9 #define yyclearin (yychar=(YYEMPTY))
10 #define yyerrok (yyerrflag=0)
11 #define YYRECOVERING() (yyerrflag!=0)
15 * Copyright (c) 1996, 1998-2005, 2007-2011
16 * Todd C. Miller <Todd.Miller@courtesan.com>
18 * Permission to use, copy, modify, and distribute this software for any
19 * purpose with or without fee is hereby granted, provided that the above
20 * copyright notice and this permission notice appear in all copies.
22 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
23 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
24 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
25 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
27 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
28 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
30 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Sponsored in part by the Defense Advanced Research Projects
33 * Agency (DARPA) and Air Force Research Laboratory, Air Force
34 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
39 #include <sys/types.h>
40 #include <sys/param.h>
49 #endif /* STDC_HEADERS */
52 #endif /* HAVE_STRING_H */
55 #endif /* HAVE_STRINGS_H */
58 #endif /* HAVE_UNISTD_H */
59 #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
61 #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
64 #include "sudoers.h" /* XXX */
70 * We must define SIZE_MAX for yacc's skeleton.c.
71 * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
72 * could be signed (as it is on SunOS 4.x).
76 # define SIZE_MAX SIZE_T_MAX
78 # define SIZE_MAX INT_MAX
79 # endif /* SIZE_T_MAX */
85 extern int sudolineno;
86 extern int last_token;
88 static bool verbose = false;
89 bool parse_error = false;
91 char *errorfile = NULL;
93 struct defaults_list defaults;
94 struct userspec_list userspecs;
99 static void add_defaults(int, struct member *, struct defaults *);
100 static void add_userspec(struct member *, struct privilege *);
101 static struct defaults *new_default(char *, char *, int);
102 static struct member *new_member(char *, int);
103 void yyerror(const char *);
106 yyerror(const char *s)
108 debug_decl(yyerror, SUDO_DEBUG_PARSER)
110 /* If we last saw a newline the error is on the preceding line. */
111 if (last_token == COMMENT)
114 /* Save the line the first error occurred on. */
115 if (errorlineno == -1) {
116 errorlineno = sudolineno;
117 errorfile = estrdup(sudoers);
119 if (trace_print != NULL) {
121 } else if (verbose && s != NULL) {
122 warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
128 #ifndef YYSTYPE_DEFINED
129 #define YYSTYPE_DEFINED
131 struct cmndspec *cmndspec;
132 struct defaults *defaults;
133 struct member *member;
134 struct runascontainer *runas;
135 struct privilege *privilege;
136 struct sudo_command command;
138 struct selinux_info seinfo;
142 #endif /* YYSTYPE_DEFINED */
149 #define USERGROUP 262
152 #define DEFAULTS_HOST 265
153 #define DEFAULTS_USER 266
154 #define DEFAULTS_RUNAS 267
155 #define DEFAULTS_CMND 268
162 #define LOG_INPUT 275
163 #define NOLOG_INPUT 276
164 #define LOG_OUTPUT 277
165 #define NOLOG_OUTPUT 278
168 #define HOSTALIAS 281
169 #define CMNDALIAS 282
170 #define USERALIAS 283
171 #define RUNASALIAS 284
175 #define YYERRCODE 256
176 #if defined(__cplusplus) || defined(__STDC__)
177 const short yylhs[] =
182 0, 0, 25, 25, 26, 26, 26, 26, 26, 26,
183 26, 26, 26, 26, 26, 26, 4, 4, 3, 3,
184 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
185 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
186 22, 22, 22, 22, 22, 17, 17, 18, 18, 18,
187 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
188 21, 5, 5, 5, 28, 28, 31, 9, 9, 29,
189 29, 32, 7, 7, 30, 30, 33, 27, 27, 34,
190 13, 13, 11, 11, 12, 12, 12, 12, 12, 16,
191 16, 14, 14, 15, 15, 15,
193 #if defined(__cplusplus) || defined(__STDC__)
194 const short yylen[] =
199 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
200 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
201 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
202 1, 1, 1, 1, 3, 4, 1, 2, 3, 3,
203 0, 1, 1, 2, 2, 0, 3, 1, 3, 2,
204 0, 2, 2, 2, 2, 2, 2, 2, 2, 2,
205 2, 1, 1, 1, 1, 3, 3, 1, 3, 1,
206 3, 3, 1, 3, 1, 3, 3, 1, 3, 3,
207 1, 3, 1, 2, 1, 1, 1, 1, 1, 1,
210 #if defined(__cplusplus) || defined(__STDC__)
211 const short yydefred[] =
216 0, 85, 87, 88, 89, 0, 0, 0, 0, 0,
217 86, 5, 0, 0, 0, 0, 0, 0, 81, 83,
218 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
219 31, 33, 30, 0, 27, 0, 68, 0, 0, 64,
220 63, 62, 0, 37, 73, 0, 0, 0, 65, 0,
221 0, 70, 0, 0, 78, 0, 0, 75, 84, 0,
222 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
223 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
224 0, 0, 0, 0, 0, 82, 0, 0, 21, 22,
225 23, 18, 69, 74, 0, 66, 0, 71, 0, 79,
226 0, 76, 0, 34, 0, 0, 25, 0, 0, 0,
227 0, 0, 0, 51, 0, 0, 94, 96, 95, 0,
228 90, 92, 0, 0, 47, 35, 0, 0, 0, 44,
229 45, 93, 0, 0, 40, 39, 52, 53, 54, 55,
230 56, 57, 58, 59, 60, 61, 36, 91,
232 #if defined(__cplusplus) || defined(__STDC__)
233 const short yydgoto[] =
238 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
239 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
240 129, 114, 115, 116, 22, 23, 54, 48, 51, 57,
243 #if defined(__cplusplus) || defined(__STDC__)
244 const short yysindex[] =
249 -270, 0, 0, 0, 0, -29, 567, 594, 594, -2,
250 0, 0, -240, -222, -216, -212, -241, 0, 0, 0,
251 -25, 475, 0, 0, -10, -207, 0, 9, 0, 0,
252 0, 0, 0, -235, 0, -33, 0, -31, -31, 0,
253 0, 0, -242, 0, 0, -30, -7, 3, 0, -6,
254 4, 0, -5, 6, 0, -1, 8, 0, 0, 594,
255 -20, 0, 10, 0, -205, -196, -194, 0, -29, 0,
256 567, 9, 9, 9, 0, -2, 9, 567, -240, -2,
257 -222, 594, -216, 594, -212, 0, 31, 567, 0, 0,
258 0, 0, 0, 0, 26, 0, 28, 0, 29, 0,
259 29, 0, 541, 0, 32, -247, 0, 86, -15, 33,
260 31, 14, 16, 0, -208, -204, 0, 0, 0, -231,
261 0, 0, 38, 86, 0, 0, -179, -178, 491, 0,
262 0, 0, 86, 38, 0, 0, 0, 0, 0, 0,
263 0, 0, 0, 0, 0, 0, 0, 0,};
264 #if defined(__cplusplus) || defined(__STDC__)
265 const short yyrindex[] =
270 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
271 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
272 0, 90, 0, 0, 1, 0, 0, 177, 0, 0,
273 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
274 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
275 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
276 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
277 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
278 0, 0, 0, 0, 0, 0, -26, 0, 0, 0,
279 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
280 118, 0, 0, 0, 148, 514, 0, 0, 45, 0,
281 -26, 0, 0, 0, 537, 565, 0, 0, 0, 0,
282 0, 0, 50, 0, 0, 0, 0, 0, 0, 0,
283 0, 0, 0, 52, 0, 0, 0, 0, 0, 0,
284 0, 0, 0, 0, 0, 0, 0, 0,};
285 #if defined(__cplusplus) || defined(__STDC__)
286 const short yygindex[] =
291 -17, 0, 27, 11, 54, -64, 15, 64, 2, 34,
292 39, 84, -3, -27, -18, -21, 0, 0, 19, 0,
293 0, 0, -12, -4, 0, 88, 0, 0, 0, 0,
296 #define YYTABLESIZE 873
297 #if defined(__cplusplus) || defined(__STDC__)
298 const short yytable[] =
303 19, 26, 26, 26, 38, 39, 46, 34, 36, 24,
304 71, 94, 60, 76, 40, 41, 2, 47, 60, 3,
305 4, 5, 29, 71, 30, 31, 117, 32, 60, 67,
306 43, 118, 66, 19, 67, 50, 42, 11, 112, 113,
307 87, 53, 124, 33, 19, 56, 72, 119, 73, 74,
308 65, 68, 69, 78, 80, 82, 77, 89, 72, 84,
309 79, 81, 67, 83, 147, 85, 90, 88, 91, 71,
310 103, 76, 60, 125, 127, 111, 128, 112, 99, 95,
311 101, 133, 113, 135, 136, 48, 1, 67, 80, 2,
312 50, 72, 49, 126, 97, 92, 75, 70, 86, 109,
313 59, 132, 134, 131, 93, 148, 107, 102, 0, 64,
314 130, 0, 0, 96, 0, 0, 72, 77, 120, 100,
315 98, 80, 0, 0, 0, 0, 0, 0, 0, 0,
316 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
317 0, 0, 0, 0, 0, 0, 80, 26, 0, 0,
318 77, 0, 0, 0, 0, 0, 0, 0, 0, 0,
319 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
320 0, 0, 0, 0, 0, 77, 12, 0, 0, 0,
321 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
322 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
323 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
324 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
325 0, 0, 0, 0, 0, 25, 0, 25, 25, 25,
326 46, 46, 29, 0, 30, 31, 10, 32, 0, 9,
327 0, 0, 46, 46, 46, 46, 46, 46, 46, 46,
328 46, 46, 46, 33, 40, 41, 19, 0, 19, 46,
329 46, 19, 19, 19, 19, 19, 19, 19, 19, 10,
330 8, 0, 0, 0, 0, 0, 42, 0, 0, 19,
331 19, 19, 19, 19, 19, 67, 0, 67, 0, 0,
332 67, 67, 67, 67, 67, 67, 67, 67, 0, 11,
333 0, 0, 0, 8, 0, 0, 0, 0, 67, 67,
334 67, 67, 67, 67, 72, 0, 72, 0, 0, 72,
335 72, 72, 72, 72, 72, 72, 72, 0, 7, 0,
336 0, 0, 11, 0, 0, 0, 0, 72, 72, 72,
337 72, 72, 72, 117, 80, 0, 80, 0, 118, 80,
338 80, 80, 80, 80, 80, 80, 80, 15, 0, 0,
339 0, 7, 0, 0, 119, 0, 0, 80, 80, 80,
340 80, 80, 80, 77, 0, 77, 0, 0, 77, 77,
341 77, 77, 77, 77, 77, 77, 13, 0, 0, 0,
342 15, 0, 0, 0, 0, 0, 77, 77, 77, 77,
343 77, 77, 0, 26, 0, 26, 0, 0, 26, 26,
344 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
345 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
346 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
347 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
348 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
349 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
350 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
351 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
352 9, 0, 10, 0, 10, 0, 0, 10, 10, 10,
353 10, 10, 10, 10, 10, 0, 0, 17, 0, 0,
354 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
355 10, 0, 0, 43, 0, 0, 8, 0, 8, 0,
356 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
357 0, 0, 0, 0, 0, 0, 41, 0, 0, 8,
358 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
359 11, 11, 11, 11, 11, 11, 11, 11, 0, 42,
360 0, 0, 0, 17, 0, 0, 0, 0, 11, 11,
361 11, 11, 11, 11, 7, 0, 7, 0, 0, 7,
362 7, 7, 7, 7, 7, 7, 7, 43, 108, 34,
363 0, 0, 0, 0, 0, 0, 0, 7, 7, 7,
364 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
365 15, 15, 15, 15, 15, 15, 17, 0, 0, 0,
366 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
367 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
368 13, 13, 13, 13, 13, 0, 0, 0, 0, 0,
369 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
370 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
371 14, 14, 14, 14, 14, 0, 0, 0, 0, 0,
372 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
373 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
374 16, 16, 16, 16, 0, 0, 0, 0, 0, 0,
375 0, 0, 0, 0, 16, 16, 16, 16, 16, 16,
376 1, 0, 2, 0, 0, 3, 4, 5, 6, 7,
377 8, 9, 10, 0, 0, 0, 0, 40, 41, 0,
378 0, 0, 0, 11, 12, 13, 14, 15, 16, 137,
379 138, 139, 140, 141, 142, 143, 144, 145, 146, 42,
380 41, 41, 0, 0, 0, 0, 0, 0, 0, 0,
381 0, 0, 41, 41, 41, 41, 41, 41, 41, 41,
382 41, 41, 41, 42, 42, 0, 0, 0, 2, 0,
383 0, 3, 4, 5, 0, 42, 42, 42, 42, 42,
384 42, 42, 42, 42, 42, 42, 0, 0, 0, 11,
385 0, 43, 43, 0, 29, 0, 30, 31, 0, 32,
386 0, 0, 0, 43, 43, 43, 43, 43, 43, 43,
387 43, 43, 43, 43, 0, 33, 0, 0, 0, 0,
388 0, 2, 0, 0, 3, 4, 5, 0, 0, 0,
389 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
392 #if defined(__cplusplus) || defined(__STDC__)
393 const short yycheck[] =
398 0, 33, 33, 33, 8, 9, 33, 33, 7, 280,
399 44, 76, 44, 44, 257, 258, 258, 258, 44, 261,
400 262, 263, 258, 44, 260, 261, 258, 263, 44, 0,
401 33, 263, 43, 33, 45, 258, 279, 279, 286, 287,
402 61, 258, 58, 279, 44, 258, 36, 279, 38, 39,
403 61, 259, 44, 61, 61, 61, 46, 263, 0, 61,
404 58, 58, 33, 58, 129, 58, 263, 58, 263, 44,
405 40, 44, 44, 41, 61, 44, 61, 286, 82, 78,
406 84, 44, 287, 263, 263, 41, 0, 58, 0, 0,
407 41, 33, 41, 111, 80, 69, 43, 34, 60, 103,
408 17, 120, 124, 116, 71, 133, 88, 85, -1, 22,
409 115, -1, -1, 79, -1, -1, 58, 0, 33, 83,
410 81, 33, -1, -1, -1, -1, -1, -1, -1, -1,
411 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
412 -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
413 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
414 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
415 -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
416 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
417 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
418 -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
419 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
420 -1, -1, -1, -1, -1, 259, -1, 259, 259, 259,
421 257, 258, 258, -1, 260, 261, 0, 263, -1, 33,
422 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
423 277, 278, 279, 279, 257, 258, 256, -1, 258, 286,
424 287, 261, 262, 263, 264, 265, 266, 267, 268, 33,
425 0, -1, -1, -1, -1, -1, 279, -1, -1, 279,
426 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
427 261, 262, 263, 264, 265, 266, 267, 268, -1, 0,
428 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
429 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
430 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
431 -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
432 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
433 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
434 -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
435 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
436 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
437 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
438 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
439 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
440 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
441 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
442 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
443 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
444 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
445 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
446 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
447 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
448 264, 265, 266, 267, 268, -1, -1, 33, -1, -1,
449 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
450 284, -1, -1, 33, -1, -1, 256, -1, 258, -1,
451 -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
452 -1, -1, -1, -1, -1, -1, 33, -1, -1, 279,
453 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
454 261, 262, 263, 264, 265, 266, 267, 268, -1, 33,
455 -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
456 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
457 262, 263, 264, 265, 266, 267, 268, 33, 58, 33,
458 -1, -1, -1, -1, -1, -1, -1, 279, 280, 281,
459 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
460 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
461 -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
462 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
463 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
464 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
465 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
466 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
467 -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
468 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
469 265, 266, 267, 268, -1, -1, -1, -1, -1, -1,
470 -1, -1, -1, -1, 279, 280, 281, 282, 283, 284,
471 256, -1, 258, -1, -1, 261, 262, 263, 264, 265,
472 266, 267, 268, -1, -1, -1, -1, 257, 258, -1,
473 -1, -1, -1, 279, 280, 281, 282, 283, 284, 269,
474 270, 271, 272, 273, 274, 275, 276, 277, 278, 279,
475 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
476 -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
477 277, 278, 279, 257, 258, -1, -1, -1, 258, -1,
478 -1, 261, 262, 263, -1, 269, 270, 271, 272, 273,
479 274, 275, 276, 277, 278, 279, -1, -1, -1, 279,
480 -1, 257, 258, -1, 258, -1, 260, 261, -1, 263,
481 -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
482 276, 277, 278, 279, -1, 279, -1, -1, -1, -1,
483 -1, 258, -1, -1, 261, 262, 263, -1, -1, -1,
484 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
491 #define YYMAXTOKEN 287
493 #if defined(__cplusplus) || defined(__STDC__)
494 const char * const yyname[] =
499 "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
500 "'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
501 0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
502 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
503 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
504 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
505 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
506 "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
507 "DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
508 "PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
509 "LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
510 "RUNASALIAS","ERROR","TYPE","ROLE",
512 #if defined(__cplusplus) || defined(__STDC__)
513 const char * const yyrule[] =
523 "entry : error COMMENT",
524 "entry : userlist privileges",
525 "entry : USERALIAS useraliases",
526 "entry : HOSTALIAS hostaliases",
527 "entry : CMNDALIAS cmndaliases",
528 "entry : RUNASALIAS runasaliases",
529 "entry : DEFAULTS defaults_list",
530 "entry : DEFAULTS_USER userlist defaults_list",
531 "entry : DEFAULTS_RUNAS userlist defaults_list",
532 "entry : DEFAULTS_HOST hostlist defaults_list",
533 "entry : DEFAULTS_CMND cmndlist defaults_list",
534 "defaults_list : defaults_entry",
535 "defaults_list : defaults_list ',' defaults_entry",
536 "defaults_entry : DEFVAR",
537 "defaults_entry : '!' DEFVAR",
538 "defaults_entry : DEFVAR '=' WORD",
539 "defaults_entry : DEFVAR '+' WORD",
540 "defaults_entry : DEFVAR '-' WORD",
541 "privileges : privilege",
542 "privileges : privileges ':' privilege",
543 "privilege : hostlist '=' cmndspeclist",
551 "cmndspeclist : cmndspec",
552 "cmndspeclist : cmndspeclist ',' cmndspec",
553 "cmndspec : runasspec selinux cmndtag opcmnd",
556 "rolespec : ROLE '=' WORD",
557 "typespec : TYPE '=' WORD",
559 "selinux : rolespec",
560 "selinux : typespec",
561 "selinux : rolespec typespec",
562 "selinux : typespec rolespec",
564 "runasspec : '(' runaslist ')'",
565 "runaslist : userlist",
566 "runaslist : userlist ':' grouplist",
567 "runaslist : ':' grouplist",
569 "cmndtag : cmndtag NOPASSWD",
570 "cmndtag : cmndtag PASSWD",
571 "cmndtag : cmndtag NOEXEC",
572 "cmndtag : cmndtag EXEC",
573 "cmndtag : cmndtag SETENV",
574 "cmndtag : cmndtag NOSETENV",
575 "cmndtag : cmndtag LOG_INPUT",
576 "cmndtag : cmndtag NOLOG_INPUT",
577 "cmndtag : cmndtag LOG_OUTPUT",
578 "cmndtag : cmndtag NOLOG_OUTPUT",
582 "hostaliases : hostalias",
583 "hostaliases : hostaliases ':' hostalias",
584 "hostalias : ALIAS '=' hostlist",
586 "hostlist : hostlist ',' ophost",
587 "cmndaliases : cmndalias",
588 "cmndaliases : cmndaliases ':' cmndalias",
589 "cmndalias : ALIAS '=' cmndlist",
591 "cmndlist : cmndlist ',' opcmnd",
592 "runasaliases : runasalias",
593 "runasaliases : runasaliases ':' runasalias",
594 "runasalias : ALIAS '=' userlist",
595 "useraliases : useralias",
596 "useraliases : useraliases ':' useralias",
597 "useralias : ALIAS '=' userlist",
599 "userlist : userlist ',' opuser",
607 "grouplist : opgroup",
608 "grouplist : grouplist ',' opgroup",
610 "opgroup : '!' group",
618 #define YYMAXDEPTH YYSTACKSIZE
621 #define YYSTACKSIZE YYMAXDEPTH
623 #define YYSTACKSIZE 10000
624 #define YYMAXDEPTH 10000
627 #define YYINITSTACKSIZE 200
642 static struct defaults *
643 new_default(char *var, char *val, int op)
646 debug_decl(new_default, SUDO_DEBUG_PARSER)
648 d = emalloc(sizeof(struct defaults));
651 tq_init(&d->binding);
660 static struct member *
661 new_member(char *name, int type)
664 debug_decl(new_member, SUDO_DEBUG_PARSER)
666 m = emalloc(sizeof(struct member));
676 * Add a list of defaults structures to the defaults list.
677 * The binding, if non-NULL, specifies a list of hosts, users, or
678 * runas users the entries apply to (specified by the type).
681 add_defaults(int type, struct member *bmem, struct defaults *defs)
684 struct member_list binding;
685 debug_decl(add_defaults, SUDO_DEBUG_PARSER)
688 * We can only call list2tq once on bmem as it will zero
689 * out the prev pointer when it consumes bmem.
691 list2tq(&binding, bmem);
694 * Set type and binding (who it applies to) for new entries.
696 for (d = defs; d != NULL; d = d->next) {
698 d->binding = binding;
700 tq_append(&defaults, defs);
706 * Allocate a new struct userspec, populate it, and insert it at the
707 * and of the userspecs list.
710 add_userspec(struct member *members, struct privilege *privs)
713 debug_decl(add_userspec, SUDO_DEBUG_PARSER)
715 u = emalloc(sizeof(*u));
716 list2tq(&u->users, members);
717 list2tq(&u->privileges, privs);
720 tq_append(&userspecs, u);
726 * Free up space used by data structures from a previous parser run and sets
727 * the current sudoers file to path.
730 init_parser(const char *path, int quiet)
733 struct member *m, *binding;
735 struct privilege *priv;
737 struct sudo_command *c;
738 debug_decl(init_parser, SUDO_DEBUG_PARSER)
740 while ((us = tq_pop(&userspecs)) != NULL) {
741 while ((m = tq_pop(&us->users)) != NULL) {
745 while ((priv = tq_pop(&us->privileges)) != NULL) {
746 struct member *runasuser = NULL, *runasgroup = NULL;
748 char *role = NULL, *type = NULL;
749 #endif /* HAVE_SELINUX */
751 while ((m = tq_pop(&priv->hostlist)) != NULL) {
755 while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
757 /* Only free the first instance of a role/type. */
758 if (cs->role != role) {
762 if (cs->type != type) {
766 #endif /* HAVE_SELINUX */
767 if (tq_last(&cs->runasuserlist) != runasuser) {
768 runasuser = tq_last(&cs->runasuserlist);
769 while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
774 if (tq_last(&cs->runasgrouplist) != runasgroup) {
775 runasgroup = tq_last(&cs->runasgrouplist);
776 while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
781 if (cs->cmnd->type == COMMAND) {
782 c = (struct sudo_command *) cs->cmnd->name;
786 efree(cs->cmnd->name);
797 while ((d = tq_pop(&defaults)) != NULL) {
798 if (tq_last(&d->binding) != binding) {
799 binding = tq_last(&d->binding);
800 while ((m = tq_pop(&d->binding)) != NULL) {
801 if (m->type == COMMAND) {
802 c = (struct sudo_command *) m->name;
821 sudoers = path ? estrdup(path) : NULL;
831 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
832 #if defined(__cplusplus) || defined(__STDC__)
833 static int yygrowstack(void)
835 static int yygrowstack()
842 if ((newsize = yystacksize) == 0)
843 newsize = YYINITSTACKSIZE;
844 else if (newsize >= YYMAXDEPTH)
846 else if ((newsize *= 2) > YYMAXDEPTH)
847 newsize = YYMAXDEPTH;
850 #define YY_SIZE_MAX SIZE_MAX
852 #define YY_SIZE_MAX 0x7fffffff
854 if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
856 newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
857 (short *)malloc(newsize * sizeof *newss); /* overflow check above */
862 if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
864 newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
865 (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
870 yystacksize = newsize;
871 yysslim = yyss + newsize - 1;
884 #define YYABORT goto yyabort
885 #define YYREJECT goto yyabort
886 #define YYACCEPT goto yyaccept
887 #define YYERROR goto yyerrlab
889 #if defined(__cplusplus) || defined(__STDC__)
895 int yym, yyn, yystate;
897 #if defined(__cplusplus) || defined(__STDC__)
899 #else /* !(defined(__cplusplus) || defined(__STDC__)) */
901 #endif /* !(defined(__cplusplus) || defined(__STDC__)) */
903 if ((yys = getenv("YYDEBUG")))
906 if (yyn >= '0' && yyn <= '9')
915 if (yyss == NULL && yygrowstack()) goto yyoverflow;
918 *yyssp = yystate = 0;
921 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
924 if ((yychar = yylex()) < 0) yychar = 0;
929 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
930 if (!yys) yys = "illegal-symbol";
931 printf("%sdebug: state %d, reading %d (%s)\n",
932 YYPREFIX, yystate, yychar, yys);
936 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
937 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
941 printf("%sdebug: state %d, shifting to state %d\n",
942 YYPREFIX, yystate, yytable[yyn]);
944 if (yyssp >= yysslim && yygrowstack())
948 *++yyssp = yystate = yytable[yyn];
951 if (yyerrflag > 0) --yyerrflag;
954 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
955 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
960 if (yyerrflag) goto yyinrecovery;
961 #if defined(lint) || defined(__GNUC__)
965 yyerror("syntax error");
966 #if defined(lint) || defined(__GNUC__)
977 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
978 yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
982 printf("%sdebug: state %d, error recovery shifting\
983 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
985 if (yyssp >= yysslim && yygrowstack())
989 *++yyssp = yystate = yytable[yyn];
997 printf("%sdebug: error recovery discarding state %d\n",
1000 if (yyssp <= yyss) goto yyabort;
1008 if (yychar == 0) goto yyabort;
1013 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1014 if (!yys) yys = "illegal-symbol";
1015 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1016 YYPREFIX, yystate, yychar, yys);
1025 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1026 YYPREFIX, yystate, yyn, yyrule[yyn]);
1030 yyval = yyvsp[1-yym];
1032 memset(&yyval, 0, sizeof yyval);
1054 add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
1084 add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
1090 add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
1096 add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
1102 add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
1108 add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
1114 list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
1115 yyval.defaults = yyvsp[-2].defaults;
1121 yyval.defaults = new_default(yyvsp[0].string, NULL, true);
1127 yyval.defaults = new_default(yyvsp[0].string, NULL, false);
1133 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
1139 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
1145 yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
1151 list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
1152 yyval.privilege = yyvsp[-2].privilege;
1158 struct privilege *p = emalloc(sizeof(*p));
1159 list2tq(&p->hostlist, yyvsp[-2].member);
1160 list2tq(&p->cmndlist, yyvsp[0].cmndspec);
1163 yyval.privilege = p;
1169 yyval.member = yyvsp[0].member;
1170 yyval.member->negated = false;
1176 yyval.member = yyvsp[0].member;
1177 yyval.member->negated = true;
1183 yyval.member = new_member(yyvsp[0].string, ALIAS);
1189 yyval.member = new_member(NULL, ALL);
1195 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1201 yyval.member = new_member(yyvsp[0].string, NTWKADDR);
1207 yyval.member = new_member(yyvsp[0].string, WORD);
1213 list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
1215 /* propagate role and type */
1216 if (yyvsp[0].cmndspec->role == NULL)
1217 yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
1218 if (yyvsp[0].cmndspec->type == NULL)
1219 yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
1220 #endif /* HAVE_SELINUX */
1221 /* propagate tags and runas list */
1222 if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
1223 yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
1224 if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
1225 yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
1226 if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
1227 yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
1228 yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
1229 if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
1230 yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
1231 if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
1232 yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
1233 if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
1234 tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
1235 (!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
1236 !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
1237 yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
1238 yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
1240 yyval.cmndspec = yyvsp[-2].cmndspec;
1246 struct cmndspec *cs = emalloc(sizeof(*cs));
1247 if (yyvsp[-3].runas != NULL) {
1248 list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers);
1249 list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups);
1250 efree(yyvsp[-3].runas);
1252 tq_init(&cs->runasuserlist);
1253 tq_init(&cs->runasgrouplist);
1256 cs->role = yyvsp[-2].seinfo.role;
1257 cs->type = yyvsp[-2].seinfo.type;
1259 cs->tags = yyvsp[-1].tag;
1260 cs->cmnd = yyvsp[0].member;
1263 /* sudo "ALL" implies the SETENV tag */
1264 if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
1265 cs->tags.setenv == UNSPEC)
1266 cs->tags.setenv = IMPLIED;
1267 yyval.cmndspec = cs;
1273 yyval.member = yyvsp[0].member;
1274 yyval.member->negated = false;
1280 yyval.member = yyvsp[0].member;
1281 yyval.member->negated = true;
1287 yyval.string = yyvsp[0].string;
1293 yyval.string = yyvsp[0].string;
1299 yyval.seinfo.role = NULL;
1300 yyval.seinfo.type = NULL;
1306 yyval.seinfo.role = yyvsp[0].string;
1307 yyval.seinfo.type = NULL;
1313 yyval.seinfo.type = yyvsp[0].string;
1314 yyval.seinfo.role = NULL;
1320 yyval.seinfo.role = yyvsp[-1].string;
1321 yyval.seinfo.type = yyvsp[0].string;
1327 yyval.seinfo.type = yyvsp[-1].string;
1328 yyval.seinfo.role = yyvsp[0].string;
1340 yyval.runas = yyvsp[-1].runas;
1346 yyval.runas = emalloc(sizeof(struct runascontainer));
1347 yyval.runas->runasusers = yyvsp[0].member;
1348 yyval.runas->runasgroups = NULL;
1354 yyval.runas = emalloc(sizeof(struct runascontainer));
1355 yyval.runas->runasusers = yyvsp[-2].member;
1356 yyval.runas->runasgroups = yyvsp[0].member;
1362 yyval.runas = emalloc(sizeof(struct runascontainer));
1363 yyval.runas->runasusers = NULL;
1364 yyval.runas->runasgroups = yyvsp[0].member;
1370 yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
1371 yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
1377 yyval.tag.nopasswd = true;
1383 yyval.tag.nopasswd = false;
1389 yyval.tag.noexec = true;
1395 yyval.tag.noexec = false;
1401 yyval.tag.setenv = true;
1407 yyval.tag.setenv = false;
1413 yyval.tag.log_input = true;
1419 yyval.tag.log_input = false;
1425 yyval.tag.log_output = true;
1431 yyval.tag.log_output = false;
1437 yyval.member = new_member(NULL, ALL);
1443 yyval.member = new_member(yyvsp[0].string, ALIAS);
1449 struct sudo_command *c = emalloc(sizeof(*c));
1450 c->cmnd = yyvsp[0].command.cmnd;
1451 c->args = yyvsp[0].command.args;
1452 yyval.member = new_member((char *)c, COMMAND);
1459 if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
1468 list_append(yyvsp[-2].member, yyvsp[0].member);
1469 yyval.member = yyvsp[-2].member;
1476 if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
1485 list_append(yyvsp[-2].member, yyvsp[0].member);
1486 yyval.member = yyvsp[-2].member;
1493 if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
1503 if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
1512 list_append(yyvsp[-2].member, yyvsp[0].member);
1513 yyval.member = yyvsp[-2].member;
1519 yyval.member = yyvsp[0].member;
1520 yyval.member->negated = false;
1526 yyval.member = yyvsp[0].member;
1527 yyval.member->negated = true;
1533 yyval.member = new_member(yyvsp[0].string, ALIAS);
1539 yyval.member = new_member(NULL, ALL);
1545 yyval.member = new_member(yyvsp[0].string, NETGROUP);
1551 yyval.member = new_member(yyvsp[0].string, USERGROUP);
1557 yyval.member = new_member(yyvsp[0].string, WORD);
1563 list_append(yyvsp[-2].member, yyvsp[0].member);
1564 yyval.member = yyvsp[-2].member;
1570 yyval.member = yyvsp[0].member;
1571 yyval.member->negated = false;
1577 yyval.member = yyvsp[0].member;
1578 yyval.member->negated = true;
1584 yyval.member = new_member(yyvsp[0].string, ALIAS);
1590 yyval.member = new_member(NULL, ALL);
1596 yyval.member = new_member(yyvsp[0].string, WORD);
1605 if (yystate == 0 && yym == 0)
1609 printf("%sdebug: after reduction, shifting from state 0 to\
1610 state %d\n", YYPREFIX, YYFINAL);
1617 if ((yychar = yylex()) < 0) yychar = 0;
1622 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1623 if (!yys) yys = "illegal-symbol";
1624 printf("%sdebug: state %d, reading %d (%s)\n",
1625 YYPREFIX, YYFINAL, yychar, yys);
1629 if (yychar == 0) goto yyaccept;
1632 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
1633 yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
1634 yystate = yytable[yyn];
1636 yystate = yydgoto[yym];
1639 printf("%sdebug: after reduction, shifting from state %d \
1640 to state %d\n", YYPREFIX, *yyssp, yystate);
1642 if (yyssp >= yysslim && yygrowstack())
1650 yyerror("yacc stack overflow");
1656 yyss = yyssp = NULL;
1657 yyvs = yyvsp = NULL;
1665 yyss = yyssp = NULL;
1666 yyvs = yyvsp = NULL;