#if __GNUC__ >= 2
__attribute__ ((unused))
#endif /* __GNUC__ >= 2 */
- = "$OpenBSD: skeleton.c,v 1.23 2004/03/12 13:39:50 henning Exp $";
+ = "$OpenBSD: skeleton.c,v 1.28 2007/09/03 21:14:58 deraadt Exp $";
#endif
#include <stdlib.h>
#define YYBYACC 1
#define YYPREFIX "yy"
#line 2 "parse.yacc"
/*
- * Copyright (c) 1996, 1998-2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1996, 1998-2004, 2007
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* list_matches() can format things the way it wants.
*/
-#include "config.h"
+#include <config.h>
#include <sys/types.h>
#include <sys/param.h>
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <pwd.h>
-#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
-# include <malloc.h>
-#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
# include <alloca.h>
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
#ifdef HAVE_LSEARCH
# include <search.h>
#endif /* HAVE_LSEARCH */
+#include <limits.h>
#include "sudo.h"
#include "parse.h"
#endif /* HAVE_LSEARCH */
#ifndef lint
-static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76 2004/08/11 18:29:36 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.76.2.14 2008/02/27 20:34:42 millert Exp $";
#endif /* lint */
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+# define SIZE_MAX SIZE_T_MAX
+# else
+# define SIZE_MAX INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
/*
* Globals
*/
(_var) = NOMATCH; \
} while (0)
+#define SETENV_RESET \
+ if (setenv_ok == IMPLIED) setenv_ok = def_setenv ? TRUE : UNSPEC
+
/*
* The matching stack, initial space allocated in init_parser().
*/
match[top].runas = UNSPEC; \
match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
match[top].noexec = def_noexec ? TRUE : UNSPEC; \
+ match[top].setenv = def_setenv ? TRUE : UNSPEC; \
+ match[top].role = NULL; \
+ match[top].type = NULL; \
top++; \
} while (0)
match[top].runas = match[top-1].runas; \
match[top].nopass = match[top-1].nopass; \
match[top].noexec = match[top-1].noexec; \
+ match[top].setenv = match[top-1].setenv; \
+ match[top].role = estrdup(match[top-1].role); \
+ match[top].type = estrdup(match[top-1].type); \
top++; \
} while (0)
do { \
if (top == 0) \
yyerror("matching stack underflow"); \
- else \
+ else { \
+ efree(match[top-1].role); \
+ efree(match[top-1].type); \
top--; \
+ } \
} while (0)
#define append_runas(s, p) append(s, &cm_list[cm_list_len].runas, \
&cm_list[cm_list_len].runas_len, &cm_list[cm_list_len].runas_size, p)
+#define append_role(s, p) append(s, &cm_list[cm_list_len].role, \
+ &cm_list[cm_list_len].role_len, &cm_list[cm_list_len].role_size, p)
+
+#define append_type(s, p) append(s, &cm_list[cm_list_len].type, \
+ &cm_list[cm_list_len].type_len, &cm_list[cm_list_len].type_size, p)
+
#define append_entries(s, p) append(s, &ga_list[ga_list_len-1].entries, \
&ga_list[ga_list_len-1].entries_len, \
&ga_list[ga_list_len-1].entries_size, p)
static void expand_ga_list __P((void));
static void expand_match_list __P((void));
static aliasinfo *find_alias __P((char *, int));
-static int more_aliases __P((void));
+static void more_aliases __P((void));
void init_parser __P((void));
void yyerror __P((char *));
}
parse_error = TRUE;
}
-#line 221 "parse.yacc"
+#line 251 "parse.yacc"
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
int BOOLEAN;
struct sudo_command command;
int tok;
+ struct selinux_info seinfo;
} YYSTYPE;
#endif /* YYSTYPE_DEFINED */
-#line 248 "sudo.tab.c"
+#line 279 "sudo.tab.c"
#define COMMAND 257
#define ALIAS 258
#define DEFVAR 259
#define PASSWD 270
#define NOEXEC 271
#define EXEC 272
-#define ALL 273
-#define COMMENT 274
-#define HOSTALIAS 275
-#define CMNDALIAS 276
-#define USERALIAS 277
-#define RUNASALIAS 278
-#define ERROR 279
+#define SETENV 273
+#define NOSETENV 274
+#define ALL 275
+#define COMMENT 276
+#define HOSTALIAS 277
+#define CMNDALIAS 278
+#define USERALIAS 279
+#define RUNASALIAS 280
+#define ERROR 281
+#define TYPE 282
+#define ROLE 283
#define YYERRCODE 256
#if defined(__cplusplus) || defined(__STDC__)
const short yylhs[] =
short yylhs[] =
#endif
{ -1,
- 0, 0, 7, 7, 9, 7, 7, 7, 7, 7,
- 7, 15, 16, 18, 16, 19, 16, 21, 16, 17,
- 17, 22, 22, 22, 22, 22, 10, 10, 23, 25,
- 25, 2, 2, 2, 2, 2, 24, 24, 26, 29,
- 30, 29, 27, 27, 5, 5, 4, 31, 4, 3,
- 3, 3, 3, 3, 28, 28, 28, 28, 28, 1,
- 1, 1, 12, 12, 33, 32, 20, 20, 13, 13,
- 35, 34, 36, 36, 14, 14, 38, 37, 11, 11,
- 40, 39, 8, 8, 41, 41, 6, 6, 6, 6,
+ 0, 0, 10, 10, 12, 10, 10, 10, 10, 10,
+ 10, 18, 19, 21, 19, 22, 19, 24, 19, 20,
+ 20, 25, 25, 25, 25, 25, 13, 13, 26, 28,
+ 28, 2, 2, 2, 2, 2, 27, 27, 31, 29,
+ 33, 34, 33, 8, 9, 7, 7, 7, 7, 7,
+ 30, 30, 5, 5, 4, 35, 4, 3, 3, 3,
+ 3, 3, 32, 32, 32, 32, 32, 32, 32, 1,
+ 1, 1, 15, 15, 37, 36, 23, 23, 16, 16,
+ 39, 38, 40, 40, 17, 17, 42, 41, 14, 14,
+ 44, 43, 11, 11, 45, 45, 6, 6, 6, 6,
6,
};
#if defined(__cplusplus) || defined(__STDC__)
1, 2, 1, 2, 0, 3, 2, 2, 2, 2,
1, 2, 1, 0, 3, 0, 3, 0, 3, 1,
3, 1, 2, 3, 3, 3, 1, 3, 3, 1,
- 2, 1, 1, 1, 1, 1, 1, 3, 3, 1,
- 0, 3, 0, 2, 1, 3, 1, 0, 3, 1,
- 1, 1, 1, 1, 0, 2, 2, 2, 2, 1,
+ 2, 1, 1, 1, 1, 1, 1, 3, 0, 5,
+ 1, 0, 3, 3, 3, 0, 1, 1, 2, 2,
+ 0, 2, 1, 3, 1, 0, 3, 1, 1, 1,
+ 1, 1, 0, 2, 2, 2, 2, 2, 2, 1,
1, 1, 1, 3, 0, 4, 1, 3, 1, 3,
0, 4, 1, 3, 1, 3, 0, 4, 1, 3,
0, 4, 1, 3, 1, 2, 1, 1, 1, 1,
#endif
{ 0,
0, 13, 18, 14, 16, 3, 0, 0, 0, 0,
- 0, 1, 0, 11, 0, 4, 0, 0, 0, 65,
- 0, 63, 71, 0, 69, 81, 0, 79, 77, 0,
- 75, 2, 90, 89, 88, 87, 91, 0, 85, 0,
- 83, 0, 0, 12, 0, 36, 33, 34, 35, 32,
- 0, 30, 0, 67, 0, 53, 52, 51, 50, 54,
- 48, 47, 45, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 86, 0, 0, 0, 27, 0, 0, 0,
- 23, 0, 31, 0, 0, 0, 0, 64, 0, 70,
- 0, 80, 0, 76, 84, 0, 0, 24, 25, 26,
- 21, 68, 49, 46, 0, 62, 61, 60, 41, 40,
- 73, 0, 0, 0, 28, 0, 0, 37, 55, 0,
- 0, 0, 0, 0, 42, 74, 38, 56, 57, 58,
- 59, 39,
+ 0, 1, 0, 11, 0, 4, 0, 0, 0, 75,
+ 0, 73, 81, 0, 79, 91, 0, 89, 87, 0,
+ 85, 2, 100, 99, 98, 97, 101, 0, 95, 0,
+ 93, 0, 0, 12, 0, 36, 33, 34, 35, 32,
+ 0, 30, 0, 77, 0, 61, 60, 59, 58, 62,
+ 56, 55, 53, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 96, 0, 0, 0, 27, 0, 0, 0,
+ 23, 0, 31, 0, 0, 0, 0, 74, 0, 80,
+ 0, 90, 0, 86, 94, 0, 39, 24, 25, 26,
+ 21, 78, 57, 54, 0, 72, 71, 70, 42, 41,
+ 83, 0, 0, 0, 28, 0, 37, 0, 0, 0,
+ 39, 0, 0, 43, 84, 38, 0, 0, 0, 63,
+ 0, 0, 0, 0, 0, 49, 50, 45, 44, 64,
+ 65, 66, 67, 68, 69, 40,
};
#if defined(__cplusplus) || defined(__STDC__)
const short yydgoto[] =
short yydgoto[] =
#endif
{ 11,
- 110, 52, 62, 63, 64, 39, 12, 40, 13, 75,
- 27, 21, 24, 30, 14, 15, 44, 18, 19, 76,
- 17, 45, 77, 117, 54, 118, 119, 124, 111, 120,
- 85, 22, 65, 25, 67, 112, 31, 71, 28, 69,
- 41,
+ 110, 52, 62, 63, 64, 39, 130, 131, 132, 12,
+ 40, 13, 75, 27, 21, 24, 30, 14, 15, 44,
+ 18, 19, 76, 17, 45, 77, 116, 54, 117, 123,
+ 118, 135, 111, 119, 85, 22, 65, 25, 67, 112,
+ 31, 71, 28, 69, 41,
};
#if defined(__cplusplus) || defined(__STDC__)
const short yysindex[] =
#else
short yysindex[] =
#endif
- { -239,
- -264, 0, 0, 0, 0, 0, -247, -240, -236, -235,
- -239, 0, 307, 0, -31, 0, 328, 307, 320, 0,
- -9, 0, 0, -8, 0, 0, -4, 0, 0, 2,
- 0, 0, 0, 0, 0, 0, 0, -242, 0, 294,
- 0, -3, -226, 0, 11, 0, 0, 0, 0, 0,
- -217, 0, 17, 0, 20, 0, 0, 0, 0, 0,
- 0, 0, 0, 21, 5, -247, 6, -240, 7, -236,
- 8, -235, 0, 307, 13, -32, 0, -191, -190, -189,
- 0, -31, 0, 328, -210, 320, 328, 0, -33, 0,
- 307, 0, 320, 0, 0, 328, -192, 0, 0, 0,
- 0, 0, 0, 0, 17, 0, 0, 0, 0, 0,
- 0, 34, 20, 21, 0, 320, 35, 0, 0, -243,
- -33, 21, -192, -27, 0, 0, 0, 0, 0, 0,
- 0, 0,};
+ { -247,
+ -248, 0, 0, 0, 0, 0, -211, -210, -205, -201,
+ -247, 0, 62, 0, -33, 0, 89, 62, 114, 0,
+ 2, 0, 0, 3, 0, 0, 4, 0, 0, 6,
+ 0, 0, 0, 0, 0, 0, 0, -251, 0, -28,
+ 0, -18, -194, 0, 14, 0, 0, 0, 0, 0,
+ -219, 0, 22, 0, 23, 0, 0, 0, 0, 0,
+ 0, 0, 0, 24, 8, -211, 9, -210, 10, -205,
+ 11, -201, 0, 62, 16, -23, 0, -187, -186, -184,
+ 0, -33, 0, 89, -212, 114, 89, 0, -20, 0,
+ 62, 0, 114, 0, 0, 89, 0, 0, 0, 0,
+ 0, 0, 0, 0, 22, 0, 0, 0, 0, 0,
+ 0, 36, 23, 24, 0, 37, 0, -185, -221, -20,
+ 0, 114, -268, 0, 0, 0, 24, 21, 25, 0,
+ -195, -193, -175, -174, 274, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0,};
#if defined(__cplusplus) || defined(__STDC__)
const short yyrindex[] =
#else
short yyrindex[] =
#endif
- { 342,
+ { 141,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 141, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 156, 0, 0, 181, 0, 0, 206, 0, 0, 236,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 342, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 139, 0, 0, 162, 0, 0, 185, 0, 0, 208,
+ 0, 1, 0, 0, 261, 0, 0, 0, 0, 0,
+ 0, 0, -25, 0, -11, 0, 0, 0, 0, 0,
+ 0, 0, 0, -10, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 300, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 1, 0, 0, 236, 0, 0, 0, 0, 0,
- 0, 0, -30, 0, -26, 0, 0, 0, 0, 0,
- 0, 0, 0, -25, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 260, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, -20, 0, 0, 0,
- 0, 0, 0, 0, 24, 0, 0, 0, 0, 0,
- 0, 47, 70, 93, 0, 0, 116, 0, 0, 0,
- 0, 271, -20, 0, 0, 0, 0, 0, 0, 0,
- 0, 0,};
+ 0, 0, 0, 0, 26, 0, 0, 0, 0, 0,
+ 0, 52, 78, 104, 0, 130, 0, -29, 0, 0,
+ 0, 0, 340, 0, 0, 0, 313, 0, 0, 0,
+ 365, 391, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0,};
#if defined(__cplusplus) || defined(__STDC__)
const short yygindex[] =
#else
short yygindex[] =
#endif
{ 0,
- -39, 32, -1, 3, -84, 48, 74, -14, 0, 0,
- 0, 0, 0, 0, 0, 0, 9, 0, 0, -12,
- 0, 0, -6, 0, 4, -36, 0, 0, -62, 0,
- 0, 26, 0, 27, 0, 0, 22, 0, 28, 0,
- 23,
+ -27, 40, 12, 7, -87, 56, 0, -36, -32, 87,
+ -16, 0, 0, 0, 0, 0, 0, 0, 0, 18,
+ 0, 0, -14, 0, 0, 5, 0, 19, -19, 0,
+ 0, 0, -80, 0, 0, 39, 0, 38, 0, 0,
+ 35, 0, 42, 0, 34,
};
-#define YYTABLESIZE 615
+#define YYTABLESIZE 666
#if defined(__cplusplus) || defined(__STDC__)
const short yytable[] =
#else
short yytable[] =
#endif
- { 109,
- 22, 43, 19, 55, 53, 109, 15, 17, 114, 16,
- 20, 84, 43, 106, 107, 33, 1, 23, 34, 35,
- 36, 26, 29, 66, 2, 3, 4, 5, 97, 108,
- 37, 122, 81, 22, 6, 7, 8, 9, 10, 79,
- 46, 80, 47, 48, 22, 49, 72, 56, 66, 68,
- 57, 58, 59, 70, 82, 50, 66, 78, 126, 72,
- 84, 132, 60, 74, 86, 87, 89, 91, 93, 82,
- 96, 98, 99, 100, 105, 116, 113, 121, 123, 72,
- 125, 66, 83, 103, 32, 73, 127, 102, 104, 115,
- 101, 88, 78, 94, 90, 0, 95, 92, 0, 0,
- 0, 0, 82, 0, 72, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 29, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 78, 0, 82, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 8, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 29, 0,
- 78, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 9, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 8, 0, 29, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 7, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 9, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 10, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 7, 0, 0,
- 0, 0, 0, 106, 107, 0, 0, 42, 19, 106,
- 107, 0, 15, 17, 0, 20, 43, 43, 0, 108,
- 10, 128, 129, 130, 131, 108, 0, 0, 43, 43,
- 43, 43, 43, 0, 0, 0, 22, 0, 22, 6,
- 0, 22, 22, 22, 22, 22, 22, 22, 20, 0,
- 0, 0, 0, 22, 22, 22, 22, 22, 22, 66,
- 0, 66, 0, 0, 66, 66, 66, 66, 66, 66,
- 66, 0, 6, 0, 0, 0, 66, 66, 66, 66,
- 66, 66, 72, 44, 72, 0, 0, 72, 72, 72,
- 72, 72, 72, 72, 0, 0, 0, 0, 0, 72,
- 72, 72, 72, 72, 72, 82, 51, 82, 0, 0,
- 82, 82, 82, 82, 82, 82, 82, 74, 0, 38,
- 0, 0, 82, 82, 82, 82, 82, 82, 78, 0,
- 78, 0, 61, 78, 78, 78, 78, 78, 78, 78,
- 51, 0, 0, 0, 0, 78, 78, 78, 78, 78,
- 78, 29, 0, 29, 5, 0, 29, 29, 29, 29,
- 29, 29, 29, 0, 0, 0, 0, 0, 29, 29,
- 29, 29, 29, 29, 8, 0, 8, 0, 0, 8,
- 8, 8, 8, 8, 8, 8, 0, 0, 0, 0,
- 0, 8, 8, 8, 8, 8, 8, 9, 0, 9,
- 0, 0, 9, 9, 9, 9, 9, 9, 9, 0,
- 0, 0, 0, 0, 9, 9, 9, 9, 9, 9,
- 7, 0, 7, 0, 0, 7, 7, 7, 7, 7,
- 7, 7, 0, 0, 0, 0, 0, 7, 7, 7,
- 7, 7, 7, 10, 0, 10, 0, 0, 10, 10,
- 10, 10, 10, 10, 10, 0, 0, 0, 0, 0,
- 10, 10, 10, 10, 10, 10, 0, 0, 0, 0,
- 0, 20, 0, 20, 0, 0, 20, 20, 20, 20,
- 20, 20, 20, 0, 0, 0, 0, 0, 20, 20,
- 20, 20, 20, 20, 0, 6, 0, 6, 0, 0,
- 6, 6, 6, 6, 6, 6, 6, 44, 44, 0,
- 0, 0, 6, 6, 6, 6, 6, 6, 0, 44,
- 44, 44, 44, 44, 0, 0, 0, 0, 0, 0,
- 0, 46, 0, 47, 48, 0, 49, 0, 0, 0,
- 0, 0, 0, 0, 33, 0, 50, 34, 35, 36,
- 0, 0, 0, 0, 0, 0, 0, 56, 0, 37,
- 57, 58, 59, 0, 0, 46, 0, 47, 48, 0,
- 49, 0, 60, 0, 0, 0, 0, 0, 0, 5,
- 50, 0, 5, 5, 5, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 5,
+ { 43,
+ 22, 55, 53, 51, 51, 114, 33, 19, 1, 34,
+ 35, 36, 109, 128, 129, 74, 2, 3, 4, 5,
+ 84, 15, 17, 37, 79, 76, 80, 16, 6, 7,
+ 8, 9, 10, 22, 127, 106, 107, 97, 46, 125,
+ 47, 48, 78, 49, 22, 56, 20, 23, 57, 58,
+ 59, 82, 26, 108, 146, 50, 29, 82, 76, 66,
+ 68, 70, 60, 72, 81, 84, 74, 86, 87, 89,
+ 91, 93, 105, 96, 113, 98, 99, 92, 100, 120,
+ 121, 133, 122, 76, 82, 134, 128, 138, 139, 129,
+ 83, 124, 104, 73, 38, 137, 103, 32, 136, 101,
+ 115, 126, 102, 88, 88, 90, 94, 95, 0, 82,
+ 92, 92, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 51, 0, 0, 0, 0, 0, 0, 0, 29,
+ 0, 0, 0, 0, 0, 92, 88, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 61, 0, 0, 0,
+ 0, 0, 0, 0, 0, 8, 0, 0, 0, 0,
+ 0, 88, 29, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 5, 0, 0, 0, 0, 0, 0,
+ 9, 0, 0, 0, 0, 0, 0, 29, 8, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 7, 0, 0, 0, 0,
+ 0, 0, 0, 9, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 42, 0, 51, 51, 46,
+ 0, 47, 48, 19, 49, 10, 106, 107, 7, 51,
+ 51, 51, 51, 51, 51, 51, 50, 15, 17, 0,
+ 0, 0, 51, 51, 108, 0, 22, 0, 22, 0,
+ 20, 22, 22, 22, 22, 22, 22, 22, 10, 0,
+ 0, 0, 0, 0, 0, 22, 22, 22, 22, 22,
+ 22, 76, 0, 76, 0, 0, 76, 76, 76, 76,
+ 76, 76, 76, 20, 0, 0, 0, 0, 0, 6,
+ 76, 76, 76, 76, 76, 76, 109, 82, 0, 82,
+ 0, 0, 82, 82, 82, 82, 82, 82, 82, 33,
+ 0, 0, 34, 35, 36, 0, 82, 82, 82, 82,
+ 82, 82, 6, 92, 0, 92, 37, 0, 92, 92,
+ 92, 92, 92, 92, 92, 52, 46, 0, 47, 48,
+ 0, 49, 92, 92, 92, 92, 92, 92, 0, 88,
+ 0, 88, 0, 50, 88, 88, 88, 88, 88, 88,
+ 88, 56, 46, 0, 57, 58, 59, 0, 88, 88,
+ 88, 88, 88, 88, 0, 29, 0, 29, 60, 0,
+ 29, 29, 29, 29, 29, 29, 29, 47, 5, 0,
+ 0, 5, 5, 5, 29, 29, 29, 29, 29, 29,
+ 0, 8, 0, 8, 0, 5, 8, 8, 8, 8,
+ 8, 8, 8, 48, 0, 0, 0, 0, 0, 0,
+ 8, 8, 8, 8, 8, 8, 9, 0, 9, 0,
+ 0, 9, 9, 9, 9, 9, 9, 9, 0, 0,
+ 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
+ 9, 7, 0, 7, 0, 0, 7, 7, 7, 7,
+ 7, 7, 7, 0, 0, 0, 0, 0, 0, 0,
+ 7, 7, 7, 7, 7, 7, 0, 0, 0, 0,
+ 0, 10, 0, 10, 0, 0, 10, 10, 10, 10,
+ 10, 10, 10, 0, 0, 0, 0, 0, 0, 0,
+ 10, 10, 10, 10, 10, 10, 20, 0, 20, 0,
+ 0, 20, 20, 20, 20, 20, 20, 20, 0, 0,
+ 106, 107, 0, 0, 0, 20, 20, 20, 20, 20,
+ 20, 0, 140, 141, 142, 143, 144, 145, 108, 0,
+ 0, 0, 0, 0, 0, 6, 0, 6, 0, 0,
+ 6, 6, 6, 6, 6, 6, 6, 0, 0, 52,
+ 52, 0, 0, 0, 6, 6, 6, 6, 6, 6,
+ 0, 52, 52, 52, 52, 52, 52, 52, 0, 0,
+ 0, 0, 0, 0, 52, 52, 46, 46, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 46, 46,
+ 46, 46, 46, 46, 46, 0, 0, 0, 0, 0,
+ 0, 47, 47, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 47, 47, 47, 47, 47, 47, 47,
+ 0, 0, 0, 0, 0, 0, 0, 48, 48, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 48,
+ 48, 48, 48, 48, 48, 48,
};
#if defined(__cplusplus) || defined(__STDC__)
const short yycheck[] =
short yycheck[] =
#endif
{ 33,
- 0, 33, 33, 18, 17, 33, 33, 33, 93, 274,
- 258, 44, 33, 257, 258, 258, 256, 258, 261, 262,
- 263, 258, 258, 0, 264, 265, 266, 267, 61, 273,
- 273, 116, 259, 33, 274, 275, 276, 277, 278, 43,
- 258, 45, 260, 261, 44, 263, 0, 258, 58, 58,
- 261, 262, 263, 58, 44, 273, 33, 61, 121, 58,
- 44, 124, 273, 44, 44, 61, 61, 61, 61, 0,
- 58, 263, 263, 263, 87, 268, 91, 44, 44, 33,
- 120, 58, 51, 85, 11, 38, 123, 84, 86, 96,
- 82, 66, 0, 72, 68, -1, 74, 70, -1, -1,
- -1, -1, 33, -1, 58, -1, -1, -1, -1, -1,
+ 0, 18, 17, 33, 33, 93, 258, 33, 256, 261,
+ 262, 263, 33, 282, 283, 44, 264, 265, 266, 267,
+ 44, 33, 33, 275, 43, 0, 45, 276, 276, 277,
+ 278, 279, 280, 33, 122, 257, 258, 61, 258, 120,
+ 260, 261, 61, 263, 44, 258, 258, 258, 261, 262,
+ 263, 0, 258, 275, 135, 275, 258, 44, 33, 58,
+ 58, 58, 275, 58, 259, 44, 44, 44, 61, 61,
+ 61, 61, 87, 58, 91, 263, 263, 0, 263, 44,
+ 44, 61, 268, 58, 33, 61, 282, 263, 263, 283,
+ 51, 119, 86, 38, 33, 132, 85, 11, 131, 82,
+ 96, 121, 84, 0, 66, 68, 72, 74, -1, 58,
+ 33, 70, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, 33, -1, -1, -1, -1, -1, -1, -1, 0,
+ -1, -1, -1, -1, -1, 58, 33, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 33, -1, -1, -1,
-1, -1, -1, -1, -1, 0, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 33, -1, 58, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, 0, -1,
- -1, -1, -1, -1, -1, -1, -1, -1, 33, -1,
- 58, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 0, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 33, -1, 58, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, 0, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, 33, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, 0, -1, -1,
- -1, -1, -1, -1, -1, -1, -1, 33, -1, -1,
- -1, -1, -1, 257, 258, -1, -1, 259, 259, 257,
- 258, -1, 259, 259, -1, 0, 257, 258, -1, 273,
- 33, 269, 270, 271, 272, 273, -1, -1, 269, 270,
- 271, 272, 273, -1, -1, -1, 256, -1, 258, 0,
- -1, 261, 262, 263, 264, 265, 266, 267, 33, -1,
- -1, -1, -1, 273, 274, 275, 276, 277, 278, 256,
- -1, 258, -1, -1, 261, 262, 263, 264, 265, 266,
- 267, -1, 33, -1, -1, -1, 273, 274, 275, 276,
- 277, 278, 256, 33, 258, -1, -1, 261, 262, 263,
- 264, 265, 266, 267, -1, -1, -1, -1, -1, 273,
- 274, 275, 276, 277, 278, 256, 33, 258, -1, -1,
- 261, 262, 263, 264, 265, 266, 267, 44, -1, 33,
- -1, -1, 273, 274, 275, 276, 277, 278, 256, -1,
- 258, -1, 33, 261, 262, 263, 264, 265, 266, 267,
- 33, -1, -1, -1, -1, 273, 274, 275, 276, 277,
- 278, 256, -1, 258, 33, -1, 261, 262, 263, 264,
- 265, 266, 267, -1, -1, -1, -1, -1, 273, 274,
- 275, 276, 277, 278, 256, -1, 258, -1, -1, 261,
- 262, 263, 264, 265, 266, 267, -1, -1, -1, -1,
- -1, 273, 274, 275, 276, 277, 278, 256, -1, 258,
- -1, -1, 261, 262, 263, 264, 265, 266, 267, -1,
- -1, -1, -1, -1, 273, 274, 275, 276, 277, 278,
- 256, -1, 258, -1, -1, 261, 262, 263, 264, 265,
- 266, 267, -1, -1, -1, -1, -1, 273, 274, 275,
- 276, 277, 278, 256, -1, 258, -1, -1, 261, 262,
- 263, 264, 265, 266, 267, -1, -1, -1, -1, -1,
- 273, 274, 275, 276, 277, 278, -1, -1, -1, -1,
+ -1, 58, 33, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ 0, -1, -1, -1, -1, -1, -1, 58, 33, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 0, -1, -1, -1, -1,
+ -1, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 259, -1, 257, 258, 258,
+ -1, 260, 261, 259, 263, 0, 257, 258, 33, 269,
+ 270, 271, 272, 273, 274, 275, 275, 259, 259, -1,
+ -1, -1, 282, 283, 275, -1, 256, -1, 258, -1,
+ 0, 261, 262, 263, 264, 265, 266, 267, 33, -1,
+ -1, -1, -1, -1, -1, 275, 276, 277, 278, 279,
+ 280, 256, -1, 258, -1, -1, 261, 262, 263, 264,
+ 265, 266, 267, 33, -1, -1, -1, -1, -1, 0,
+ 275, 276, 277, 278, 279, 280, 33, 256, -1, 258,
+ -1, -1, 261, 262, 263, 264, 265, 266, 267, 258,
+ -1, -1, 261, 262, 263, -1, 275, 276, 277, 278,
+ 279, 280, 33, 256, -1, 258, 275, -1, 261, 262,
+ 263, 264, 265, 266, 267, 33, 258, -1, 260, 261,
+ -1, 263, 275, 276, 277, 278, 279, 280, -1, 256,
+ -1, 258, -1, 275, 261, 262, 263, 264, 265, 266,
+ 267, 258, 33, -1, 261, 262, 263, -1, 275, 276,
+ 277, 278, 279, 280, -1, 256, -1, 258, 275, -1,
+ 261, 262, 263, 264, 265, 266, 267, 33, 258, -1,
+ -1, 261, 262, 263, 275, 276, 277, 278, 279, 280,
+ -1, 256, -1, 258, -1, 275, 261, 262, 263, 264,
+ 265, 266, 267, 33, -1, -1, -1, -1, -1, -1,
+ 275, 276, 277, 278, 279, 280, 256, -1, 258, -1,
+ -1, 261, 262, 263, 264, 265, 266, 267, -1, -1,
+ -1, -1, -1, -1, -1, 275, 276, 277, 278, 279,
+ 280, 256, -1, 258, -1, -1, 261, 262, 263, 264,
+ 265, 266, 267, -1, -1, -1, -1, -1, -1, -1,
+ 275, 276, 277, 278, 279, 280, -1, -1, -1, -1,
-1, 256, -1, 258, -1, -1, 261, 262, 263, 264,
- 265, 266, 267, -1, -1, -1, -1, -1, 273, 274,
- 275, 276, 277, 278, -1, 256, -1, 258, -1, -1,
- 261, 262, 263, 264, 265, 266, 267, 257, 258, -1,
- -1, -1, 273, 274, 275, 276, 277, 278, -1, 269,
- 270, 271, 272, 273, -1, -1, -1, -1, -1, -1,
- -1, 258, -1, 260, 261, -1, 263, -1, -1, -1,
- -1, -1, -1, -1, 258, -1, 273, 261, 262, 263,
- -1, -1, -1, -1, -1, -1, -1, 258, -1, 273,
- 261, 262, 263, -1, -1, 258, -1, 260, 261, -1,
- 263, -1, 273, -1, -1, -1, -1, -1, -1, 258,
- 273, -1, 261, 262, 263, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, 273,
+ 265, 266, 267, -1, -1, -1, -1, -1, -1, -1,
+ 275, 276, 277, 278, 279, 280, 256, -1, 258, -1,
+ -1, 261, 262, 263, 264, 265, 266, 267, -1, -1,
+ 257, 258, -1, -1, -1, 275, 276, 277, 278, 279,
+ 280, -1, 269, 270, 271, 272, 273, 274, 275, -1,
+ -1, -1, -1, -1, -1, 256, -1, 258, -1, -1,
+ 261, 262, 263, 264, 265, 266, 267, -1, -1, 257,
+ 258, -1, -1, -1, 275, 276, 277, 278, 279, 280,
+ -1, 269, 270, 271, 272, 273, 274, 275, -1, -1,
+ -1, -1, -1, -1, 282, 283, 257, 258, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 269, 270,
+ 271, 272, 273, 274, 275, -1, -1, -1, -1, -1,
+ -1, 257, 258, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 269, 270, 271, 272, 273, 274, 275,
+ -1, -1, -1, -1, -1, -1, -1, 257, 258, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 269,
+ 270, 271, 272, 273, 274, 275,
};
#define YYFINAL 11
#ifndef YYDEBUG
#define YYDEBUG 0
#endif
-#define YYMAXTOKEN 279
+#define YYMAXTOKEN 283
#if YYDEBUG
#if defined(__cplusplus) || defined(__STDC__)
const char * const yyname[] =
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","RUNAS","NOPASSWD","PASSWD",
-"NOEXEC","EXEC","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
-"RUNASALIAS","ERROR",
+"NOEXEC","EXEC","SETENV","NOSETENV","ALL","COMMENT","HOSTALIAS","CMNDALIAS",
+"USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE",
};
#if defined(__cplusplus) || defined(__STDC__)
const char * const yyrule[] =
"host : ALIAS",
"cmndspeclist : cmndspec",
"cmndspeclist : cmndspeclist ',' cmndspec",
-"cmndspec : runasspec cmndtag opcmnd",
-"opcmnd : cmnd",
"$$5 :",
-"opcmnd : '!' $$5 cmnd",
+"cmndspec : $$5 runasspec selinux cmndtag opcmnd",
+"opcmnd : cmnd",
+"$$6 :",
+"opcmnd : '!' $$6 cmnd",
+"rolespec : ROLE '=' WORD",
+"typespec : TYPE '=' WORD",
+"selinux :",
+"selinux : rolespec",
+"selinux : typespec",
+"selinux : rolespec typespec",
+"selinux : typespec rolespec",
"runasspec :",
"runasspec : RUNAS runaslist",
"runaslist : oprunasuser",
"runaslist : runaslist ',' oprunasuser",
"oprunasuser : runasuser",
-"$$6 :",
-"oprunasuser : '!' $$6 runasuser",
+"$$7 :",
+"oprunasuser : '!' $$7 runasuser",
"runasuser : WORD",
"runasuser : USERGROUP",
"runasuser : NETGROUP",
"cmndtag : cmndtag PASSWD",
"cmndtag : cmndtag NOEXEC",
"cmndtag : cmndtag EXEC",
+"cmndtag : cmndtag SETENV",
+"cmndtag : cmndtag NOSETENV",
"cmnd : ALL",
"cmnd : ALIAS",
"cmnd : COMMAND",
"hostaliases : hostalias",
"hostaliases : hostaliases ':' hostalias",
-"$$7 :",
-"hostalias : ALIAS $$7 '=' hostlist",
+"$$8 :",
+"hostalias : ALIAS $$8 '=' hostlist",
"hostlist : ophost",
"hostlist : hostlist ',' ophost",
"cmndaliases : cmndalias",
"cmndaliases : cmndaliases ':' cmndalias",
-"$$8 :",
-"cmndalias : ALIAS $$8 '=' cmndlist",
+"$$9 :",
+"cmndalias : ALIAS $$9 '=' cmndlist",
"cmndlist : opcmnd",
"cmndlist : cmndlist ',' opcmnd",
"runasaliases : runasalias",
"runasaliases : runasaliases ':' runasalias",
-"$$9 :",
-"runasalias : ALIAS $$9 '=' runaslist",
+"$$10 :",
+"runasalias : ALIAS $$10 '=' runaslist",
"useraliases : useralias",
"useraliases : useraliases ':' useralias",
-"$$10 :",
-"useralias : ALIAS $$10 '=' userlist",
+"$$11 :",
+"useralias : ALIAS $$11 '=' userlist",
"userlist : opuser",
"userlist : userlist ',' opuser",
"opuser : user",
#endif
#endif
#define YYINITSTACKSIZE 200
+/* LINTUSED */
int yydebug;
int yynerrs;
int yyerrflag;
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 890 "parse.yacc"
+#line 1053 "parse.yacc"
#define MOREALIASES (32)
aliasinfo *aliases = NULL;
size_t onaliases;
char s[512];
- if (naliases >= nslots && !more_aliases()) {
- (void) snprintf(s, sizeof(s), "Out of memory defining alias `%s'",
- alias);
- yyerror(s);
- return(FALSE);
- }
+ if (naliases >= nslots)
+ more_aliases();
ai.type = type;
ai.val = val;
/*
* Allocates more space for the aliases list.
*/
-static int
+static void
more_aliases()
{
nslots += MOREALIASES;
- if (nslots == MOREALIASES)
- aliases = (aliasinfo *) malloc(nslots * sizeof(aliasinfo));
- else
- aliases = (aliasinfo *) realloc(aliases, nslots * sizeof(aliasinfo));
-
- return(aliases != NULL);
+ aliases = (aliasinfo *) erealloc3(aliases, nslots, sizeof(aliasinfo));
}
/*
(void) printf("(%s) ", def_runas_default);
}
+#ifdef HAVE_SELINUX
+ /* SELinux role and type */
+ if (cm_list[count].role != NULL)
+ (void) printf("ROLE=%s ", cm_list[count].role);
+ if (cm_list[count].type != NULL)
+ (void) printf("TYPE=%s ", cm_list[count].type);
+#endif
+
/* Is execve(2) disabled? */
if (cm_list[count].noexecve == TRUE && !def_noexec)
(void) fputs("NOEXEC: ", stdout);
else if (cm_list[count].nopasswd == FALSE && !def_authenticate)
(void) fputs("PASSWD: ", stdout);
+ /* Is setenv enabled? */
+ if (cm_list[count].setenv == TRUE && !def_setenv)
+ (void) fputs("SETENV: ", stdout);
+ else if (cm_list[count].setenv == FALSE && def_setenv)
+ (void) fputs("NOSETENV: ", stdout);
+
/* Print the actual command or expanded Cmnd_Alias. */
key.alias = cm_list[count].cmnd;
key.type = CMND_ALIAS;
/* Be nice and free up space now that we are done. */
for (count = 0; count < ga_list_len; count++) {
- free(ga_list[count].alias);
- free(ga_list[count].entries);
+ efree(ga_list[count].alias);
+ efree(ga_list[count].entries);
}
- free(ga_list);
+ efree(ga_list);
ga_list = NULL;
for (count = 0; count < cm_list_len; count++) {
- free(cm_list[count].runas);
- free(cm_list[count].cmnd);
+ efree(cm_list[count].runas);
+ efree(cm_list[count].cmnd);
+ efree(cm_list[count].role);
+ efree(cm_list[count].type);
}
- free(cm_list);
+ efree(cm_list);
cm_list = NULL;
cm_list_len = 0;
cm_list_size = 0;
if (aliases) {
for (n = 0; n < naliases; n++)
- free(aliases[n].name);
- free(aliases);
+ efree(aliases[n].name);
+ efree(aliases);
aliases = NULL;
}
naliases = nslots = 0;
}
cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL;
+ cm_list[cm_list_len].type = cm_list[cm_list_len].role = NULL;
cm_list[cm_list_len].nopasswd = FALSE;
cm_list[cm_list_len].noexecve = FALSE;
+ cm_list[cm_list_len].setenv = FALSE;
}
/*
/* Free up old data structures if we run the parser more than once. */
if (match) {
- free(match);
+ efree(match);
match = NULL;
top = 0;
parse_error = FALSE;
if (printmatches == TRUE)
expand_match_list();
}
-#line 984 "sudo.tab.c"
+#line 1054 "sudo.tab.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
i = yyssp - yyss;
+#ifdef SIZE_MAX
+#define YY_SIZE_MAX SIZE_MAX
+#else
+#define YY_SIZE_MAX 0x7fffffff
+#endif
+ if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
+ goto bail;
newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
- (short *)malloc(newsize * sizeof *newss);
+ (short *)malloc(newsize * sizeof *newss); /* overflow check above */
if (newss == NULL)
goto bail;
yyss = newss;
yyssp = newss + i;
+ if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
+ goto bail;
newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
- (YYSTYPE *)malloc(newsize * sizeof *newvs);
+ (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
if (newvs == NULL)
goto bail;
yyvs = newvs;
switch (yyn)
{
case 3:
-#line 275 "parse.yacc"
+#line 313 "parse.yacc"
{ ; }
break;
case 4:
-#line 277 "parse.yacc"
+#line 315 "parse.yacc"
{ yyerrok; }
break;
case 5:
-#line 278 "parse.yacc"
+#line 316 "parse.yacc"
{ push; }
break;
case 6:
-#line 278 "parse.yacc"
+#line 316 "parse.yacc"
{
while (top && user_matches != TRUE)
pop;
}
break;
case 7:
-#line 283 "parse.yacc"
+#line 321 "parse.yacc"
{ ; }
break;
case 8:
-#line 285 "parse.yacc"
+#line 323 "parse.yacc"
{ ; }
break;
case 9:
-#line 287 "parse.yacc"
+#line 325 "parse.yacc"
{ ; }
break;
case 10:
-#line 289 "parse.yacc"
+#line 327 "parse.yacc"
{ ; }
break;
case 11:
-#line 291 "parse.yacc"
+#line 329 "parse.yacc"
{ ; }
break;
case 13:
-#line 297 "parse.yacc"
+#line 335 "parse.yacc"
{
defaults_matches = TRUE;
}
break;
case 14:
-#line 300 "parse.yacc"
+#line 338 "parse.yacc"
{ push; }
break;
case 15:
-#line 300 "parse.yacc"
+#line 338 "parse.yacc"
{
defaults_matches = user_matches;
pop;
}
break;
case 16:
-#line 304 "parse.yacc"
+#line 342 "parse.yacc"
{ push; }
break;
case 17:
-#line 304 "parse.yacc"
+#line 342 "parse.yacc"
{
defaults_matches = yyvsp[0].BOOLEAN == TRUE;
pop;
}
break;
case 18:
-#line 308 "parse.yacc"
+#line 346 "parse.yacc"
{ push; }
break;
case 19:
-#line 308 "parse.yacc"
+#line 346 "parse.yacc"
{
defaults_matches = host_matches;
pop;
}
break;
case 22:
-#line 318 "parse.yacc"
+#line 356 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[0].string, NULL, TRUE)) {
yyerror(NULL);
YYERROR;
}
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
case 23:
-#line 326 "parse.yacc"
+#line 364 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[0].string, NULL, FALSE)) {
yyerror(NULL);
YYERROR;
}
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
case 24:
-#line 334 "parse.yacc"
+#line 372 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, TRUE)) {
yyerror(NULL);
YYERROR;
}
- free(yyvsp[-2].string);
- free(yyvsp[0].string);
+ efree(yyvsp[-2].string);
+ efree(yyvsp[0].string);
}
break;
case 25:
-#line 343 "parse.yacc"
+#line 381 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, '+')) {
yyerror(NULL);
YYERROR;
}
- free(yyvsp[-2].string);
- free(yyvsp[0].string);
+ efree(yyvsp[-2].string);
+ efree(yyvsp[0].string);
}
break;
case 26:
-#line 352 "parse.yacc"
+#line 390 "parse.yacc"
{
if (defaults_matches == TRUE &&
!set_default(yyvsp[-2].string, yyvsp[0].string, '-')) {
yyerror(NULL);
YYERROR;
}
- free(yyvsp[-2].string);
- free(yyvsp[0].string);
+ efree(yyvsp[-2].string);
+ efree(yyvsp[0].string);
}
break;
case 29:
-#line 367 "parse.yacc"
+#line 405 "parse.yacc"
{
/*
* We already did a push if necessary in
runas_matches = UNSPEC;
no_passwd = def_authenticate ? UNSPEC : TRUE;
no_execve = def_noexec ? TRUE : UNSPEC;
+ setenv_ok = def_setenv ? TRUE : UNSPEC;
+#ifdef HAVE_SELINUX
+ efree(match[top-1].role);
+ match[top-1].role = NULL;
+ efree(match[top-1].type);
+ match[top-1].type = NULL;
+#endif
}
break;
case 30:
-#line 380 "parse.yacc"
+#line 425 "parse.yacc"
{
SETMATCH(host_matches, yyvsp[0].BOOLEAN);
}
break;
case 31:
-#line 383 "parse.yacc"
+#line 428 "parse.yacc"
{
SETNMATCH(host_matches, yyvsp[0].BOOLEAN);
}
break;
case 32:
-#line 388 "parse.yacc"
+#line 433 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
case 33:
-#line 391 "parse.yacc"
+#line 436 "parse.yacc"
{
if (addr_matches(yyvsp[0].string))
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
case 34:
-#line 398 "parse.yacc"
+#line 443 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, user_host, user_shost, NULL))
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
case 35:
-#line 405 "parse.yacc"
+#line 450 "parse.yacc"
{
if (hostname_matches(user_shost, user_host, yyvsp[0].string) == 0)
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
case 36:
-#line 412 "parse.yacc"
+#line 457 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, HOST_ALIAS);
}
yyval.BOOLEAN = NOMATCH;
}
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
case 39:
-#line 440 "parse.yacc"
+#line 485 "parse.yacc"
+{ SETENV_RESET; }
+break;
+case 40:
+#line 485 "parse.yacc"
{
+#ifdef HAVE_SELINUX
+ /* Replace inherited role/type as needed. */
+ if (yyvsp[-2].seinfo.role != NULL) {
+ efree(match[top-1].role);
+ match[top-1].role = yyvsp[-2].seinfo.role;
+ }
+ if (yyvsp[-2].seinfo.type != NULL) {
+ efree(match[top-1].type);
+ match[top-1].type = yyvsp[-2].seinfo.type;
+ }
+#endif
/*
* Push the entry onto the stack if it is worth
* saving and reset cmnd_matches for next cmnd.
pushcp;
else if (user_matches == TRUE && keepall)
pushcp;
+
cmnd_matches = UNSPEC;
}
break;
-case 40:
-#line 469 "parse.yacc"
+case 41:
+#line 526 "parse.yacc"
{
SETMATCH(cmnd_matches, yyvsp[0].BOOLEAN);
}
break;
-case 41:
-#line 472 "parse.yacc"
+case 42:
+#line 529 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
}
break;
-case 42:
-#line 480 "parse.yacc"
+case 43:
+#line 537 "parse.yacc"
{
SETNMATCH(cmnd_matches, yyvsp[0].BOOLEAN);
}
break;
-case 43:
-#line 485 "parse.yacc"
+case 44:
+#line 542 "parse.yacc"
+{
+#ifdef HAVE_SELINUX
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE && runas_matches == TRUE)
+ append_role(yyvsp[0].string, NULL);
+ yyval.string = yyvsp[0].string;
+#else
+ free(yyvsp[0].string);
+ yyval.string = NULL;
+#endif /* HAVE_SELINUX */
+ }
+break;
+case 45:
+#line 555 "parse.yacc"
+{
+#ifdef HAVE_SELINUX
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE && runas_matches == TRUE)
+ append_type(yyvsp[0].string, NULL);
+ yyval.string = yyvsp[0].string;
+#else
+ free(yyvsp[0].string);
+ yyval.string = NULL;
+#endif /* HAVE_SELINUX */
+ }
+break;
+case 46:
+#line 568 "parse.yacc"
+{
+#ifdef HAVE_SELINUX
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE && runas_matches == TRUE) {
+ /* Inherit role. */
+ cm_list[cm_list_len].role =
+ estrdup(cm_list[cm_list_len-1].role);
+ cm_list[cm_list_len].role_len =
+ cm_list[cm_list_len-1].role_len;
+ cm_list[cm_list_len].role_size =
+ cm_list[cm_list_len-1].role_len + 1;
+ /* Inherit type. */
+ cm_list[cm_list_len].type =
+ estrdup(cm_list[cm_list_len-1].type);
+ cm_list[cm_list_len].type_len =
+ cm_list[cm_list_len-1].type_len;
+ cm_list[cm_list_len].type_size =
+ cm_list[cm_list_len-1].type_len + 1;
+ }
+#endif /* HAVE_SELINUX */
+ yyval.seinfo.role = NULL;
+ yyval.seinfo.type = NULL;
+ }
+break;
+case 47:
+#line 591 "parse.yacc"
+{
+#ifdef HAVE_SELINUX
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE && runas_matches == TRUE) {
+ /* Inherit type. */
+ cm_list[cm_list_len].type =
+ estrdup(cm_list[cm_list_len-1].type);
+ cm_list[cm_list_len].type_len =
+ cm_list[cm_list_len-1].type_len;
+ cm_list[cm_list_len].type_size =
+ cm_list[cm_list_len-1].type_len + 1;
+ }
+#endif /* HAVE_SELINUX */
+ yyval.seinfo.role = yyvsp[0].string;
+ yyval.seinfo.type = NULL;
+ }
+break;
+case 48:
+#line 607 "parse.yacc"
+{
+#ifdef HAVE_SELINUX
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE && runas_matches == TRUE) {
+ /* Inherit role. */
+ cm_list[cm_list_len].role =
+ estrdup(cm_list[cm_list_len-1].role);
+ cm_list[cm_list_len].role_len =
+ cm_list[cm_list_len-1].role_len;
+ cm_list[cm_list_len].role_size =
+ cm_list[cm_list_len-1].role_len + 1;
+ }
+#endif /* HAVE_SELINUX */
+ yyval.seinfo.type = yyvsp[0].string;
+ yyval.seinfo.role = NULL;
+ }
+break;
+case 49:
+#line 623 "parse.yacc"
+{
+ yyval.seinfo.role = yyvsp[-1].string;
+ yyval.seinfo.type = yyvsp[0].string;
+ }
+break;
+case 50:
+#line 627 "parse.yacc"
+{
+ yyval.seinfo.type = yyvsp[-1].string;
+ yyval.seinfo.role = yyvsp[0].string;
+ }
+break;
+case 51:
+#line 633 "parse.yacc"
{
if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) {
cm_list[cm_list_len].runas_len =
cm_list[cm_list_len-1].runas_len;
cm_list[cm_list_len].runas_size =
- cm_list[cm_list_len-1].runas_size;
+ cm_list[cm_list_len-1].runas_len + 1;
}
}
/*
* then check against default runas user.
*/
if (runas_matches == UNSPEC) {
- runas_matches =
- userpw_matches(def_runas_default,
- *user_runas, runas_pw);
+ runas_matches = userpw_matches(def_runas_default,
+ *user_runas, runas_pw) ? TRUE : NOMATCH;
}
}
break;
-case 44:
-#line 510 "parse.yacc"
+case 52:
+#line 657 "parse.yacc"
{
runas_matches = yyvsp[0].BOOLEAN;
}
break;
-case 45:
-#line 515 "parse.yacc"
+case 53:
+#line 662 "parse.yacc"
{ ; }
break;
-case 46:
-#line 516 "parse.yacc"
+case 54:
+#line 663 "parse.yacc"
{
/* Later entries override earlier ones. */
if (yyvsp[0].BOOLEAN != NOMATCH)
yyval.BOOLEAN = yyvsp[-2].BOOLEAN;
}
break;
-case 47:
-#line 525 "parse.yacc"
+case 55:
+#line 672 "parse.yacc"
{ ; }
break;
-case 48:
-#line 526 "parse.yacc"
+case 56:
+#line 673 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
}
}
break;
-case 49:
-#line 534 "parse.yacc"
+case 57:
+#line 681 "parse.yacc"
{
/* Set $$ to the negation of runasuser */
yyval.BOOLEAN = (yyvsp[0].BOOLEAN == NOMATCH ? NOMATCH : ! yyvsp[0].BOOLEAN);
}
break;
-case 50:
-#line 540 "parse.yacc"
+case 58:
+#line 687 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
used_runas = TRUE;
}
break;
-case 51:
-#line 555 "parse.yacc"
+case 59:
+#line 702 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
used_runas = TRUE;
}
break;
-case 52:
-#line 570 "parse.yacc"
+case 60:
+#line 717 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
used_runas = TRUE;
}
break;
-case 53:
-#line 585 "parse.yacc"
+case 61:
+#line 732 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, RUNAS_ALIAS);
}
yyval.BOOLEAN = NOMATCH;
}
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
used_runas = TRUE;
}
break;
-case 54:
-#line 615 "parse.yacc"
+case 62:
+#line 762 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
yyval.BOOLEAN = TRUE;
}
break;
-case 55:
-#line 627 "parse.yacc"
+case 63:
+#line 774 "parse.yacc"
{
- /* Inherit {NOPASSWD,PASSWD,NOEXEC,EXEC} status. */
+ /* Inherit {NO,}{PASSWD,EXEC,SETENV} status. */
if (printmatches == TRUE && host_matches == TRUE &&
user_matches == TRUE) {
if (no_passwd == TRUE)
cm_list[cm_list_len].noexecve = TRUE;
else
cm_list[cm_list_len].noexecve = FALSE;
+ if (setenv_ok == TRUE)
+ cm_list[cm_list_len].setenv = TRUE;
+ else
+ cm_list[cm_list_len].setenv = FALSE;
}
}
break;
-case 56:
-#line 641 "parse.yacc"
+case 64:
+#line 792 "parse.yacc"
{
no_passwd = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
cm_list[cm_list_len].nopasswd = TRUE;
}
break;
-case 57:
-#line 647 "parse.yacc"
+case 65:
+#line 798 "parse.yacc"
{
no_passwd = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
cm_list[cm_list_len].nopasswd = FALSE;
}
break;
-case 58:
-#line 653 "parse.yacc"
+case 66:
+#line 804 "parse.yacc"
{
no_execve = TRUE;
if (printmatches == TRUE && host_matches == TRUE &&
cm_list[cm_list_len].noexecve = TRUE;
}
break;
-case 59:
-#line 659 "parse.yacc"
+case 67:
+#line 810 "parse.yacc"
{
no_execve = FALSE;
if (printmatches == TRUE && host_matches == TRUE &&
cm_list[cm_list_len].noexecve = FALSE;
}
break;
-case 60:
-#line 667 "parse.yacc"
+case 68:
+#line 816 "parse.yacc"
+{
+ setenv_ok = TRUE;
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE)
+ cm_list[cm_list_len].setenv = TRUE;
+ }
+break;
+case 69:
+#line 822 "parse.yacc"
+{
+ setenv_ok = FALSE;
+ if (printmatches == TRUE && host_matches == TRUE &&
+ user_matches == TRUE)
+ cm_list[cm_list_len].setenv = FALSE;
+ }
+break;
+case 70:
+#line 830 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE)
expand_match_list();
}
}
+ /* sudo "ALL" implies the SETENV tag */
+ if (setenv_ok == UNSPEC)
+ setenv_ok = IMPLIED;
+ efree(safe_cmnd);
+ safe_cmnd = NULL;
yyval.BOOLEAN = TRUE;
-
- if (safe_cmnd)
- free(safe_cmnd);
- safe_cmnd = estrdup(user_cmnd);
}
break;
-case 61:
-#line 684 "parse.yacc"
+case 71:
+#line 848 "parse.yacc"
{
aliasinfo *aip;
}
yyval.BOOLEAN = NOMATCH;
}
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
-case 62:
-#line 713 "parse.yacc"
+case 72:
+#line 877 "parse.yacc"
{
if (printmatches == TRUE) {
if (in_alias == TRUE) {
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].command.cmnd);
- if (yyvsp[0].command.args)
- free(yyvsp[0].command.args);
+ efree(yyvsp[0].command.cmnd);
+ efree(yyvsp[0].command.args);
}
break;
-case 65:
-#line 744 "parse.yacc"
+case 75:
+#line 907 "parse.yacc"
{ push; }
break;
-case 66:
-#line 744 "parse.yacc"
+case 76:
+#line 907 "parse.yacc"
{
if ((MATCHED(host_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) {
pop;
}
break;
-case 71:
-#line 762 "parse.yacc"
+case 81:
+#line 925 "parse.yacc"
{
push;
if (printmatches == TRUE) {
}
}
break;
-case 72:
-#line 771 "parse.yacc"
+case 82:
+#line 934 "parse.yacc"
{
if ((MATCHED(cmnd_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) {
YYERROR;
}
pop;
- free(yyvsp[-3].string);
+ efree(yyvsp[-3].string);
if (printmatches == TRUE)
in_alias = FALSE;
}
break;
-case 73:
-#line 785 "parse.yacc"
+case 83:
+#line 948 "parse.yacc"
{ ; }
break;
-case 77:
-#line 793 "parse.yacc"
+case 87:
+#line 956 "parse.yacc"
{
if (printmatches == TRUE) {
in_alias = TRUE;
}
}
break;
-case 78:
-#line 801 "parse.yacc"
+case 88:
+#line 964 "parse.yacc"
{
if ((yyvsp[0].BOOLEAN != NOMATCH || pedantic) &&
!add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) {
yyerror(NULL);
YYERROR;
}
- free(yyvsp[-3].string);
+ efree(yyvsp[-3].string);
if (printmatches == TRUE)
in_alias = FALSE;
}
break;
-case 81:
-#line 818 "parse.yacc"
+case 91:
+#line 981 "parse.yacc"
{ push; }
break;
-case 82:
-#line 818 "parse.yacc"
+case 92:
+#line 981 "parse.yacc"
{
if ((MATCHED(user_matches) || pedantic) &&
!add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) {
YYERROR;
}
pop;
- free(yyvsp[-3].string);
+ efree(yyvsp[-3].string);
}
break;
-case 85:
-#line 833 "parse.yacc"
+case 95:
+#line 996 "parse.yacc"
{
SETMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
-case 86:
-#line 836 "parse.yacc"
+case 96:
+#line 999 "parse.yacc"
{
SETNMATCH(user_matches, yyvsp[0].BOOLEAN);
}
break;
-case 87:
-#line 841 "parse.yacc"
+case 97:
+#line 1004 "parse.yacc"
{
if (userpw_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
-case 88:
-#line 848 "parse.yacc"
+case 98:
+#line 1011 "parse.yacc"
{
if (usergr_matches(yyvsp[0].string, user_name, sudo_user.pw))
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
-case 89:
-#line 855 "parse.yacc"
+case 99:
+#line 1018 "parse.yacc"
{
if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name))
yyval.BOOLEAN = TRUE;
else
yyval.BOOLEAN = NOMATCH;
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
-case 90:
-#line 862 "parse.yacc"
+case 100:
+#line 1025 "parse.yacc"
{
aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS);
}
yyval.BOOLEAN = NOMATCH;
}
- free(yyvsp[0].string);
+ efree(yyvsp[0].string);
}
break;
-case 91:
-#line 884 "parse.yacc"
+case 101:
+#line 1047 "parse.yacc"
{
yyval.BOOLEAN = TRUE;
}
break;
-#line 1920 "sudo.tab.c"
+#line 2149 "sudo.tab.c"
}
yyssp -= yym;
yystate = *yyssp;
projects / debian / sudo / blobdiff