3 * Copyright (c) 1996, 1998-2005, 2007-2009
4 * Todd C. Miller <Todd.Miller@courtesan.com>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
18 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
19 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21 * Sponsored in part by the Defense Advanced Research Projects
22 * Agency (DARPA) and Air Force Research Laboratory, Air Force
23 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
28 #include <sys/types.h>
29 #include <sys/param.h>
39 #endif /* STDC_HEADERS */
43 # ifdef HAVE_STRINGS_H
46 #endif /* HAVE_STRING_H */
49 #endif /* HAVE_UNISTD_H */
50 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
52 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
55 # define NAMLEN(dirent) strlen((dirent)->d_name)
57 # define dirent direct
58 # define NAMLEN(dirent) (dirent)->d_namlen
59 # ifdef HAVE_SYS_NDIR_H
60 # include <sys/ndir.h>
62 # ifdef HAVE_SYS_DIR_H
75 __unused static const char rcsid[] = "$Sudo: toke.l,v 1.40 2009/11/22 14:54:04 millert Exp $";
78 extern YYSTYPE yylval;
79 extern int parse_error;
82 static int sawspace = 0;
83 static int arg_len = 0;
84 static int arg_size = 0;
86 static int append __P((char *, int));
87 static int _fill __P((char *, int, int));
88 static int fill_cmnd __P((char *, int));
89 static int fill_args __P((char *, int, int));
90 static int _push_include __P((char *, int));
91 static int pop_include __P((void));
92 static int ipv6_valid __P((const char *s));
93 static char *parse_include __P((char *));
94 extern void yyerror __P((const char *));
96 #define fill(a, b) _fill(a, b, 0)
98 #define push_include(_p) (_push_include((_p), FALSE))
99 #define push_includedir(_p) (_push_include((_p), TRUE))
101 /* realloc() to size + COMMANDARGINC to make room for command args */
102 #define COMMANDARGINC 64
105 #define LEXTRACE(msg) fputs(msg, stderr)
107 #define LEXTRACE(msg)
111 HEX16 [0-9A-Fa-f]{1,4}
112 OCTET (1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])
113 IPV4ADDR {OCTET}(\.{OCTET}){3}
114 IPV6ADDR ({HEX16}?:){2,7}{HEX16}?|({HEX16}?:){2,6}:{IPV4ADDR}
116 HOSTNAME [[:alnum:]_-]+
117 WORD ([^#>!=:,\(\) \t\n\\]|\\[^\n])+
119 PATH \/(\\[\,:= \t#]|[^\,:=\\ \t\n#])+
120 ENVAR ([^#!=, \t\n\\\"]|\\[^\n])([^#=, \t\n\\\"]|\\[^\n])*
133 <GOTDEFS>[[:blank:]]+ BEGIN STARTDEFS;
135 <STARTDEFS>{DEFVAR} {
138 if (!fill(yytext, yyleng))
166 LEXTRACE("BEGINSTR ");
167 yylval.string = NULL;
172 LEXTRACE("WORD(2) ");
173 if (!fill(yytext, yyleng))
180 \\[[:blank:]]*\n[[:blank:]]* {
181 /* Line continuation char followed by newline. */
193 LEXTRACE("BACKSLASH ");
194 if (!append(yytext, yyleng))
199 LEXTRACE("STRBODY ");
200 if (!append(yytext, yyleng))
207 /* quoted fnmatch glob char, pass verbatim */
208 LEXTRACE("QUOTEDCHAR ");
209 if (!fill_args(yytext, 2, sawspace))
215 /* quoted sudoers special char, strip backslash */
216 LEXTRACE("QUOTEDCHAR ");
217 if (!fill_args(yytext + 1, 1, sawspace))
226 } /* end of command line args */
230 if (!fill_args(yytext, yyleng, sawspace))
233 } /* a command line arg */
236 <INITIAL>^#include[[:blank:]]+\/.*\n {
239 if ((path = parse_include(yytext)) == NULL)
242 LEXTRACE("INCLUDE\n");
244 /* Push current buffer and switch to include file */
245 if (!push_include(path))
249 <INITIAL>^#includedir[[:blank:]]+\/.*\n {
252 if ((path = parse_include(yytext)) == NULL)
255 LEXTRACE("INCLUDEDIR\n");
258 * Push current buffer and switch to include file.
259 * We simply ignore empty directories.
261 if (!push_includedir(path) && parse_error)
265 <INITIAL>^[[:blank:]]*Defaults([:@>\!]{WORD})? {
267 for (n = 0; isblank((unsigned char)yytext[n]); n++)
271 switch (yytext[n++]) {
274 LEXTRACE("DEFAULTS_USER ");
275 return(DEFAULTS_USER);
278 LEXTRACE("DEFAULTS_RUNAS ");
279 return(DEFAULTS_RUNAS);
282 LEXTRACE("DEFAULTS_HOST ");
283 return(DEFAULTS_HOST);
286 LEXTRACE("DEFAULTS_CMND ");
287 return(DEFAULTS_CMND);
289 LEXTRACE("DEFAULTS ");
294 <INITIAL>^[[:blank:]]*(Host|Cmnd|User|Runas)_Alias {
296 for (n = 0; isblank((unsigned char)yytext[n]); n++)
300 LEXTRACE("HOSTALIAS ");
303 LEXTRACE("CMNDALIAS ");
306 LEXTRACE("USERALIAS ");
309 LEXTRACE("RUNASALIAS ");
314 NOPASSWD[[:blank:]]*: {
315 /* cmnd does not require passwd for this user */
316 LEXTRACE("NOPASSWD ");
320 PASSWD[[:blank:]]*: {
321 /* cmnd requires passwd for this user */
326 NOEXEC[[:blank:]]*: {
336 SETENV[[:blank:]]*: {
341 NOSETENV[[:blank:]]*: {
342 LEXTRACE("NOSETENV ");
348 if (!fill(yytext, yyleng))
350 LEXTRACE("NETGROUP ");
356 if (!fill(yytext, yyleng))
358 LEXTRACE("USERGROUP ");
362 {IPV4ADDR}(\/{IPV4ADDR})? {
363 if (!fill(yytext, yyleng))
365 LEXTRACE("NTWKADDR ");
369 {IPV4ADDR}\/([12][0-9]*|3[0-2]*) {
370 if (!fill(yytext, yyleng))
372 LEXTRACE("NTWKADDR ");
376 {IPV6ADDR}(\/{IPV6ADDR})? {
377 if (!ipv6_valid(yytext)) {
381 if (!fill(yytext, yyleng))
383 LEXTRACE("NTWKADDR ");
387 {IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) {
388 if (!ipv6_valid(yytext)) {
392 if (!fill(yytext, yyleng))
394 LEXTRACE("NTWKADDR ");
398 [[:upper:]][[:upper:][:digit:]_]* {
399 if (strcmp(yytext, "ALL") == 0) {
404 /* XXX - restrict type/role to initial state */
405 if (strcmp(yytext, "TYPE") == 0) {
409 if (strcmp(yytext, "ROLE") == 0) {
413 #endif /* HAVE_SELINUX */
414 if (!fill(yytext, yyleng))
420 <GOTDEFS>({PATH}|sudoedit) {
421 /* no command args allowed for Defaults!/path */
422 if (!fill_cmnd(yytext, yyleng))
424 LEXTRACE("COMMAND ");
430 LEXTRACE("COMMAND ");
431 if (!fill_cmnd(yytext, yyleng))
436 /* directories can't have args... */
437 if (yytext[yyleng - 1] == '/') {
438 LEXTRACE("COMMAND ");
439 if (!fill_cmnd(yytext, yyleng))
444 LEXTRACE("COMMAND ");
445 if (!fill_cmnd(yytext, yyleng))
450 <INITIAL,GOTDEFS>\"[^"\n]+\" {
451 /* a quoted user/group name */
452 if (!fill(yytext + 1, yyleng - 2))
456 LEXTRACE("USERGROUP ");
459 LEXTRACE("NETGROUP ");
462 LEXTRACE("WORD(4) ");
467 <INITIAL,GOTDEFS>({ID}|{WORD}) {
469 if (!fill(yytext, yyleng))
471 LEXTRACE("WORD(5) ");
502 return('!'); /* return '!' */
510 } /* return newline */
512 <*>[[:blank:]]+ { /* throw away space/tabs */
513 sawspace = TRUE; /* but remember for fill_args */
516 <*>\\[[:blank:]]*\n {
517 sawspace = TRUE; /* remember for fill_args */
520 } /* throw away EOL after \ */
522 <INITIAL,STARTDEFS,INDEFS>#(-[^\n0-9].*|[^\n0-9-].*)?\n {
527 } /* comment, not uid/gid */
535 if (YY_START != INITIAL) {
552 s += 2; /* skip \\x */
553 for (i = 0; i < 2; i++) {
588 return((unsigned char)result);
592 _fill(src, len, olen)
598 dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1);
600 yyerror("unable to allocate memory");
605 /* Copy the string and collapse any escaped characters. */
608 if (*src == '\\' && len) {
609 if (src[1] == 'x' && len >= 3 &&
610 isxdigit((unsigned char) src[2]) &&
611 isxdigit((unsigned char) src[3])) {
612 *dst++ = hexchar(src);
635 if (yylval.string != NULL)
636 olen = strlen(yylval.string);
638 return(_fill(src, len, olen));
642 ((c) == ',' || (c) == ':' || (c) == '=' || (c) == ' ' || (c) == '\t' || (c) == '#')
652 arg_len = arg_size = 0;
654 dst = yylval.command.cmnd = (char *) malloc(len + 1);
655 if (yylval.command.cmnd == NULL) {
656 yyerror("unable to allocate memory");
660 /* Copy the string and collapse any escaped sudo-specific characters. */
661 for (i = 0; i < len; i++) {
662 if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1]))
669 yylval.command.args = NULL;
674 fill_args(s, len, addspace)
682 if (yylval.command.args == NULL) {
686 new_len = arg_len + len + addspace;
688 if (new_len >= arg_size) {
689 /* Allocate more space than we need for subsequent args */
690 while (new_len >= (arg_size += COMMANDARGINC))
693 p = yylval.command.args ?
694 (char *) realloc(yylval.command.args, arg_size) :
695 (char *) malloc(arg_size);
697 efree(yylval.command.args);
698 yyerror("unable to allocate memory");
701 yylval.command.args = p;
704 /* Efficiently append the arg (with a leading space if needed). */
705 p = yylval.command.args + arg_len;
708 if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) {
709 yyerror("fill_args: buffer overflow"); /* paranoia */
718 struct path_list *next;
721 struct include_stack {
724 struct path_list *more; /* more files in case of includedir */
734 const struct path_list * const *p1 = v1;
735 const struct path_list * const *p2 = v2;
737 return(strcmp((*p1)->path, (*p2)->path));
741 switch_dir(stack, dirpath)
742 struct include_stack *stack;
750 struct path_list *pl, *first = NULL;
751 struct path_list **sorted = NULL;
753 if (!(dir = opendir(dirpath))) {
757 while ((dent = readdir(dir))) {
758 /* Ignore files that end in '~' or have a '.' in them. */
759 if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~'
760 || strchr(dent->d_name, '.') != NULL) {
763 if (asprintf(&path, "%s/%s", dirpath, dent->d_name) == -1) {
767 if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) {
771 pl = malloc(sizeof(*pl));
784 /* Sort the list as an array. */
785 sorted = malloc(sizeof(*sorted) * count);
789 for (i = 0; i < count; i++) {
793 qsort(sorted, count, sizeof(*sorted), pl_compare);
795 /* Apply sorting to the list. */
797 sorted[count - 1]->next = NULL;
798 for (i = 1; i < count; i++)
799 sorted[i - 1]->next = sorted[i];
802 /* Pull out the first element for parsing, leave the rest for later. */
815 while (first != NULL) {
827 #define MAX_SUDOERS_DEPTH 128
828 #define SUDOERS_STACK_INCREMENT 16
830 static size_t istacksize, idepth;
831 static struct include_stack *istack;
837 struct path_list *pl;
841 while ((pl = istack[idepth].more) != NULL) {
842 istack[idepth].more = pl->next;
846 efree(istack[idepth].path);
847 if (!istack[idepth].keepopen)
848 fclose(istack[idepth].bs->yy_input_file);
849 yy_delete_buffer(istack[idepth].bs);
853 istacksize = idepth = 0;
858 _push_include(path, isdir)
864 /* push current state onto stack */
865 if (idepth >= istacksize) {
866 if (idepth > MAX_SUDOERS_DEPTH) {
867 yyerror("too many levels of includes");
870 istacksize += SUDOERS_STACK_INCREMENT;
871 istack = (struct include_stack *) realloc(istack,
872 sizeof(istack) * istacksize);
873 if (istack == NULL) {
874 yyerror("unable to allocate memory");
879 if (!(path = switch_dir(&istack[idepth], path))) {
880 /* switch_dir() called yyerror() for us */
883 if ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) {
885 return(FALSE); /* XXX - just to go next one */
888 if ((fp = open_sudoers(path, TRUE, &keepopen)) == NULL) {
892 istack[idepth].more = NULL;
894 /* Push the old (current) file and open the new one. */
895 istack[idepth].path = sudoers; /* push old path */
896 istack[idepth].bs = YY_CURRENT_BUFFER;
897 istack[idepth].lineno = sudolineno;
898 istack[idepth].keepopen = keepopen;
902 yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
910 struct path_list *pl;
917 fclose(YY_CURRENT_BUFFER->yy_input_file);
918 yy_delete_buffer(YY_CURRENT_BUFFER);
920 if ((pl = istack[idepth - 1].more) != NULL) {
921 /* Move to next file in the dir. */
922 istack[idepth - 1].more = pl->next;
923 if ((fp = open_sudoers(pl->path, FALSE, &keepopen)) == NULL) {
925 return(FALSE); /* XXX - just to go next one */
930 yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
934 yy_switch_to_buffer(istack[idepth].bs);
936 sudoers = istack[idepth].path;
937 sudolineno = istack[idepth].lineno;
946 char *cp, *ep, *path;
947 int len = 0, subst = 0;
948 size_t shost_len = 0;
950 /* Pull out path from #include line. */
951 cp = base + sizeof("#include");
953 cp += 3; /* includedir */
954 while (isblank((unsigned char) *cp))
957 while (*ep != '\0' && !isspace((unsigned char) *ep)) {
958 if (ep[0] == '%' && ep[1] == 'h') {
959 shost_len = strlen(user_shost);
960 len += shost_len - 2;
966 /* Make a copy of path and return it. */
967 len += (int)(ep - cp);
968 if ((path = malloc(len + 1)) == NULL)
969 yyerror("unable to allocate memory");
971 /* substitute for %h */
974 if (cp[0] == '%' && cp[1] == 'h') {
975 memcpy(pp, user_shost, shost_len);
984 memcpy(path, cp, len);
988 /* Push any excess characters (e.g. comment, newline) back to the lexer */
990 yyless((int)(ep - base));
996 * Check to make sure an IPv6 address does not contain multiple instances
997 * of the string "::". Assumes strlen(s) >= 1.
998 * Returns TRUE if address is valid else FALSE.
1006 for (; *s != '\0'; s++) {
1007 if (s[0] == ':' && s[1] == ':') {
1012 nmatch = 0; /* reset if we hit netmask */
1015 return (nmatch <= 1);