2 /*static char yysccsid[] = "from: @(#)yaccpar 1.9 (Berkeley) 02/21/93";*/
5 __attribute__ ((unused))
6 #endif /* __GNUC__ >= 2 */
7 = "$OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $";
15 #define yyclearin (yychar=(YYEMPTY))
16 #define yyerrok (yyerrflag=0)
17 #define YYRECOVERING() (yyerrflag!=0)
21 * Copyright (c) 1996, 1998-2004, 2007
22 * Todd C. Miller <Todd.Miller@courtesan.com>
24 * Permission to use, copy, modify, and distribute this software for any
25 * purpose with or without fee is hereby granted, provided that the above
26 * copyright notice and this permission notice appear in all copies.
28 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
29 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
30 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
31 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
32 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
33 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
34 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
35 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
36 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 * Sponsored in part by the Defense Advanced Research Projects
39 * Agency (DARPA) and Air Force Research Laboratory, Air Force
40 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
44 * XXX - the whole opFOO naming thing is somewhat bogus.
46 * XXX - the way things are stored for printmatches is stupid,
47 * they should be stored as elements in an array and then
48 * list_matches() can format things the way it wants.
53 #include <sys/types.h>
54 #include <sys/param.h>
63 #endif /* STDC_HEADERS */
67 # ifdef HAVE_STRINGS_H
70 #endif /* HAVE_STRING_H */
73 #endif /* HAVE_UNISTD_H */
75 #if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
77 #endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
80 #endif /* HAVE_LSEARCH */
87 #include "emul/search.h"
88 #endif /* HAVE_LSEARCH */
91 __unused static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76.2.14 2008/02/27 20:34:42 millert Exp $";
95 * We must define SIZE_MAX for yacc's skeleton.c.
96 * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
97 * could be signed (as it is on SunOS 4.x).
101 # define SIZE_MAX SIZE_T_MAX
103 # define SIZE_MAX INT_MAX
104 # endif /* SIZE_T_MAX */
105 #endif /* SIZE_MAX */
110 extern int sudolineno, parse_error;
111 int errorlineno = -1;
112 int clearaliases = TRUE;
113 int printmatches = FALSE;
114 int pedantic = FALSE;
117 int used_runas = FALSE;
125 #define RUNAS_ALIAS 4
127 #define SETMATCH(_var, _val) do { \
128 if ((_var) == UNSPEC || (_val) != NOMATCH) \
132 #define SETNMATCH(_var, _val) do { \
133 if ((_val) != NOMATCH) \
135 else if ((_var) == UNSPEC) \
139 #define SETENV_RESET \
140 if (setenv_ok == IMPLIED) setenv_ok = def_setenv ? TRUE : UNSPEC
143 * The matching stack, initial space allocated in init_parser().
145 struct matchstack *match;
146 int top = 0, stacksize = 0;
150 if (top >= stacksize) { \
151 while ((stacksize += STACKINCREMENT) < top); \
152 match = (struct matchstack *) erealloc3(match, stacksize, sizeof(struct matchstack)); \
154 match[top].user = UNSPEC; \
155 match[top].cmnd = UNSPEC; \
156 match[top].host = UNSPEC; \
157 match[top].runas = UNSPEC; \
158 match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
159 match[top].noexec = def_noexec ? TRUE : UNSPEC; \
160 match[top].setenv = def_setenv ? TRUE : UNSPEC; \
161 match[top].role = NULL; \
162 match[top].type = NULL; \
168 if (top >= stacksize) { \
169 while ((stacksize += STACKINCREMENT) < top); \
170 match = (struct matchstack *) erealloc3(match, stacksize, sizeof(struct matchstack)); \
172 match[top].user = match[top-1].user; \
173 match[top].cmnd = match[top-1].cmnd; \
174 match[top].host = match[top-1].host; \
175 match[top].runas = match[top-1].runas; \
176 match[top].nopass = match[top-1].nopass; \
177 match[top].noexec = match[top-1].noexec; \
178 match[top].setenv = match[top-1].setenv; \
179 match[top].role = estrdup(match[top-1].role); \
180 match[top].type = estrdup(match[top-1].type); \
187 yyerror("matching stack underflow"); \
189 efree(match[top-1].role); \
190 efree(match[top-1].type); \
197 * For testing if foo_matches variable was set to TRUE or FALSE
199 #define MATCHED(_v) ((_v) >= 0)
202 * Shortcuts for append()
204 #define append_cmnd(s, p) append(s, &cm_list[cm_list_len].cmnd, \
205 &cm_list[cm_list_len].cmnd_len, &cm_list[cm_list_len].cmnd_size, p)
207 #define append_runas(s, p) append(s, &cm_list[cm_list_len].runas, \
208 &cm_list[cm_list_len].runas_len, &cm_list[cm_list_len].runas_size, p)
210 #define append_role(s, p) append(s, &cm_list[cm_list_len].role, \
211 &cm_list[cm_list_len].role_len, &cm_list[cm_list_len].role_size, p)
213 #define append_type(s, p) append(s, &cm_list[cm_list_len].type, \
214 &cm_list[cm_list_len].type_len, &cm_list[cm_list_len].type_size, p)
216 #define append_entries(s, p) append(s, &ga_list[ga_list_len-1].entries, \
217 &ga_list[ga_list_len-1].entries_len, \
218 &ga_list[ga_list_len-1].entries_size, p)
221 * The stack for printmatches. A list of allowed commands for the user.
223 static struct command_match *cm_list = NULL;
224 static size_t cm_list_len = 0, cm_list_size = 0;
227 * List of Cmnd_Aliases and expansions for `sudo -l'
229 static int in_alias = FALSE;
230 static size_t ga_list_len = 0, ga_list_size = 0;
231 static struct generic_alias *ga_list = NULL;
234 * Does this Defaults list pertain to this user?
236 static int defaults_matches = FALSE;
241 static int add_alias __P((char *, int, int));
242 static void append __P((char *, char **, size_t *, size_t *, char *));
243 static void expand_ga_list __P((void));
244 static void expand_match_list __P((void));
245 static aliasinfo *find_alias __P((char *, int));
246 static void more_aliases __P((void));
247 void init_parser __P((void));
248 void yyerror __P((char *));
254 /* Save the line the first error occurred on. */
255 if (errorlineno == -1)
256 errorlineno = sudolineno ? sudolineno - 1 : 0;
259 (void) fprintf(stderr, ">>> sudoers file: %s, line %d <<<\n", s,
260 sudolineno ? sudolineno - 1 : 0);
262 (void) fprintf(stderr, "<*> ");
267 #line 251 "parse.yacc"
268 #ifndef YYSTYPE_DEFINED
269 #define YYSTYPE_DEFINED
273 struct sudo_command command;
275 struct selinux_info seinfo;
277 #endif /* YYSTYPE_DEFINED */
278 #line 279 "sudo.tab.c"
284 #define USERGROUP 262
287 #define DEFAULTS_HOST 265
288 #define DEFAULTS_USER 266
289 #define DEFAULTS_RUNAS 267
299 #define HOSTALIAS 277
300 #define CMNDALIAS 278
301 #define USERALIAS 279
302 #define RUNASALIAS 280
306 #define YYERRCODE 256
307 #if defined(__cplusplus) || defined(__STDC__)
308 const short yylhs[] =
313 0, 0, 10, 10, 12, 10, 10, 10, 10, 10,
314 10, 18, 19, 21, 19, 22, 19, 24, 19, 20,
315 20, 25, 25, 25, 25, 25, 13, 13, 26, 28,
316 28, 2, 2, 2, 2, 2, 27, 27, 31, 29,
317 33, 34, 33, 8, 9, 7, 7, 7, 7, 7,
318 30, 30, 5, 5, 4, 35, 4, 3, 3, 3,
319 3, 3, 32, 32, 32, 32, 32, 32, 32, 1,
320 1, 1, 15, 15, 37, 36, 23, 23, 16, 16,
321 39, 38, 40, 40, 17, 17, 42, 41, 14, 14,
322 44, 43, 11, 11, 45, 45, 6, 6, 6, 6,
325 #if defined(__cplusplus) || defined(__STDC__)
326 const short yylen[] =
331 1, 2, 1, 2, 0, 3, 2, 2, 2, 2,
332 1, 2, 1, 0, 3, 0, 3, 0, 3, 1,
333 3, 1, 2, 3, 3, 3, 1, 3, 3, 1,
334 2, 1, 1, 1, 1, 1, 1, 3, 0, 5,
335 1, 0, 3, 3, 3, 0, 1, 1, 2, 2,
336 0, 2, 1, 3, 1, 0, 3, 1, 1, 1,
337 1, 1, 0, 2, 2, 2, 2, 2, 2, 1,
338 1, 1, 1, 3, 0, 4, 1, 3, 1, 3,
339 0, 4, 1, 3, 1, 3, 0, 4, 1, 3,
340 0, 4, 1, 3, 1, 2, 1, 1, 1, 1,
343 #if defined(__cplusplus) || defined(__STDC__)
344 const short yydefred[] =
349 0, 13, 18, 14, 16, 3, 0, 0, 0, 0,
350 0, 1, 0, 11, 0, 4, 0, 0, 0, 75,
351 0, 73, 81, 0, 79, 91, 0, 89, 87, 0,
352 85, 2, 100, 99, 98, 97, 101, 0, 95, 0,
353 93, 0, 0, 12, 0, 36, 33, 34, 35, 32,
354 0, 30, 0, 77, 0, 61, 60, 59, 58, 62,
355 56, 55, 53, 0, 0, 0, 0, 0, 0, 0,
356 0, 0, 96, 0, 0, 0, 27, 0, 0, 0,
357 23, 0, 31, 0, 0, 0, 0, 74, 0, 80,
358 0, 90, 0, 86, 94, 0, 39, 24, 25, 26,
359 21, 78, 57, 54, 0, 72, 71, 70, 42, 41,
360 83, 0, 0, 0, 28, 0, 37, 0, 0, 0,
361 39, 0, 0, 43, 84, 38, 0, 0, 0, 63,
362 0, 0, 0, 0, 0, 49, 50, 45, 44, 64,
363 65, 66, 67, 68, 69, 40,
365 #if defined(__cplusplus) || defined(__STDC__)
366 const short yydgoto[] =
371 110, 52, 62, 63, 64, 39, 130, 131, 132, 12,
372 40, 13, 75, 27, 21, 24, 30, 14, 15, 44,
373 18, 19, 76, 17, 45, 77, 116, 54, 117, 123,
374 118, 135, 111, 119, 85, 22, 65, 25, 67, 112,
377 #if defined(__cplusplus) || defined(__STDC__)
378 const short yysindex[] =
383 -248, 0, 0, 0, 0, 0, -211, -210, -205, -201,
384 -247, 0, 62, 0, -33, 0, 89, 62, 114, 0,
385 2, 0, 0, 3, 0, 0, 4, 0, 0, 6,
386 0, 0, 0, 0, 0, 0, 0, -251, 0, -28,
387 0, -18, -194, 0, 14, 0, 0, 0, 0, 0,
388 -219, 0, 22, 0, 23, 0, 0, 0, 0, 0,
389 0, 0, 0, 24, 8, -211, 9, -210, 10, -205,
390 11, -201, 0, 62, 16, -23, 0, -187, -186, -184,
391 0, -33, 0, 89, -212, 114, 89, 0, -20, 0,
392 62, 0, 114, 0, 0, 89, 0, 0, 0, 0,
393 0, 0, 0, 0, 22, 0, 0, 0, 0, 0,
394 0, 36, 23, 24, 0, 37, 0, -185, -221, -20,
395 0, 114, -268, 0, 0, 0, 24, 21, 25, 0,
396 -195, -193, -175, -174, 274, 0, 0, 0, 0, 0,
398 #if defined(__cplusplus) || defined(__STDC__)
399 const short yyrindex[] =
404 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
405 141, 0, 0, 0, 0, 0, 0, 0, 0, 0,
406 156, 0, 0, 181, 0, 0, 206, 0, 0, 236,
407 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
408 0, 1, 0, 0, 261, 0, 0, 0, 0, 0,
409 0, 0, -25, 0, -11, 0, 0, 0, 0, 0,
410 0, 0, 0, -10, 0, 0, 0, 0, 0, 0,
411 0, 0, 0, 0, 300, 0, 0, 0, 0, 0,
412 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
413 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
414 0, 0, 0, 0, 26, 0, 0, 0, 0, 0,
415 0, 52, 78, 104, 0, 130, 0, -29, 0, 0,
416 0, 0, 340, 0, 0, 0, 313, 0, 0, 0,
417 365, 391, 0, 0, 0, 0, 0, 0, 0, 0,
419 #if defined(__cplusplus) || defined(__STDC__)
420 const short yygindex[] =
425 -27, 40, 12, 7, -87, 56, 0, -36, -32, 87,
426 -16, 0, 0, 0, 0, 0, 0, 0, 0, 18,
427 0, 0, -14, 0, 0, 5, 0, 19, -19, 0,
428 0, 0, -80, 0, 0, 39, 0, 38, 0, 0,
431 #define YYTABLESIZE 666
432 #if defined(__cplusplus) || defined(__STDC__)
433 const short yytable[] =
438 22, 55, 53, 51, 51, 114, 33, 19, 1, 34,
439 35, 36, 109, 128, 129, 74, 2, 3, 4, 5,
440 84, 15, 17, 37, 79, 76, 80, 16, 6, 7,
441 8, 9, 10, 22, 127, 106, 107, 97, 46, 125,
442 47, 48, 78, 49, 22, 56, 20, 23, 57, 58,
443 59, 82, 26, 108, 146, 50, 29, 82, 76, 66,
444 68, 70, 60, 72, 81, 84, 74, 86, 87, 89,
445 91, 93, 105, 96, 113, 98, 99, 92, 100, 120,
446 121, 133, 122, 76, 82, 134, 128, 138, 139, 129,
447 83, 124, 104, 73, 38, 137, 103, 32, 136, 101,
448 115, 126, 102, 88, 88, 90, 94, 95, 0, 82,
449 92, 92, 0, 0, 0, 0, 0, 0, 0, 0,
450 0, 51, 0, 0, 0, 0, 0, 0, 0, 29,
451 0, 0, 0, 0, 0, 92, 88, 0, 0, 0,
452 0, 0, 0, 0, 0, 0, 61, 0, 0, 0,
453 0, 0, 0, 0, 0, 8, 0, 0, 0, 0,
454 0, 88, 29, 0, 0, 0, 0, 0, 0, 0,
455 0, 0, 0, 5, 0, 0, 0, 0, 0, 0,
456 9, 0, 0, 0, 0, 0, 0, 29, 8, 0,
457 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
458 0, 0, 0, 0, 0, 7, 0, 0, 0, 0,
459 0, 0, 0, 9, 0, 0, 0, 0, 0, 0,
460 0, 0, 0, 0, 0, 42, 0, 51, 51, 46,
461 0, 47, 48, 19, 49, 10, 106, 107, 7, 51,
462 51, 51, 51, 51, 51, 51, 50, 15, 17, 0,
463 0, 0, 51, 51, 108, 0, 22, 0, 22, 0,
464 20, 22, 22, 22, 22, 22, 22, 22, 10, 0,
465 0, 0, 0, 0, 0, 22, 22, 22, 22, 22,
466 22, 76, 0, 76, 0, 0, 76, 76, 76, 76,
467 76, 76, 76, 20, 0, 0, 0, 0, 0, 6,
468 76, 76, 76, 76, 76, 76, 109, 82, 0, 82,
469 0, 0, 82, 82, 82, 82, 82, 82, 82, 33,
470 0, 0, 34, 35, 36, 0, 82, 82, 82, 82,
471 82, 82, 6, 92, 0, 92, 37, 0, 92, 92,
472 92, 92, 92, 92, 92, 52, 46, 0, 47, 48,
473 0, 49, 92, 92, 92, 92, 92, 92, 0, 88,
474 0, 88, 0, 50, 88, 88, 88, 88, 88, 88,
475 88, 56, 46, 0, 57, 58, 59, 0, 88, 88,
476 88, 88, 88, 88, 0, 29, 0, 29, 60, 0,
477 29, 29, 29, 29, 29, 29, 29, 47, 5, 0,
478 0, 5, 5, 5, 29, 29, 29, 29, 29, 29,
479 0, 8, 0, 8, 0, 5, 8, 8, 8, 8,
480 8, 8, 8, 48, 0, 0, 0, 0, 0, 0,
481 8, 8, 8, 8, 8, 8, 9, 0, 9, 0,
482 0, 9, 9, 9, 9, 9, 9, 9, 0, 0,
483 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
484 9, 7, 0, 7, 0, 0, 7, 7, 7, 7,
485 7, 7, 7, 0, 0, 0, 0, 0, 0, 0,
486 7, 7, 7, 7, 7, 7, 0, 0, 0, 0,
487 0, 10, 0, 10, 0, 0, 10, 10, 10, 10,
488 10, 10, 10, 0, 0, 0, 0, 0, 0, 0,
489 10, 10, 10, 10, 10, 10, 20, 0, 20, 0,
490 0, 20, 20, 20, 20, 20, 20, 20, 0, 0,
491 106, 107, 0, 0, 0, 20, 20, 20, 20, 20,
492 20, 0, 140, 141, 142, 143, 144, 145, 108, 0,
493 0, 0, 0, 0, 0, 6, 0, 6, 0, 0,
494 6, 6, 6, 6, 6, 6, 6, 0, 0, 52,
495 52, 0, 0, 0, 6, 6, 6, 6, 6, 6,
496 0, 52, 52, 52, 52, 52, 52, 52, 0, 0,
497 0, 0, 0, 0, 52, 52, 46, 46, 0, 0,
498 0, 0, 0, 0, 0, 0, 0, 0, 46, 46,
499 46, 46, 46, 46, 46, 0, 0, 0, 0, 0,
500 0, 47, 47, 0, 0, 0, 0, 0, 0, 0,
501 0, 0, 0, 47, 47, 47, 47, 47, 47, 47,
502 0, 0, 0, 0, 0, 0, 0, 48, 48, 0,
503 0, 0, 0, 0, 0, 0, 0, 0, 0, 48,
504 48, 48, 48, 48, 48, 48,
506 #if defined(__cplusplus) || defined(__STDC__)
507 const short yycheck[] =
512 0, 18, 17, 33, 33, 93, 258, 33, 256, 261,
513 262, 263, 33, 282, 283, 44, 264, 265, 266, 267,
514 44, 33, 33, 275, 43, 0, 45, 276, 276, 277,
515 278, 279, 280, 33, 122, 257, 258, 61, 258, 120,
516 260, 261, 61, 263, 44, 258, 258, 258, 261, 262,
517 263, 0, 258, 275, 135, 275, 258, 44, 33, 58,
518 58, 58, 275, 58, 259, 44, 44, 44, 61, 61,
519 61, 61, 87, 58, 91, 263, 263, 0, 263, 44,
520 44, 61, 268, 58, 33, 61, 282, 263, 263, 283,
521 51, 119, 86, 38, 33, 132, 85, 11, 131, 82,
522 96, 121, 84, 0, 66, 68, 72, 74, -1, 58,
523 33, 70, -1, -1, -1, -1, -1, -1, -1, -1,
524 -1, 33, -1, -1, -1, -1, -1, -1, -1, 0,
525 -1, -1, -1, -1, -1, 58, 33, -1, -1, -1,
526 -1, -1, -1, -1, -1, -1, 33, -1, -1, -1,
527 -1, -1, -1, -1, -1, 0, -1, -1, -1, -1,
528 -1, 58, 33, -1, -1, -1, -1, -1, -1, -1,
529 -1, -1, -1, 33, -1, -1, -1, -1, -1, -1,
530 0, -1, -1, -1, -1, -1, -1, 58, 33, -1,
531 -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
532 -1, -1, -1, -1, -1, 0, -1, -1, -1, -1,
533 -1, -1, -1, 33, -1, -1, -1, -1, -1, -1,
534 -1, -1, -1, -1, -1, 259, -1, 257, 258, 258,
535 -1, 260, 261, 259, 263, 0, 257, 258, 33, 269,
536 270, 271, 272, 273, 274, 275, 275, 259, 259, -1,
537 -1, -1, 282, 283, 275, -1, 256, -1, 258, -1,
538 0, 261, 262, 263, 264, 265, 266, 267, 33, -1,
539 -1, -1, -1, -1, -1, 275, 276, 277, 278, 279,
540 280, 256, -1, 258, -1, -1, 261, 262, 263, 264,
541 265, 266, 267, 33, -1, -1, -1, -1, -1, 0,
542 275, 276, 277, 278, 279, 280, 33, 256, -1, 258,
543 -1, -1, 261, 262, 263, 264, 265, 266, 267, 258,
544 -1, -1, 261, 262, 263, -1, 275, 276, 277, 278,
545 279, 280, 33, 256, -1, 258, 275, -1, 261, 262,
546 263, 264, 265, 266, 267, 33, 258, -1, 260, 261,
547 -1, 263, 275, 276, 277, 278, 279, 280, -1, 256,
548 -1, 258, -1, 275, 261, 262, 263, 264, 265, 266,
549 267, 258, 33, -1, 261, 262, 263, -1, 275, 276,
550 277, 278, 279, 280, -1, 256, -1, 258, 275, -1,
551 261, 262, 263, 264, 265, 266, 267, 33, 258, -1,
552 -1, 261, 262, 263, 275, 276, 277, 278, 279, 280,
553 -1, 256, -1, 258, -1, 275, 261, 262, 263, 264,
554 265, 266, 267, 33, -1, -1, -1, -1, -1, -1,
555 275, 276, 277, 278, 279, 280, 256, -1, 258, -1,
556 -1, 261, 262, 263, 264, 265, 266, 267, -1, -1,
557 -1, -1, -1, -1, -1, 275, 276, 277, 278, 279,
558 280, 256, -1, 258, -1, -1, 261, 262, 263, 264,
559 265, 266, 267, -1, -1, -1, -1, -1, -1, -1,
560 275, 276, 277, 278, 279, 280, -1, -1, -1, -1,
561 -1, 256, -1, 258, -1, -1, 261, 262, 263, 264,
562 265, 266, 267, -1, -1, -1, -1, -1, -1, -1,
563 275, 276, 277, 278, 279, 280, 256, -1, 258, -1,
564 -1, 261, 262, 263, 264, 265, 266, 267, -1, -1,
565 257, 258, -1, -1, -1, 275, 276, 277, 278, 279,
566 280, -1, 269, 270, 271, 272, 273, 274, 275, -1,
567 -1, -1, -1, -1, -1, 256, -1, 258, -1, -1,
568 261, 262, 263, 264, 265, 266, 267, -1, -1, 257,
569 258, -1, -1, -1, 275, 276, 277, 278, 279, 280,
570 -1, 269, 270, 271, 272, 273, 274, 275, -1, -1,
571 -1, -1, -1, -1, 282, 283, 257, 258, -1, -1,
572 -1, -1, -1, -1, -1, -1, -1, -1, 269, 270,
573 271, 272, 273, 274, 275, -1, -1, -1, -1, -1,
574 -1, 257, 258, -1, -1, -1, -1, -1, -1, -1,
575 -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
576 -1, -1, -1, -1, -1, -1, -1, 257, 258, -1,
577 -1, -1, -1, -1, -1, -1, -1, -1, -1, 269,
578 270, 271, 272, 273, 274, 275,
584 #define YYMAXTOKEN 283
586 #if defined(__cplusplus) || defined(__STDC__)
587 const char * const yyname[] =
592 "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
593 "'!'",0,0,0,0,0,0,0,0,0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",0,0,
594 "'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
595 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
596 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
597 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
598 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
599 "COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
600 "DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","RUNAS","NOPASSWD","PASSWD",
601 "NOEXEC","EXEC","SETENV","NOSETENV","ALL","COMMENT","HOSTALIAS","CMNDALIAS",
602 "USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE",
604 #if defined(__cplusplus) || defined(__STDC__)
605 const char * const yyrule[] =
613 "entry : error COMMENT",
615 "entry : $$1 userlist privileges",
616 "entry : USERALIAS useraliases",
617 "entry : HOSTALIAS hostaliases",
618 "entry : CMNDALIAS cmndaliases",
619 "entry : RUNASALIAS runasaliases",
620 "entry : defaults_line",
621 "defaults_line : defaults_type defaults_list",
622 "defaults_type : DEFAULTS",
624 "defaults_type : DEFAULTS_USER $$2 userlist",
626 "defaults_type : DEFAULTS_RUNAS $$3 runaslist",
628 "defaults_type : DEFAULTS_HOST $$4 hostlist",
629 "defaults_list : defaults_entry",
630 "defaults_list : defaults_entry ',' defaults_list",
631 "defaults_entry : DEFVAR",
632 "defaults_entry : '!' DEFVAR",
633 "defaults_entry : DEFVAR '=' WORD",
634 "defaults_entry : DEFVAR '+' WORD",
635 "defaults_entry : DEFVAR '-' WORD",
636 "privileges : privilege",
637 "privileges : privileges ':' privilege",
638 "privilege : hostlist '=' cmndspeclist",
646 "cmndspeclist : cmndspec",
647 "cmndspeclist : cmndspeclist ',' cmndspec",
649 "cmndspec : $$5 runasspec selinux cmndtag opcmnd",
652 "opcmnd : '!' $$6 cmnd",
653 "rolespec : ROLE '=' WORD",
654 "typespec : TYPE '=' WORD",
656 "selinux : rolespec",
657 "selinux : typespec",
658 "selinux : rolespec typespec",
659 "selinux : typespec rolespec",
661 "runasspec : RUNAS runaslist",
662 "runaslist : oprunasuser",
663 "runaslist : runaslist ',' oprunasuser",
664 "oprunasuser : runasuser",
666 "oprunasuser : '!' $$7 runasuser",
668 "runasuser : USERGROUP",
669 "runasuser : NETGROUP",
673 "cmndtag : cmndtag NOPASSWD",
674 "cmndtag : cmndtag PASSWD",
675 "cmndtag : cmndtag NOEXEC",
676 "cmndtag : cmndtag EXEC",
677 "cmndtag : cmndtag SETENV",
678 "cmndtag : cmndtag NOSETENV",
682 "hostaliases : hostalias",
683 "hostaliases : hostaliases ':' hostalias",
685 "hostalias : ALIAS $$8 '=' hostlist",
687 "hostlist : hostlist ',' ophost",
688 "cmndaliases : cmndalias",
689 "cmndaliases : cmndaliases ':' cmndalias",
691 "cmndalias : ALIAS $$9 '=' cmndlist",
693 "cmndlist : cmndlist ',' opcmnd",
694 "runasaliases : runasalias",
695 "runasaliases : runasaliases ':' runasalias",
697 "runasalias : ALIAS $$10 '=' runaslist",
698 "useraliases : useralias",
699 "useraliases : useraliases ':' useralias",
701 "useralias : ALIAS $$11 '=' userlist",
703 "userlist : userlist ',' opuser",
715 #define YYMAXDEPTH YYSTACKSIZE
718 #define YYSTACKSIZE YYMAXDEPTH
720 #define YYSTACKSIZE 10000
721 #define YYMAXDEPTH 10000
724 #define YYINITSTACKSIZE 200
738 #line 1053 "parse.yacc"
740 #define MOREALIASES (32)
741 aliasinfo *aliases = NULL;
747 * Compare two aliasinfo structures, strcmp() style.
748 * Note that we do *not* compare their values.
755 aliasinfo *ai1, *ai2;
757 ai1 = (aliasinfo *) a1;
758 ai2 = (aliasinfo *) a2;
759 if ((r = strcmp(ai1->name, ai2->name)) == 0)
760 r = ai1->type - ai2->type;
766 * Compare two generic_alias structures, strcmp() style.
769 genaliascmp(entry, key)
770 const VOID *entry, *key;
773 struct generic_alias *ga1, *ga2;
775 ga1 = (struct generic_alias *) key;
776 ga2 = (struct generic_alias *) entry;
777 if ((r = strcmp(ga1->alias, ga2->alias)) == 0)
778 r = ga1->type - ga2->type;
785 * Adds the named alias of the specified type to the aliases list.
788 add_alias(alias, type, val)
797 if (naliases >= nslots)
802 ai.name = estrdup(alias);
803 onaliases = naliases;
805 aip = (aliasinfo *) lsearch((VOID *)&ai, (VOID *)aliases, &naliases,
806 sizeof(ai), aliascmp);
808 (void) snprintf(s, sizeof(s), "Aliases corrupted defining alias `%s'",
813 if (onaliases == naliases) {
814 (void) snprintf(s, sizeof(s), "Alias `%s' already defined", alias);
823 * Searches for the named alias of the specified type.
826 find_alias(alias, type)
835 return((aliasinfo *) lfind((VOID *)&ai, (VOID *)aliases, &naliases,
836 sizeof(ai), aliascmp));
840 * Allocates more space for the aliases list.
846 nslots += MOREALIASES;
847 aliases = (aliasinfo *) erealloc3(aliases, nslots, sizeof(aliasinfo));
851 * Lists the contents of the aliases list.
858 for (n = 0; n < naliases; n++) {
859 if (aliases[n].val == -1)
862 switch (aliases[n].type) {
864 (void) puts("HOST_ALIAS");
868 (void) puts("CMND_ALIAS");
872 (void) puts("USER_ALIAS");
876 (void) puts("RUNAS_ALIAS");
879 (void) printf("\t%s: %d\n", aliases[n].name, aliases[n].val);
884 * Lists the contents of cm_list and ga_list for `sudo -l'.
891 struct generic_alias *ga, key;
893 (void) printf("User %s may run the following commands on this host:\n",
895 for (count = 0; count < cm_list_len; count++) {
897 /* Print the runas list. */
898 (void) fputs(" ", stdout);
899 if (cm_list[count].runas) {
901 p = strtok(cm_list[count].runas, ", ");
903 if (p != cm_list[count].runas)
904 (void) fputs(", ", stdout);
907 key.type = RUNAS_ALIAS;
908 if ((ga = (struct generic_alias *) lfind((VOID *) &key,
909 (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp)))
910 (void) fputs(ga->entries, stdout);
912 (void) fputs(p, stdout);
913 } while ((p = strtok(NULL, ", ")));
914 (void) fputs(") ", stdout);
916 (void) printf("(%s) ", def_runas_default);
920 /* SELinux role and type */
921 if (cm_list[count].role != NULL)
922 (void) printf("ROLE=%s ", cm_list[count].role);
923 if (cm_list[count].type != NULL)
924 (void) printf("TYPE=%s ", cm_list[count].type);
927 /* Is execve(2) disabled? */
928 if (cm_list[count].noexecve == TRUE && !def_noexec)
929 (void) fputs("NOEXEC: ", stdout);
930 else if (cm_list[count].noexecve == FALSE && def_noexec)
931 (void) fputs("EXEC: ", stdout);
933 /* Is a password required? */
934 if (cm_list[count].nopasswd == TRUE && def_authenticate)
935 (void) fputs("NOPASSWD: ", stdout);
936 else if (cm_list[count].nopasswd == FALSE && !def_authenticate)
937 (void) fputs("PASSWD: ", stdout);
939 /* Is setenv enabled? */
940 if (cm_list[count].setenv == TRUE && !def_setenv)
941 (void) fputs("SETENV: ", stdout);
942 else if (cm_list[count].setenv == FALSE && def_setenv)
943 (void) fputs("NOSETENV: ", stdout);
945 /* Print the actual command or expanded Cmnd_Alias. */
946 key.alias = cm_list[count].cmnd;
947 key.type = CMND_ALIAS;
948 if ((ga = (struct generic_alias *) lfind((VOID *) &key,
949 (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp)))
950 (void) puts(ga->entries);
952 (void) puts(cm_list[count].cmnd);
955 /* Be nice and free up space now that we are done. */
956 for (count = 0; count < ga_list_len; count++) {
957 efree(ga_list[count].alias);
958 efree(ga_list[count].entries);
963 for (count = 0; count < cm_list_len; count++) {
964 efree(cm_list[count].runas);
965 efree(cm_list[count].cmnd);
966 efree(cm_list[count].role);
967 efree(cm_list[count].type);
976 * Appends a source string to the destination, optionally prefixing a separator.
979 append(src, dstp, dst_len, dst_size, separator)
981 size_t *dst_len, *dst_size;
984 size_t src_len = strlen(src);
988 * Only add the separator if there is something to separate from.
989 * If the last char is a '!', don't apply the separator (XXX).
991 if (separator && dst && dst[*dst_len - 1] != '!')
992 src_len += strlen(separator);
996 /* Assumes dst will be NULL if not set. */
998 dst = (char *) emalloc(BUFSIZ);
1005 /* Allocate more space if necessary. */
1006 if (*dst_size <= *dst_len + src_len) {
1007 while (*dst_size <= *dst_len + src_len)
1008 *dst_size += BUFSIZ;
1010 dst = (char *) erealloc(dst, *dst_size);
1014 /* Copy src -> dst adding a separator if appropriate and adjust len. */
1016 (void) strlcat(dst, separator, *dst_size);
1017 (void) strlcat(dst, src, *dst_size);
1018 *dst_len += src_len;
1022 * Frees up space used by the aliases list and resets the associated counters.
1030 for (n = 0; n < naliases; n++)
1031 efree(aliases[n].name);
1035 naliases = nslots = 0;
1039 * Increments ga_list_len, allocating more space as necessary.
1045 if (++ga_list_len >= ga_list_size) {
1046 while ((ga_list_size += STACKINCREMENT) < ga_list_len)
1048 ga_list = (struct generic_alias *)
1049 erealloc3(ga_list, ga_list_size, sizeof(struct generic_alias));
1052 ga_list[ga_list_len - 1].entries = NULL;
1056 * Increments cm_list_len, allocating more space as necessary.
1062 if (++cm_list_len >= cm_list_size) {
1063 while ((cm_list_size += STACKINCREMENT) < cm_list_len)
1065 if (cm_list == NULL)
1066 cm_list_len = 0; /* start at 0 since it is a subscript */
1067 cm_list = (struct command_match *)
1068 erealloc3(cm_list, cm_list_size, sizeof(struct command_match));
1071 cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL;
1072 cm_list[cm_list_len].type = cm_list[cm_list_len].role = NULL;
1073 cm_list[cm_list_len].nopasswd = FALSE;
1074 cm_list[cm_list_len].noexecve = FALSE;
1075 cm_list[cm_list_len].setenv = FALSE;
1079 * Frees up spaced used by a previous parser run and allocates new space
1080 * for various data structures.
1086 /* Free up old data structures if we run the parser more than once. */
1091 parse_error = FALSE;
1097 /* Allocate space for the matching stack. */
1098 stacksize = STACKINCREMENT;
1099 match = (struct matchstack *) emalloc2(stacksize, sizeof(struct matchstack));
1101 /* Allocate space for the match list (for `sudo -l'). */
1102 if (printmatches == TRUE)
1103 expand_match_list();
1105 #line 1054 "sudo.tab.c"
1106 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
1107 #if defined(__cplusplus) || defined(__STDC__)
1108 static int yygrowstack(void)
1110 static int yygrowstack()
1117 if ((newsize = yystacksize) == 0)
1118 newsize = YYINITSTACKSIZE;
1119 else if (newsize >= YYMAXDEPTH)
1121 else if ((newsize *= 2) > YYMAXDEPTH)
1122 newsize = YYMAXDEPTH;
1125 #define YY_SIZE_MAX SIZE_MAX
1127 #define YY_SIZE_MAX 0x7fffffff
1129 if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
1131 newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
1132 (short *)malloc(newsize * sizeof *newss); /* overflow check above */
1137 if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
1139 newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
1140 (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
1145 yystacksize = newsize;
1146 yysslim = yyss + newsize - 1;
1153 yyss = yyssp = NULL;
1154 yyvs = yyvsp = NULL;
1159 #define YYABORT goto yyabort
1160 #define YYREJECT goto yyabort
1161 #define YYACCEPT goto yyaccept
1162 #define YYERROR goto yyerrlab
1164 #if defined(__cplusplus) || defined(__STDC__)
1170 int yym, yyn, yystate;
1172 #if defined(__cplusplus) || defined(__STDC__)
1174 #else /* !(defined(__cplusplus) || defined(__STDC__)) */
1176 #endif /* !(defined(__cplusplus) || defined(__STDC__)) */
1178 if ((yys = getenv("YYDEBUG")))
1181 if (yyn >= '0' && yyn <= '9')
1182 yydebug = yyn - '0';
1184 #endif /* YYDEBUG */
1190 if (yyss == NULL && yygrowstack()) goto yyoverflow;
1193 *yyssp = yystate = 0;
1196 if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
1199 if ((yychar = yylex()) < 0) yychar = 0;
1204 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1205 if (!yys) yys = "illegal-symbol";
1206 printf("%sdebug: state %d, reading %d (%s)\n",
1207 YYPREFIX, yystate, yychar, yys);
1211 if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
1212 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
1216 printf("%sdebug: state %d, shifting to state %d\n",
1217 YYPREFIX, yystate, yytable[yyn]);
1219 if (yyssp >= yysslim && yygrowstack())
1223 *++yyssp = yystate = yytable[yyn];
1226 if (yyerrflag > 0) --yyerrflag;
1229 if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
1230 yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
1235 if (yyerrflag) goto yyinrecovery;
1236 #if defined(lint) || defined(__GNUC__)
1240 yyerror("syntax error");
1241 #if defined(lint) || defined(__GNUC__)
1252 if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
1253 yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
1257 printf("%sdebug: state %d, error recovery shifting\
1258 to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
1260 if (yyssp >= yysslim && yygrowstack())
1264 *++yyssp = yystate = yytable[yyn];
1272 printf("%sdebug: error recovery discarding state %d\n",
1275 if (yyssp <= yyss) goto yyabort;
1283 if (yychar == 0) goto yyabort;
1288 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
1289 if (!yys) yys = "illegal-symbol";
1290 printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
1291 YYPREFIX, yystate, yychar, yys);
1300 printf("%sdebug: state %d, reducing by rule %d (%s)\n",
1301 YYPREFIX, yystate, yyn, yyrule[yyn]);
1304 yyval = yyvsp[1-yym];
1308 #line 313 "parse.yacc"
1312 #line 315 "parse.yacc"
1316 #line 316 "parse.yacc"
1320 #line 316 "parse.yacc"
1322 while (top && user_matches != TRUE)
1327 #line 321 "parse.yacc"
1331 #line 323 "parse.yacc"
1335 #line 325 "parse.yacc"
1339 #line 327 "parse.yacc"
1343 #line 329 "parse.yacc"
1347 #line 335 "parse.yacc"
1349 defaults_matches = TRUE;
1353 #line 338 "parse.yacc"
1357 #line 338 "parse.yacc"
1359 defaults_matches = user_matches;
1364 #line 342 "parse.yacc"
1368 #line 342 "parse.yacc"
1370 defaults_matches = yyvsp[0].BOOLEAN == TRUE;
1375 #line 346 "parse.yacc"
1379 #line 346 "parse.yacc"
1381 defaults_matches = host_matches;
1386 #line 356 "parse.yacc"
1388 if (defaults_matches == TRUE &&
1389 !set_default(yyvsp[0].string, NULL, TRUE)) {
1393 efree(yyvsp[0].string);
1397 #line 364 "parse.yacc"
1399 if (defaults_matches == TRUE &&
1400 !set_default(yyvsp[0].string, NULL, FALSE)) {
1404 efree(yyvsp[0].string);
1408 #line 372 "parse.yacc"
1410 if (defaults_matches == TRUE &&
1411 !set_default(yyvsp[-2].string, yyvsp[0].string, TRUE)) {
1415 efree(yyvsp[-2].string);
1416 efree(yyvsp[0].string);
1420 #line 381 "parse.yacc"
1422 if (defaults_matches == TRUE &&
1423 !set_default(yyvsp[-2].string, yyvsp[0].string, '+')) {
1427 efree(yyvsp[-2].string);
1428 efree(yyvsp[0].string);
1432 #line 390 "parse.yacc"
1434 if (defaults_matches == TRUE &&
1435 !set_default(yyvsp[-2].string, yyvsp[0].string, '-')) {
1439 efree(yyvsp[-2].string);
1440 efree(yyvsp[0].string);
1444 #line 405 "parse.yacc"
1447 * We already did a push if necessary in
1448 * cmndspec so just reset some values so
1449 * the next 'privilege' gets a clean slate.
1451 host_matches = UNSPEC;
1452 runas_matches = UNSPEC;
1453 no_passwd = def_authenticate ? UNSPEC : TRUE;
1454 no_execve = def_noexec ? TRUE : UNSPEC;
1455 setenv_ok = def_setenv ? TRUE : UNSPEC;
1457 efree(match[top-1].role);
1458 match[top-1].role = NULL;
1459 efree(match[top-1].type);
1460 match[top-1].type = NULL;
1465 #line 425 "parse.yacc"
1467 SETMATCH(host_matches, yyvsp[0].BOOLEAN);
1471 #line 428 "parse.yacc"
1473 SETNMATCH(host_matches, yyvsp[0].BOOLEAN);
1477 #line 433 "parse.yacc"
1479 yyval.BOOLEAN = TRUE;
1483 #line 436 "parse.yacc"
1485 if (addr_matches(yyvsp[0].string))
1486 yyval.BOOLEAN = TRUE;
1488 yyval.BOOLEAN = NOMATCH;
1489 efree(yyvsp[0].string);
1493 #line 443 "parse.yacc"
1495 if (netgr_matches(yyvsp[0].string, user_host, user_shost, NULL))
1496 yyval.BOOLEAN = TRUE;
1498 yyval.BOOLEAN = NOMATCH;
1499 efree(yyvsp[0].string);
1503 #line 450 "parse.yacc"
1505 if (hostname_matches(user_shost, user_host, yyvsp[0].string) == 0)
1506 yyval.BOOLEAN = TRUE;
1508 yyval.BOOLEAN = NOMATCH;
1509 efree(yyvsp[0].string);
1513 #line 457 "parse.yacc"
1515 aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
1517 /* could be an all-caps hostname */
1519 yyval.BOOLEAN = aip->val;
1520 else if (strcasecmp(user_shost, yyvsp[0].string) == 0)
1521 yyval.BOOLEAN = TRUE;
1524 (void) fprintf(stderr,
1525 "%s: undeclared Host_Alias `%s' referenced near line %d\n",
1526 (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
1532 yyval.BOOLEAN = NOMATCH;
1534 efree(yyvsp[0].string);
1538 #line 485 "parse.yacc"
1542 #line 485 "parse.yacc"
1545 /* Replace inherited role/type as needed. */
1546 if (yyvsp[-2].seinfo.role != NULL) {
1547 efree(match[top-1].role);
1548 match[top-1].role = yyvsp[-2].seinfo.role;
1550 if (yyvsp[-2].seinfo.type != NULL) {
1551 efree(match[top-1].type);
1552 match[top-1].type = yyvsp[-2].seinfo.type;
1556 * Push the entry onto the stack if it is worth
1557 * saving and reset cmnd_matches for next cmnd.
1559 * We need to save at least one entry on
1560 * the stack so sudoers_lookup() can tell that
1561 * the user was listed in sudoers. Also, we
1562 * need to be able to tell whether or not a
1563 * user was listed for this specific host.
1565 * If keepall is set and the user matches then
1566 * we need to keep entries around too...
1568 if (MATCHED(user_matches) &&
1569 MATCHED(host_matches) &&
1570 MATCHED(cmnd_matches) &&
1571 MATCHED(runas_matches))
1573 else if (MATCHED(user_matches) && (top == 1 ||
1574 (top == 2 && MATCHED(host_matches) &&
1575 !MATCHED(match[0].host))))
1577 else if (user_matches == TRUE && keepall)
1580 cmnd_matches = UNSPEC;
1584 #line 526 "parse.yacc"
1586 SETMATCH(cmnd_matches, yyvsp[0].BOOLEAN);
1590 #line 529 "parse.yacc"
1592 if (printmatches == TRUE) {
1593 if (in_alias == TRUE)
1594 append_entries("!", ", ");
1595 else if (host_matches == TRUE &&
1596 user_matches == TRUE)
1597 append_cmnd("!", NULL);
1602 #line 537 "parse.yacc"
1604 SETNMATCH(cmnd_matches, yyvsp[0].BOOLEAN);
1608 #line 542 "parse.yacc"
1611 if (printmatches == TRUE && host_matches == TRUE &&
1612 user_matches == TRUE && runas_matches == TRUE)
1613 append_role(yyvsp[0].string, NULL);
1614 yyval.string = yyvsp[0].string;
1616 free(yyvsp[0].string);
1617 yyval.string = NULL;
1618 #endif /* HAVE_SELINUX */
1622 #line 555 "parse.yacc"
1625 if (printmatches == TRUE && host_matches == TRUE &&
1626 user_matches == TRUE && runas_matches == TRUE)
1627 append_type(yyvsp[0].string, NULL);
1628 yyval.string = yyvsp[0].string;
1630 free(yyvsp[0].string);
1631 yyval.string = NULL;
1632 #endif /* HAVE_SELINUX */
1636 #line 568 "parse.yacc"
1639 if (printmatches == TRUE && host_matches == TRUE &&
1640 user_matches == TRUE && runas_matches == TRUE) {
1642 cm_list[cm_list_len].role =
1643 estrdup(cm_list[cm_list_len-1].role);
1644 cm_list[cm_list_len].role_len =
1645 cm_list[cm_list_len-1].role_len;
1646 cm_list[cm_list_len].role_size =
1647 cm_list[cm_list_len-1].role_len + 1;
1649 cm_list[cm_list_len].type =
1650 estrdup(cm_list[cm_list_len-1].type);
1651 cm_list[cm_list_len].type_len =
1652 cm_list[cm_list_len-1].type_len;
1653 cm_list[cm_list_len].type_size =
1654 cm_list[cm_list_len-1].type_len + 1;
1656 #endif /* HAVE_SELINUX */
1657 yyval.seinfo.role = NULL;
1658 yyval.seinfo.type = NULL;
1662 #line 591 "parse.yacc"
1665 if (printmatches == TRUE && host_matches == TRUE &&
1666 user_matches == TRUE && runas_matches == TRUE) {
1668 cm_list[cm_list_len].type =
1669 estrdup(cm_list[cm_list_len-1].type);
1670 cm_list[cm_list_len].type_len =
1671 cm_list[cm_list_len-1].type_len;
1672 cm_list[cm_list_len].type_size =
1673 cm_list[cm_list_len-1].type_len + 1;
1675 #endif /* HAVE_SELINUX */
1676 yyval.seinfo.role = yyvsp[0].string;
1677 yyval.seinfo.type = NULL;
1681 #line 607 "parse.yacc"
1684 if (printmatches == TRUE && host_matches == TRUE &&
1685 user_matches == TRUE && runas_matches == TRUE) {
1687 cm_list[cm_list_len].role =
1688 estrdup(cm_list[cm_list_len-1].role);
1689 cm_list[cm_list_len].role_len =
1690 cm_list[cm_list_len-1].role_len;
1691 cm_list[cm_list_len].role_size =
1692 cm_list[cm_list_len-1].role_len + 1;
1694 #endif /* HAVE_SELINUX */
1695 yyval.seinfo.type = yyvsp[0].string;
1696 yyval.seinfo.role = NULL;
1700 #line 623 "parse.yacc"
1702 yyval.seinfo.role = yyvsp[-1].string;
1703 yyval.seinfo.type = yyvsp[0].string;
1707 #line 627 "parse.yacc"
1709 yyval.seinfo.type = yyvsp[-1].string;
1710 yyval.seinfo.role = yyvsp[0].string;
1714 #line 633 "parse.yacc"
1716 if (printmatches == TRUE && host_matches == TRUE &&
1717 user_matches == TRUE) {
1718 if (runas_matches == UNSPEC) {
1719 cm_list[cm_list_len].runas_len = 0;
1721 /* Inherit runas data. */
1722 cm_list[cm_list_len].runas =
1723 estrdup(cm_list[cm_list_len-1].runas);
1724 cm_list[cm_list_len].runas_len =
1725 cm_list[cm_list_len-1].runas_len;
1726 cm_list[cm_list_len].runas_size =
1727 cm_list[cm_list_len-1].runas_len + 1;
1731 * If this is the first entry in a command list
1732 * then check against default runas user.
1734 if (runas_matches == UNSPEC) {
1735 runas_matches = userpw_matches(def_runas_default,
1736 *user_runas, runas_pw) ? TRUE : NOMATCH;
1741 #line 657 "parse.yacc"
1743 runas_matches = yyvsp[0].BOOLEAN;
1747 #line 662 "parse.yacc"
1751 #line 663 "parse.yacc"
1753 /* Later entries override earlier ones. */
1754 if (yyvsp[0].BOOLEAN != NOMATCH)
1755 yyval.BOOLEAN = yyvsp[0].BOOLEAN;
1757 yyval.BOOLEAN = yyvsp[-2].BOOLEAN;
1761 #line 672 "parse.yacc"
1765 #line 673 "parse.yacc"
1767 if (printmatches == TRUE) {
1768 if (in_alias == TRUE)
1769 append_entries("!", ", ");
1770 else if (host_matches == TRUE &&
1771 user_matches == TRUE)
1772 append_runas("!", ", ");
1777 #line 681 "parse.yacc"
1779 /* Set $$ to the negation of runasuser */
1780 yyval.BOOLEAN = (yyvsp[0].BOOLEAN == NOMATCH ? NOMATCH : ! yyvsp[0].BOOLEAN);
1784 #line 687 "parse.yacc"
1786 if (printmatches == TRUE) {
1787 if (in_alias == TRUE)
1788 append_entries(yyvsp[0].string, ", ");
1789 else if (host_matches == TRUE &&
1790 user_matches == TRUE)
1791 append_runas(yyvsp[0].string, ", ");
1793 if (userpw_matches(yyvsp[0].string, *user_runas, runas_pw))
1794 yyval.BOOLEAN = TRUE;
1796 yyval.BOOLEAN = NOMATCH;
1797 efree(yyvsp[0].string);
1802 #line 702 "parse.yacc"
1804 if (printmatches == TRUE) {
1805 if (in_alias == TRUE)
1806 append_entries(yyvsp[0].string, ", ");
1807 else if (host_matches == TRUE &&
1808 user_matches == TRUE)
1809 append_runas(yyvsp[0].string, ", ");
1811 if (usergr_matches(yyvsp[0].string, *user_runas, runas_pw))
1812 yyval.BOOLEAN = TRUE;
1814 yyval.BOOLEAN = NOMATCH;
1815 efree(yyvsp[0].string);
1820 #line 717 "parse.yacc"
1822 if (printmatches == TRUE) {
1823 if (in_alias == TRUE)
1824 append_entries(yyvsp[0].string, ", ");
1825 else if (host_matches == TRUE &&
1826 user_matches == TRUE)
1827 append_runas(yyvsp[0].string, ", ");
1829 if (netgr_matches(yyvsp[0].string, NULL, NULL, *user_runas))
1830 yyval.BOOLEAN = TRUE;
1832 yyval.BOOLEAN = NOMATCH;
1833 efree(yyvsp[0].string);
1838 #line 732 "parse.yacc"
1840 aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
1842 if (printmatches == TRUE) {
1843 if (in_alias == TRUE)
1844 append_entries(yyvsp[0].string, ", ");
1845 else if (host_matches == TRUE &&
1846 user_matches == TRUE)
1847 append_runas(yyvsp[0].string, ", ");
1849 /* could be an all-caps username */
1851 yyval.BOOLEAN = aip->val;
1852 else if (strcmp(yyvsp[0].string, *user_runas) == 0)
1853 yyval.BOOLEAN = TRUE;
1856 (void) fprintf(stderr,
1857 "%s: undeclared Runas_Alias `%s' referenced near line %d\n",
1858 (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
1864 yyval.BOOLEAN = NOMATCH;
1866 efree(yyvsp[0].string);
1871 #line 762 "parse.yacc"
1873 if (printmatches == TRUE) {
1874 if (in_alias == TRUE)
1875 append_entries("ALL", ", ");
1876 else if (host_matches == TRUE &&
1877 user_matches == TRUE)
1878 append_runas("ALL", ", ");
1880 yyval.BOOLEAN = TRUE;
1884 #line 774 "parse.yacc"
1886 /* Inherit {NO,}{PASSWD,EXEC,SETENV} status. */
1887 if (printmatches == TRUE && host_matches == TRUE &&
1888 user_matches == TRUE) {
1889 if (no_passwd == TRUE)
1890 cm_list[cm_list_len].nopasswd = TRUE;
1892 cm_list[cm_list_len].nopasswd = FALSE;
1893 if (no_execve == TRUE)
1894 cm_list[cm_list_len].noexecve = TRUE;
1896 cm_list[cm_list_len].noexecve = FALSE;
1897 if (setenv_ok == TRUE)
1898 cm_list[cm_list_len].setenv = TRUE;
1900 cm_list[cm_list_len].setenv = FALSE;
1905 #line 792 "parse.yacc"
1908 if (printmatches == TRUE && host_matches == TRUE &&
1909 user_matches == TRUE)
1910 cm_list[cm_list_len].nopasswd = TRUE;
1914 #line 798 "parse.yacc"
1917 if (printmatches == TRUE && host_matches == TRUE &&
1918 user_matches == TRUE)
1919 cm_list[cm_list_len].nopasswd = FALSE;
1923 #line 804 "parse.yacc"
1926 if (printmatches == TRUE && host_matches == TRUE &&
1927 user_matches == TRUE)
1928 cm_list[cm_list_len].noexecve = TRUE;
1932 #line 810 "parse.yacc"
1935 if (printmatches == TRUE && host_matches == TRUE &&
1936 user_matches == TRUE)
1937 cm_list[cm_list_len].noexecve = FALSE;
1941 #line 816 "parse.yacc"
1944 if (printmatches == TRUE && host_matches == TRUE &&
1945 user_matches == TRUE)
1946 cm_list[cm_list_len].setenv = TRUE;
1950 #line 822 "parse.yacc"
1953 if (printmatches == TRUE && host_matches == TRUE &&
1954 user_matches == TRUE)
1955 cm_list[cm_list_len].setenv = FALSE;
1959 #line 830 "parse.yacc"
1961 if (printmatches == TRUE) {
1962 if (in_alias == TRUE)
1963 append_entries("ALL", ", ");
1964 else if (host_matches == TRUE &&
1965 user_matches == TRUE) {
1966 append_cmnd("ALL", NULL);
1967 expand_match_list();
1970 /* sudo "ALL" implies the SETENV tag */
1971 if (setenv_ok == UNSPEC)
1972 setenv_ok = IMPLIED;
1976 yyval.BOOLEAN = TRUE;
1980 #line 848 "parse.yacc"
1984 if (printmatches == TRUE) {
1985 if (in_alias == TRUE)
1986 append_entries(yyvsp[0].string, ", ");
1987 else if (host_matches == TRUE &&
1988 user_matches == TRUE) {
1989 append_cmnd(yyvsp[0].string, NULL);
1990 expand_match_list();
1994 if ((aip = find_alias(yyvsp[0].string, CMND_ALIAS)))
1995 yyval.BOOLEAN = aip->val;
1998 (void) fprintf(stderr,
1999 "%s: undeclared Cmnd_Alias `%s' referenced near line %d\n",
2000 (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
2006 yyval.BOOLEAN = NOMATCH;
2008 efree(yyvsp[0].string);
2012 #line 877 "parse.yacc"
2014 if (printmatches == TRUE) {
2015 if (in_alias == TRUE) {
2016 append_entries(yyvsp[0].command.cmnd, ", ");
2017 if (yyvsp[0].command.args)
2018 append_entries(yyvsp[0].command.args, " ");
2020 if (host_matches == TRUE &&
2021 user_matches == TRUE) {
2022 append_cmnd(yyvsp[0].command.cmnd, NULL);
2023 if (yyvsp[0].command.args)
2024 append_cmnd(yyvsp[0].command.args, " ");
2025 expand_match_list();
2029 if (command_matches(yyvsp[0].command.cmnd, yyvsp[0].command.args))
2030 yyval.BOOLEAN = TRUE;
2032 yyval.BOOLEAN = NOMATCH;
2034 efree(yyvsp[0].command.cmnd);
2035 efree(yyvsp[0].command.args);
2039 #line 907 "parse.yacc"
2043 #line 907 "parse.yacc"
2045 if ((MATCHED(host_matches) || pedantic) &&
2046 !add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
2054 #line 925 "parse.yacc"
2057 if (printmatches == TRUE) {
2059 /* Allocate space for ga_list if necessary. */
2061 ga_list[ga_list_len-1].type = CMND_ALIAS;
2062 ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string);
2067 #line 934 "parse.yacc"
2069 if ((MATCHED(cmnd_matches) || pedantic) &&
2070 !add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
2075 efree(yyvsp[-3].string);
2077 if (printmatches == TRUE)
2082 #line 948 "parse.yacc"
2086 #line 956 "parse.yacc"
2088 if (printmatches == TRUE) {
2090 /* Allocate space for ga_list if necessary. */
2092 ga_list[ga_list_len-1].type = RUNAS_ALIAS;
2093 ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string);
2098 #line 964 "parse.yacc"
2100 if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
2101 !add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
2105 efree(yyvsp[-3].string);
2107 if (printmatches == TRUE)
2112 #line 981 "parse.yacc"
2116 #line 981 "parse.yacc"
2118 if ((MATCHED(user_matches) || pedantic) &&
2119 !add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
2124 efree(yyvsp[-3].string);
2128 #line 996 "parse.yacc"
2130 SETMATCH(user_matches, yyvsp[0].BOOLEAN);
2134 #line 999 "parse.yacc"
2136 SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
2140 #line 1004 "parse.yacc"
2142 if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
2143 yyval.BOOLEAN = TRUE;
2145 yyval.BOOLEAN = NOMATCH;
2146 efree(yyvsp[0].string);
2150 #line 1011 "parse.yacc"
2152 if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
2153 yyval.BOOLEAN = TRUE;
2155 yyval.BOOLEAN = NOMATCH;
2156 efree(yyvsp[0].string);
2160 #line 1018 "parse.yacc"
2162 if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
2163 yyval.BOOLEAN = TRUE;
2165 yyval.BOOLEAN = NOMATCH;
2166 efree(yyvsp[0].string);
2170 #line 1025 "parse.yacc"
2172 aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
2174 /* could be an all-caps username */
2176 yyval.BOOLEAN = aip->val;
2177 else if (strcmp(yyvsp[0].string, user_name) == 0)
2178 yyval.BOOLEAN = TRUE;
2181 (void) fprintf(stderr,
2182 "%s: undeclared User_Alias `%s' referenced near line %d\n",
2183 (pedantic == 1) ? "Warning" : "Error", yyvsp[0].string, sudolineno);
2189 yyval.BOOLEAN = NOMATCH;
2191 efree(yyvsp[0].string);
2195 #line 1047 "parse.yacc"
2197 yyval.BOOLEAN = TRUE;
2200 #line 2149 "sudo.tab.c"
2206 if (yystate == 0 && yym == 0)
2210 printf("%sdebug: after reduction, shifting from state 0 to\
2211 state %d\n", YYPREFIX, YYFINAL);
2218 if ((yychar = yylex()) < 0) yychar = 0;
2223 if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
2224 if (!yys) yys = "illegal-symbol";
2225 printf("%sdebug: state %d, reading %d (%s)\n",
2226 YYPREFIX, YYFINAL, yychar, yys);
2230 if (yychar == 0) goto yyaccept;
2233 if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
2234 yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
2235 yystate = yytable[yyn];
2237 yystate = yydgoto[yym];
2240 printf("%sdebug: after reduction, shifting from state %d \
2241 to state %d\n", YYPREFIX, *yyssp, yystate);
2243 if (yyssp >= yysslim && yygrowstack())
2251 yyerror("yacc stack overflow");
2257 yyss = yyssp = NULL;
2258 yyvs = yyvsp = NULL;
2266 yyss = yyssp = NULL;
2267 yyvs = yyvsp = NULL;