvsp[-2].member, yyvsp[0].member);
1546 yyval.member = yyvsp[-2].member;
1552 yyval.member = yyvsp[0].member;
1553 yyval.member->negated = FALSE;
1559 yyval.member = yyvsp[0].member;
1560 yyval.member->negated = TRUE;
1566 yyval.member = new_member(yyvsp[0].string, ALIAS);
1572 yyval.member = new_member(NULL, ALL);
1578 yyval.member = new_member(yyvsp[0].string, WORD);
1581 #line 1529 "y.tab.c"
1587 if (yystate == 0 && yym == 0)
1591 printf("%sdebug: after reduction, shifting from state 0 to\
1592 state %d\n", YYPREFIX, YYFINAL);
1599 if ((yychar = yylex()) < 0) yychar = 0;
1604 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1605 if (!yys) yys = "illegal-symbol";
1606 printf("%sdebug: state %d, reading %d (%s)\n",
1607 YYPREFIX, YYFINAL, yychar, yys);
1611 if (yychar == 0) goto yyaccept;
1614 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1615 yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
1616 yystate = yytable[yyn];
1618 yystate = yydgoto[yym];
1621 printf("%sdebug: after reduction, shifting from state %d \
1622 to state %d\n", YYPREFIX, *yyssp, yystate);
1624 if (yyssp >= yysslim && yygrowstack())
1632 yyerror("yacc stack overflow");
1638 yyss = yyssp = NULL;
1639 yyvs = yyvsp = NULL;
1647 yyss = yyssp = NULL;
1648 yyvs = yyvsp = NULL;
projects / debian / sudo / blob