From 4cc6a09e8f9028ef10631ccd17b88361356a6425 Mon Sep 17 00:00:00 2001 From: Jeroen van Wolffelaar Date: Wed, 29 Jun 2005 03:56:11 +0200 Subject: [PATCH] Imported Debian patch 1.6.6-1.3woody1 --- config.guess | 18 + debian/OPTIONS | 43 + debian/changelog | 461 +++++++++ debian/conffiles | 2 + debian/control | 15 + debian/copyright | 72 ++ debian/dirs | 6 + debian/init.d | 23 + debian/postinst | 66 ++ debian/rules | 105 ++ debian/sudo.pam | 3 + env.c | 12 + parse.yacc | 4 - sudo.c | 10 +- sudo.tab.c | 2546 ++++++++++++++++++++++++++++------------------ sudo.tab.h | 53 +- sudoers | 2 + sudoers.pod | 4 +- 18 files changed, 2431 insertions(+), 1014 deletions(-) create mode 100644 debian/OPTIONS create mode 100644 debian/changelog create mode 100644 debian/conffiles create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/dirs create mode 100644 debian/init.d create mode 100644 debian/postinst create mode 100755 debian/rules create mode 100644 debian/sudo.pam diff --git a/config.guess b/config.guess index 6012b39..889600f 100755 --- a/config.guess +++ b/config.guess @@ -774,6 +774,24 @@ EOF big) echo mips-unknown-linux-gnu && exit 0 ;; little) echo mipsel-unknown-linux-gnu && exit 0 ;; esac + # Since Linux 2.4.20-* there is no such line in /proc/cpuinfo anymore + eval $set_cc_for_build + sed 's/^ //' << EOF > $dummy.c + #include + int + main () + { + exit (0); + } +EOF + $CC_FOR_BUILD $dummy.c -o $dummy + case `file $dummy` in + *MIPS\ *_BE*) echo mips-unknown-linux-gnu && exit 0 ;; + *MIPS\ *_LE*) echo mipsel-unknown-linux-gnu && exit 0 ;; + *MSB\ MIPS-I\ executable*) echo mips-unknown-linux-gnu && exit 0 ;; + *LSB\ MIPS-I\ executable*) echo mipsel-unknown-linux-gnu && exit 0 ;; + esac + rm -f $dummy.c $dummy ;; ppc:Linux:*:*) echo powerpc-unknown-linux-gnu diff --git a/debian/OPTIONS b/debian/OPTIONS new file mode 100644 index 0000000..33bd4d9 --- /dev/null +++ b/debian/OPTIONS @@ -0,0 +1,43 @@ +The following options were used to configure sudo for Debian GNU/Linux. + + --with-exempt=sudo + + Any user in group 'sudo' will not need to type their password. It + is strongly recommended that no users be put in group sudo, and that + instead the NOPASSWD option in the sudoers file be used if desired. + + --with-pam + + Support for pluggable authentication modules. + + --with-fqdn + + Allow use of fully qualified domain names in the sudoers file. + + --disable-root-mailer + + Send mail as the invoking user, not as root. + + --with-logging=syslog + --with-logfac=authpriv + + Where logging information goes. + + --with-env-editor + --with-editor=/usr/bin/editor + + Honor the EDITOR and VISUAL environment variables. If they are not + present, default to the Debian default system editor. + + --with-timeout=15 + --with-password-timeout=0 + + Allow 15 minutes before a user has to re-type their passord, versus + the sudo usual default of 5. Never time out while waiting for a + password to be typed, this is a seriously big deal for Debian package + developers using 'dpkg-buildpackage -rsudo'. + + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\ + /sbin:/bin:/usr/X11R6/bin" + + Give a reasonable default path for commands run as root via sudo. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..b69108e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,461 @@ +sudo (1.6.6-1.3woody1) oldstable-security; urgency=high + + * Security upload + * Fix race condition in pathname validation [CAN-2005-1993] + (Closes: #315115) + + -- Jeroen van Wolffelaar Wed, 29 Jun 2005 03:56:11 +0200 + +sudo (1.6.6-1.3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Removed debugging code again. Sorry. + + -- Martin Schulze Wed, 24 Nov 2004 15:51:06 +0100 + +sudo (1.6.6-1.2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Applied upstream patch to prevent bash functions and the CDPATH + environment variable from being exported into the sudo environment + [env.c, CAN-2004-1051] + * Added special detection routine for big/little endianess on MIPS since + the line "byteorder : {big|little} endian" from /proc/cpuinfo was + removed as of Linux 2.4.20, resulting in the mipsel buildd being + unable to build this package. + + -- Martin Schulze Thu, 18 Nov 2004 08:53:05 +0100 + +sudo (1.6.6-1.1) unstable; urgency=high + + * NMU - patch from Colin Watson , in bts. + * Revert patch to auth/pam.c that left pass uninitialized, causing a + segfault (Closes: #144665). + + -- LaMont Jones Fri, 26 Apr 2002 22:36:04 -0600 + +sudo (1.6.6-1) unstable; urgency=high + + * new upstream version, fixes security problem with crafty prompts, + closes: #144540 + + -- Bdale Garbee Thu, 25 Apr 2002 12:45:49 -0600 + +sudo (1.6.5p1-4) unstable; urgency=high + + * apply patch for auth/pam.c to fix yet another way to make sudo segfault + if ctrl/C'ed at password prompt, closes: #131235 + + -- Bdale Garbee Sun, 3 Mar 2002 23:18:56 -0700 + +sudo (1.6.5p1-3) unstable; urgency=high + + * ugly hack to add --disable-saved-ids when building on sparc in response + to 131592, which will be reassigned to glibc for a real fix + * urgency high since the sudo currently in testing for sparc is worthless + + -- Bdale Garbee Sun, 17 Feb 2002 22:42:10 -0700 + +sudo (1.6.5p1-2) unstable; urgency=high + + * patch from upstream to fix seg faults caused by versions of pam that + follow a NULL pointer, closes: #129512 + + -- Bdale Garbee Tue, 22 Jan 2002 01:50:13 -0700 + +sudo (1.6.5p1-1) unstable; urgency=high + + * new upstream version + * add --disable-root-mailer option supported by new version to configure + call in rules file, closes: #129648 + + -- Bdale Garbee Fri, 18 Jan 2002 11:29:37 -0700 + +sudo (1.6.4p1-1) unstable; urgency=high + + * new upstream version, with fix for segfaulting problem in 1.6.4 + + -- Bdale Garbee Mon, 14 Jan 2002 20:09:46 -0700 + +sudo (1.6.4-1) unstable; urgency=high + + * new upstream version, includes an important security fix, closes: #127576 + + -- Bdale Garbee Mon, 14 Jan 2002 09:35:48 -0700 + +sudo (1.6.3p7-5) unstable; urgency=low + + * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872 + * fix spelling error in init.d, closes: #126847 + + -- Bdale Garbee Sat, 29 Dec 2001 11:21:43 -0700 + +sudo (1.6.3p7-4) unstable; urgency=medium + + * use touch to set status files to an ancient date instead of removing them + outright on reboot. this achieves the desired effect of keeping elevated + privs from living across reboots, without forcing everyone to see the + new-sudo-user lecture after every reboot. pick a time that's 'old enough' + for systems with good clocks, and 'recent enough' that broken PC hardware + setting the clock to commonly-seen bogus dates trips over the "don't trust + future timestamps" rule. closes: #76529, #123559 + * apply patch from Steve Langasek to fix seg faults due to interaction with + PAM code. upstream confirms the problem, and says they're fixing this + differently for their next release... but this should be useful in the + meantime, and would be good to get into woody. closes: #119147 + * only run the init.d at boot, not on each runlevel change... and don't run + it during package configure. closes: #125935 + * add DEB_BUILD_OPTIONS support to rules file, closes: #94952 + + -- Bdale Garbee Wed, 26 Dec 2001 12:40:44 -0700 + +sudo (1.6.3p7-3) unstable; urgency=low + + * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not + resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718, + * fix a typo in the manpage, closes: #97368 + * apply patch to configure.in and run autoconf to fix problem building on + the hurd, closes: #96325 + * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed + to not last across reboots, closes: #76529 + * clean up lintian-noticed cosmetic packaging issues + + -- Bdale Garbee Sat, 1 Dec 2001 02:59:52 -0700 + +sudo (1.6.3p7-2) unstable; urgency=low + + * update config.sub/guess for hppa support + + -- Bdale Garbee Sun, 22 Apr 2001 23:23:42 -0600 + +sudo (1.6.3p7-1) unstable; urgency=low + + * new upstream version + * add build dependency on mail-transport-agent, closes: #90685 + + -- Bdale Garbee Thu, 12 Apr 2001 17:02:42 -0600 + +sudo (1.6.3p6-1) unstable; urgency=high + + * new upstream version, fixes buffer overflow problem, + closes: #87259, #87278, #87263 + * revert to using --with-secure-path option at build time, since the option + available in sudoers is parsed too late to be useful, and upstream says + it won't get fixed quickly. This reopens 85123, which I will mark as + forwarded. Closes: #86199, #86117, #85676 + + -- Bdale Garbee Mon, 26 Feb 2001 11:02:51 -0700 + +sudo (1.6.3p5-2) unstable; urgency=low + + * lose the dh_suidregister call since it's obsolete + * stop using the --with-secure-path option at build time, and instead show + how to set it in sudoers. Closes: #85123 + * freshen config.sub and config.guess for ia64 and hppa + * update sudoers man page to indicate exempt_group is on by default, + closes: #70847 + + -- Bdale Garbee Sat, 10 Feb 2001 02:05:17 -0700 + +sudo (1.6.3p5-1) unstable; urgency=low + + * new upstream version, closes: #63940, #59175, #61817, #64652, #65743 + * this version restores core dumps before the exec, while leaving them + disabled during sudo's internal execution, closes: #58289 + * update debhelper calls in rules file + + -- Bdale Garbee Wed, 16 Aug 2000 00:13:15 -0600 + +sudo (1.6.2p2-1) frozen unstable; urgency=medium + + * new upstream source resulting from direct collaboration with the upstream + author to fix ugly pam-related problems on Debian in 1.6.1 and later. + Closes: #56129, #55978, #55979, #56550, #56772 + * include more upstream documentation, closes: #55054 + * pam.d fragment update, closes: #56129 + + -- Bdale Garbee Sun, 27 Feb 2000 11:48:48 -0700 + +sudo (1.6.1-1) unstable; urgency=low + + * new upstream source, closes: #52750 + + -- Bdale Garbee Fri, 7 Jan 2000 21:01:42 -0700 + +sudo (1.6-2) unstable; urgency=low + + * drop suidregister support for this package. The sudo executable is + essentially worthless unless it is setuid root, and making suidregister + work involves shipping a non-setuid executable in the .deb and setting the + perms in the postinst. On a long upgrade run, this can leave the sudo + executable 'broken' for a long time, which is unacceptable. With this + version, we ship the executable setuid root in the .deb. Closes: #51742 + + -- Bdale Garbee Wed, 1 Dec 1999 19:59:44 -0700 + +sudo (1.6-1) unstable; urgency=low + + * new upstream version, many options previously set at compile-time are now + configurable at runtime. + Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639 + * FHS support + + -- Bdale Garbee Tue, 23 Nov 1999 16:51:22 -0700 + +sudo (1.5.9p4-1) unstable; urgency=low + + * new upstream version, closes: #43464 + * empty password handling was fixed in 1.5.8, closes: #31863 + + -- Bdale Garbee Thu, 26 Aug 1999 00:00:57 -0600 + +sudo (1.5.9p1-1) unstable; urgency=low + + * new upstream version + + -- Bdale Garbee Thu, 15 Apr 1999 22:43:29 -0600 + +sudo (1.5.8p1-1) unstable; urgency=medium + + * new upstream version, closes 33690 + * add dependency on libpam-modules, closes 34215, 33432 + + -- Bdale Garbee Mon, 8 Mar 1999 10:27:42 -0700 + +sudo (1.5.7p4-2) unstable; urgency=medium + + * update the pam fragment provided so that sudo works with latest pam bits, + closes 33432 + + -- Bdale Garbee Sun, 21 Feb 1999 00:22:44 -0700 + +sudo (1.5.7p4-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee Sun, 27 Dec 1998 16:13:53 -0700 + +sudo (1.5.6p5-1) unstable; urgency=low + + * new upstream patch release + * add PAM support, closes 28594 + + -- Bdale Garbee Mon, 2 Nov 1998 00:00:24 -0700 + +sudo (1.5.6p2-2) unstable; urgency=low + + * update copyright file, closes 24136 + * review and close forwarded bugs believed fixed in this upstream version, + closes 17606, 15786. + + -- Bdale Garbee Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.6p2-1) unstable; urgency=low + + * new upstream release + + -- Bdale Garbee Mon, 5 Oct 1998 22:30:43 -0600 + +sudo (1.5.4-4) frozen unstable; urgency=low + + * update postinst to use groupadd, closes 21403 + * move the suidregister stuff earlier in postinst to ensure it always runs + + -- Bdale Garbee Sun, 19 Apr 1998 22:07:45 -0600 + +sudo (1.5.4-3) frozen unstable; urgency=low + + * change /etc/sudoers from a conffile to being handled in postinst, + closes 18219 + * add suidmanager support, closes 15711 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is + unlikely to ever fix, and which just don't matter. closes 17146 + * fix FSF address in copyright file, and submit exception for lintian + warning about sudo being setuid root + + -- Bdale Garbee Thu, 9 Apr 1998 23:59:11 -0600 + +sudo (1.5.4-2) unstable; urgency=high + + * patch from upstream author correcting/improving security fix + + -- Bdale Garbee Tue, 13 Jan 1998 10:39:35 -0700 + +sudo (1.5.4-1) unstable; urgency=high + + * new upstream version, includes a security fix + * change default editor from /bin/ae to /usr/bin/editor + + -- Bdale Garbee Mon, 12 Jan 1998 23:36:41 -0700 + +sudo (1.5.3-1) unstable; urgency=medium + + * new upstream version, closes bug 15911. + * rules file reworked to use debhelper + * implement a really gross hack to force use of the sudo-provided + lsearch(), since the one in libc6 is broken! This closes bugs + 12552, 12557, 14881, 15259, 15916. + + -- Bdale Garbee Sat, 3 Jan 1998 20:39:23 -0700 + +sudo (1.5.2-6) unstable; urgency=LOW + + * don't install INSTALL in the doc directory, closes bug 13195. + + -- Bdale Garbee Sun, 21 Sep 1997 17:10:40 -0600 + +sudo (1.5.2-5) unstable; urgency=LOW + + * libc6 + + -- Bdale Garbee Fri, 5 Sep 1997 00:06:22 -0600 + +sudo (1.5.2-4) unstable; urgency=LOW + + * change TIMEOUT (how long before you have to type your password again) + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian + packages on slower machines much more tolerable. Closes bug 9076. + * touch debian/suid before debstd. Closes bug 8709. + + -- Bdale Garbee Sat, 26 Apr 1997 00:48:01 -0600 + +sudo (1.5.2-3) frozen unstable; urgency=LOW + + * patch from upstream maintainer to close Bug 6828 + * add a debian/suid file to get debstd to leave my perl postinst alone + + -- Bdale Garbee Fri, 11 Apr 1997 23:09:55 -0600 + +sudo (1.5.2-2) frozen unstable; urgency=LOW + + * change rules to use -O2 -Wall as per standards + + -- Bdale Garbee Sun, 6 Apr 1997 12:48:53 -0600 + +sudo (1.5.2-1) unstable; urgency=LOW + + * new upstream version + * cosmetic changes to debian package control files + + -- Bdale Garbee Wed, 30 Oct 1996 09:50:00 -0700 + +sudo (1.5-2) unstable; urgency=LOW + + * add /usr/X11R6/bin to the end of the secure path... this makes it + much easier to run xmkmf, etc., during package builds. To the extent + that /usr/local/sbin and /usr/local/bin were already included, I see + no security reasons not to add this. + + -- Bdale Garbee Wed, 30 Oct 1996 09:44:58 -0700 + +sudo (1.5-1) unstable; urgency=LOW + + * New upstream version + * New maintainer + * New packaging format + + -- Bdale Garbee Thu, 29 Aug 1996 11:44:22 +0200 + +Tue Mar 5 09:36:41 MET 1996 Michael Meskes + + sudo (1.4.1-1): + + * hard code SECURE_PATH to: + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + + * enable ENV_EDITOR + + * enabled EXEMPTGROUP "sudo" + + * moved timestamp dir to /var/log/sudo + + * changed parser to check for long and short filenames (Bug#1162) + +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes + + sudo (1.4.2-1): + + * New upstream source + + * Fixed postinst script + (thanks to Peter Tobis ) + + * Removed special shadow binary. This version works with and without + shadow password file. + +Mon May 20 09:35:22 MET DST 1996 Michael Meskes + + sudo (1.4.2-2): + + * Corrected editor path to /bin/ae (Bug#3062) + + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063) + +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes + + sudo (1.4.3-1): + + * New upstream version + + * Changed sudoers permission to 440 (owner root, group root) to make + sudo usable via NFS + +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes + + sudo (1.4.3-2): + + * Applied upstream patch 1 + +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes + + sudo (1.4.3-3): + + * Applied upstream patch 2 + +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes + + sudo (1.4.3-4): + + * Applied upstream patch 3 (fixes problems with an NFS-mounted + sudoers file) + + +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes + + sudo (1.4.3-5): + + * Corrected postinst to use /usr/bin/perl instead of /bin/perl + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)] + +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes + + sudo (1.4.3-6): + + * Applied upstream patch 4 (fixes several bugs) + + * Changed priority to optional + +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes + + sudo (1.4.3-7): + + * Corrected postinst to create correct permission for /etc/sudoers + (Bug#3749) + +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes + + sudo (1.4.4-1): + + * New upstream version + + +sudo (1.4.4-2) admin; urgency=HIGH + + * Fixed major security bug reported by Peter Tobias + + * Added dchanges support to debian.rules + +sudo (1.4.5-1) admin; urgency=LOW + + * New upstream version + * Minor changes to debian.rules diff --git a/debian/conffiles b/debian/conffiles new file mode 100644 index 0000000..3597083 --- /dev/null +++ b/debian/conffiles @@ -0,0 +1,2 @@ +/etc/init.d/sudo +/etc/pam.d/sudo diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..53b78b5 --- /dev/null +++ b/debian/control @@ -0,0 +1,15 @@ +Source: sudo +Section: admin +Priority: optional +Maintainer: Bdale Garbee +Build-Depends: debhelper (>= 2.1.6), libpam0g-dev, mail-transport-agent +Standards-Version: 3.5.6.0 + +Package: sudo +Architecture: any +Depends: ${shlibs:Depends}, libpam-modules +Description: Provides limited super user privileges to specific users. + Sudo is a program designed to allow a sysadmin to give limited root + privileges to users and log root activity. The basic philosophy is to give + as few privileges as possible but still allow people to get their work done. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..dc138e8 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,72 @@ +This is the Debian GNU/Linux prepackaged version of sudo. sudo is +used to provide limited super user privileges to specific users. + +This package was put together by Bdale Garbee using sources +from + ftp://ftp.cs.colorado.edu/pub/sudo/ + +Sudo is distributed under the following BSD-style license: + + Copyright (c) 1994-1996,1998-2002 Todd C. Miller + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission + from the author. + + 4. Products derived from this software may not be called "Sudo" nor + may "Sudo" appear in their names without specific prior written + permission from the author. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c +and fnmatch.3 bear the following UCB license: + + Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..ece3c10 --- /dev/null +++ b/debian/dirs @@ -0,0 +1,6 @@ +etc/pam.d +usr/bin +usr/share/man/man8 +usr/share/man/man5 +usr/sbin +usr/share/doc/sudo/examples diff --git a/debian/init.d b/debian/init.d new file mode 100644 index 0000000..d208c9c --- /dev/null +++ b/debian/init.d @@ -0,0 +1,23 @@ +#! /bin/sh + +N=/etc/init.d/sudo + +set -e + +case "$1" in + start) + # make sure privileges don't persist across reboots + if [ -d /var/run/sudo ] + then + touch -t 198501010000 /var/run/sudo/* + fi + ;; + stop|reload|restart|force-reload) + ;; + *) + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..cd93ef1 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,66 @@ +#!/usr/bin/perl + +# remove old link + +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo"); + +# make sure we have a sudoers file +if ( ! -f "/etc/sudoers") { + + print "No /etc/sudoers found... creating one for you.\n"; + + open (SUDOERS, "> /etc/sudoers"); + print SUDOERS "# sudoers file.\n", + "#\n", + "# This file MUST be edited with the 'visudo' command as root.\n", + "#\n", + "# See the man page for details on how to write a sudoers file.\n", + "#\n\n# Host alias specification\n\n", + "# User alias specification\n\n", + "# Cmnd alias specification\n\n", + "# User privilege specification\nroot\tALL=(ALL) ALL\n"; + close SUDOERS; + +} + +# make sure sudoers has the correct permissions and owner/group +system ('chown root.root /etc/sudoers'); +system ('chmod 440 /etc/sudoers'); + +if ( $ARGV[0] == "configure" && -d "/usr/doc" && ! -e "/usr/doc/sudo" && + -d "/usr/share/doc/sudo" ) { + system ('ln -sf ../share/doc/sudo /usr/doc/sudo'); +} + +# must do a remove first to un-do the "bad" links created by previous version +system ('update-rc.d -f sudo remove >/dev/null 2>&1'); + +system ('update-rc.d sudo start 75 S . >/dev/null'); + +# make sure we have a sudo group + +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo + +$gid = 27; # start searcg with gid 27 +setgrent; +while (getgrgid($gid)) { + ++$gid; +} +endgrent; + +if ($gid != 27) { + print "On Debian we normally use gid 27 for 'sudo'.\n"; + $gname = getgrgid(27); + print "However, on your system gid 27 is group '$gname'.\n\n"; + print "Would you like me to stop configuring sudo so that you can change this? [n] "; + $ans = ; + if ($ans =~ m/^[yY].*/) { + print "'dpkg --pending --configure' will restart the configuration.\n\n\n"; + exit 1; + } +} + +print "Creating group 'sudo' with gid = $gid\n"; +system("groupadd -g $gid sudo"); + +print ""; diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..dc7790e --- /dev/null +++ b/debian/rules @@ -0,0 +1,105 @@ +#!/usr/bin/make -f + +# Comment this to turn off verbose mode. +export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +export DH_COMPAT=2 + +CFLAGS = -O2 -Wall -Wno-comment +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS))) +CFLAGS += -g +endif +export CFLAGS + +buildarch := $(shell dpkg-architecture -qDEB_BUILD_ARCH) +ifeq ($(buildarch),sparc) + grosshack := --disable-saved-ids +else + grosshack := +endif + +build: build-stamp +build-stamp: + dh_testdir + + ./configure --prefix=/usr -v \ + --with-exempt=sudo --with-pam --with-fqdn \ + --with-logging=syslog --with-logfac=authpriv \ + --with-env-editor --with-editor=/usr/bin/editor \ + --with-timeout=15 --with-password-timeout=0 \ + --disable-root-mailer $(grosshack) \ + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + + -$(MAKE) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + -$(MAKE) distclean || exit 0 + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + install -o root -g root -m 4755 -s sudo debian/sudo/usr/bin/sudo + install -o root -g root -m 0755 -s visudo debian/sudo/usr/sbin/visudo + install -o root -g root -m 0644 sudo.man \ + debian/sudo/usr/share/man/man8/sudo.8 + install -o root -g root -m 0644 visudo.man \ + debian/sudo/usr/share/man/man8/visudo.8 + install -o root -g root -m 0644 sudoers.man \ + debian/sudo/usr/share/man/man5/sudoers.5 + install -g root -m 644 -o root sample.sudoers \ + debian/sudo/usr/share/doc/sudo/examples/sudoers + install -g root -m 644 -o root debian/sudo.pam \ + debian/sudo/etc/pam.d/sudo + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs debian/OPTIONS BUGS RUNSON UPGRADE PORTING \ + TODO HISTORY README TROUBLESHOOTING + dh_installexamples + dh_installmenu +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime + dh_installinit + dh_installcron + dh_installmanpages fnmatch.3 + dh_installinfo +# dh_undocumented + dh_installchangelogs CHANGES + dh_link + dh_strip + dh_compress + dh_fixperms + # You may want to make some executables suid here. + chown root.root debian/sudo/usr/bin/sudo + chmod 4755 debian/sudo/usr/bin/sudo +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/debian/sudo.pam b/debian/sudo.pam new file mode 100644 index 0000000..749b428 --- /dev/null +++ b/debian/sudo.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 + +auth required pam_unix.so diff --git a/env.c b/env.c index f49e51e..b4feef1 100644 --- a/env.c +++ b/env.c @@ -95,6 +95,7 @@ static char *format_env __P((char *, char *)); */ char *initial_badenv_table[] = { "IFS", + "CDPATH", "LOCALDOMAIN", "RES_OPTIONS", "HOSTALIASES", @@ -280,6 +281,12 @@ rebuild_env(sudo_mode, envp) /* Pull in vars we want to keep from the old environment. */ for (ep = envp; *ep; ep++) { keepit = 0; + + /* Skip variables with values beginning with () (bash functions) */ + if ((cp = strchr(*ep, '=')) != NULL && + strncmp(cp, "=() ", 3) == 0) + continue; + for (cur = def_list(I_ENV_KEEP); cur; cur = cur->next) { len = strlen(cur->value); /* Deal with '*' wildcard */ @@ -359,6 +366,11 @@ rebuild_env(sudo_mode, envp) for (ep = envp; *ep; ep++) { okvar = 1; + /* Skip variables with values beginning with () (bash functions) */ + if ((cp = strchr(*ep, '=')) != NULL && + strncmp(cp, "=() ", 3) == 0) + continue; + /* Skip anything listed in env_delete. */ for (cur = def_list(I_ENV_DELETE); cur && okvar; cur = cur->next) { len = strlen(cur->value); diff --git a/parse.yacc b/parse.yacc index 7a6fb4e..04794ae 100644 --- a/parse.yacc +++ b/parse.yacc @@ -638,10 +638,6 @@ cmnd : ALL { } $$ = TRUE; - - if (safe_cmnd) - free(safe_cmnd); - safe_cmnd = estrdup(user_cmnd); } | ALIAS { aliasinfo *aip; diff --git a/sudo.c b/sudo.c index 7c6f532..4052ad4 100644 --- a/sudo.c +++ b/sudo.c @@ -286,6 +286,8 @@ main(argc, argv, envp) if (runas_pw == NULL) log_error(NO_MAIL|MSG_ONLY, "no passwd entry for %s!", *user_runas); } + if (safe_cmnd == NULL) + safe_cmnd = user_cmnd; /* This goes after the sudoers parse since we honor sudoers options. */ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) { @@ -354,14 +356,6 @@ main(argc, argv, envp) exit(0); } - /* This *must* have been set if we got a match but... */ - if (safe_cmnd == NULL) { - log_error(MSG_ONLY, - "internal error, safe_cmnd never got set for %s; %s", - user_cmnd, - "please report this error at http://courtesan.com/sudo/bugs/"); - } - /* Reset signal handlers before we exec. */ sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; diff --git a/sudo.tab.c b/sudo.tab.c index db81c13..ca77a2b 100644 --- a/sudo.tab.c +++ b/sudo.tab.c @@ -1,22 +1,31 @@ -#ifndef lint -/*static char yysccsid[] = "from: @(#)yaccpar 1.9 (Berkeley) 02/21/93";*/ -static char yyrcsid[] -#if __GNUC__ == 2 - __attribute__ ((unused)) -#endif /* __GNUC__ == 2 */ - = "$OpenBSD: skeleton.c,v 1.18 2001/11/19 19:02:18 mpech Exp $"; -#endif -#include -#define YYBYACC 1 -#define YYMAJOR 1 -#define YYMINOR 9 -#define YYLEX yylex() -#define YYEMPTY -1 -#define yyclearin (yychar=(YYEMPTY)) -#define yyerrok (yyerrflag=0) -#define YYRECOVERING() (yyerrflag!=0) -#define YYPREFIX "yy" -#line 2 "parse.yacc" +/* A Bison parser, made from parse.yacc + by GNU bison 1.35. */ + +#define YYBISON 1 /* Identify Bison output. */ + +# define COMMAND 257 +# define ALIAS 258 +# define DEFVAR 259 +# define NTWKADDR 260 +# define NETGROUP 261 +# define USERGROUP 262 +# define WORD 263 +# define DEFAULTS 264 +# define DEFAULTS_HOST 265 +# define DEFAULTS_USER 266 +# define RUNAS 267 +# define NOPASSWD 268 +# define PASSWD 269 +# define ALL 270 +# define COMMENT 271 +# define HOSTALIAS 272 +# define CMNDALIAS 273 +# define USERALIAS 274 +# define RUNASALIAS 275 +# define ERROR 276 + +#line 1 "parse.yacc" + /* * Copyright (c) 1996, 1998-2001 Todd C. Miller * All rights reserved. @@ -103,7 +112,7 @@ static char yyrcsid[] #endif /* HAVE_LSEARCH */ #ifndef lint -static const char rcsid[] = "$Sudo: sudo.tab.c,v 1.58 2002/03/16 00:45:48 millert Exp $"; +static const char rcsid[] = "$Sudo: parse.yacc,v 1.180 2002/03/16 00:44:47 millert Exp $"; #endif /* lint */ /* @@ -227,984 +236,1039 @@ yyerror(s) } parse_error = TRUE; } + #line 214 "parse.yacc" +#ifndef YYSTYPE typedef union { char *string; int BOOLEAN; struct sudo_command command; int tok; -} YYSTYPE; -#line 238 "sudo.tab.c" -#define COMMAND 257 -#define ALIAS 258 -#define DEFVAR 259 -#define NTWKADDR 260 -#define NETGROUP 261 -#define USERGROUP 262 -#define WORD 263 -#define DEFAULTS 264 -#define DEFAULTS_HOST 265 -#define DEFAULTS_USER 266 -#define RUNAS 267 -#define NOPASSWD 268 -#define PASSWD 269 -#define ALL 270 -#define COMMENT 271 -#define HOSTALIAS 272 -#define CMNDALIAS 273 -#define USERALIAS 274 -#define RUNASALIAS 275 -#define ERROR 276 -#define YYERRCODE 256 -short yylhs[] = { -1, - 0, 0, 7, 7, 9, 7, 7, 7, 7, 7, - 7, 15, 16, 18, 16, 20, 16, 17, 17, 21, - 21, 21, 21, 21, 10, 10, 22, 24, 24, 2, - 2, 2, 2, 2, 23, 23, 25, 28, 29, 28, - 26, 26, 5, 5, 4, 30, 4, 3, 3, 3, - 3, 3, 27, 27, 27, 1, 1, 1, 12, 12, - 32, 31, 19, 19, 13, 13, 34, 33, 35, 35, - 14, 14, 37, 36, 11, 11, 39, 38, 8, 8, - 40, 40, 6, 6, 6, 6, 6, +} yystype; +# define YYSTYPE yystype +# define YYSTYPE_IS_TRIVIAL 1 +#endif +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + + + +#define YYFINAL 129 +#define YYFLAG -32768 +#define YYNTBASE 29 + +/* YYTRANSLATE(YYLEX) -- Bison token number corresponding to YYLEX. */ +#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? yytranslate[x] : 70) + +/* YYTRANSLATE[YYLEX] -- Bison token number corresponding to YYLEX. */ +static const char yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 25, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 26, 24, 27, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 22, 2, + 2, 23, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 3, 4, 5, + 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 28 +}; + +#if YYDEBUG +static const short yyprhs[] = +{ + 0, 0, 2, 5, 7, 10, 11, 15, 18, 21, + 24, 27, 29, 32, 34, 35, 39, 40, 44, 46, + 50, 52, 55, 59, 63, 67, 69, 73, 77, 79, + 82, 84, 86, 88, 90, 92, 94, 98, 102, 104, + 105, 109, 110, 113, 115, 119, 121, 122, 126, 128, + 130, 132, 134, 136, 137, 139, 141, 143, 145, 147, + 149, 153, 154, 159, 161, 165, 167, 171, 172, 177, + 179, 183, 185, 189, 190, 195, 197, 201, 202, 207, + 209, 213, 215, 218, 220, 222, 224, 226 }; -short yylen[] = { 2, - 1, 2, 1, 2, 0, 3, 2, 2, 2, 2, - 1, 2, 1, 0, 3, 0, 3, 1, 3, 1, - 2, 3, 3, 3, 1, 3, 3, 1, 2, 1, - 1, 1, 1, 1, 1, 3, 3, 1, 0, 3, - 0, 2, 1, 3, 1, 0, 3, 1, 1, 1, - 1, 1, 0, 1, 1, 1, 1, 1, 1, 3, - 0, 4, 1, 3, 1, 3, 0, 4, 1, 3, - 1, 3, 0, 4, 1, 3, 0, 4, 1, 3, - 1, 2, 1, 1, 1, 1, 1, +static const short yyrhs[] = +{ + 30, 0, 29, 30, 0, 17, 0, 1, 17, 0, + 0, 31, 67, 38, 0, 20, 64, 0, 18, 53, + 0, 19, 57, 0, 21, 61, 0, 32, 0, 33, + 36, 0, 10, 0, 0, 12, 34, 67, 0, 0, + 11, 35, 56, 0, 37, 0, 37, 24, 36, 0, + 5, 0, 25, 5, 0, 5, 23, 9, 0, 5, + 26, 9, 0, 5, 27, 9, 0, 39, 0, 38, + 22, 39, 0, 56, 23, 42, 0, 41, 0, 25, + 41, 0, 16, 0, 6, 0, 7, 0, 9, 0, + 4, 0, 43, 0, 42, 24, 43, 0, 46, 51, + 44, 0, 52, 0, 0, 25, 45, 52, 0, 0, + 13, 47, 0, 48, 0, 47, 24, 48, 0, 50, + 0, 0, 25, 49, 50, 0, 9, 0, 8, 0, + 7, 0, 4, 0, 16, 0, 0, 14, 0, 15, + 0, 16, 0, 4, 0, 3, 0, 54, 0, 53, + 22, 54, 0, 0, 4, 55, 23, 56, 0, 40, + 0, 56, 24, 40, 0, 58, 0, 57, 22, 58, + 0, 0, 4, 59, 23, 60, 0, 44, 0, 60, + 24, 44, 0, 62, 0, 61, 22, 62, 0, 0, + 4, 63, 23, 47, 0, 65, 0, 64, 22, 65, + 0, 0, 4, 66, 23, 67, 0, 68, 0, 67, + 24, 68, 0, 69, 0, 25, 69, 0, 9, 0, + 8, 0, 7, 0, 4, 0, 16, 0 }; -short yydefred[] = { 0, - 0, 13, 16, 14, 3, 0, 0, 0, 0, 0, - 1, 0, 11, 0, 4, 0, 0, 61, 0, 59, - 67, 0, 65, 77, 0, 75, 73, 0, 71, 2, - 86, 85, 84, 83, 87, 0, 81, 0, 79, 0, - 0, 12, 0, 34, 31, 32, 33, 30, 0, 28, - 0, 63, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 82, 0, 0, 0, 25, 0, 0, 0, 21, - 0, 29, 0, 0, 60, 0, 66, 0, 76, 0, - 72, 80, 0, 0, 22, 23, 24, 19, 64, 0, - 58, 57, 56, 39, 38, 69, 0, 0, 51, 50, - 49, 48, 52, 46, 45, 43, 0, 26, 0, 0, - 35, 0, 0, 0, 0, 0, 0, 0, 54, 55, - 0, 40, 70, 47, 44, 36, 37, + +#endif + +#if YYDEBUG +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const short yyrline[] = +{ + 0, 259, 260, 263, 265, 267, 267, 271, 273, 275, + 277, 279, 283, 285, 288, 288, 292, 292, 298, 299, + 301, 309, 317, 326, 335, 345, 346, 349, 364, 368, + 373, 376, 383, 390, 397, 421, 422, 425, 452, 456, + 456, 470, 493, 498, 499, 508, 509, 509, 522, 536, + 550, 564, 593, 605, 615, 621, 629, 642, 671, 699, + 700, 703, 703, 711, 712, 715, 716, 719, 719, 740, + 741, 744, 745, 748, 748, 767, 768, 771, 771, 780, + 781, 784, 788, 793, 800, 807, 814, 834 }; -short yydgoto[] = { 10, - 95, 50, 105, 106, 107, 37, 11, 38, 12, 64, - 25, 19, 22, 28, 13, 14, 42, 17, 65, 16, - 43, 66, 110, 52, 111, 112, 121, 96, 113, 115, - 20, 54, 23, 56, 97, 29, 60, 26, 58, 39, +#endif + + +#if (YYDEBUG) || defined YYERROR_VERBOSE + +/* YYTNAME[TOKEN_NUM] -- String name of the token TOKEN_NUM. */ +static const char *const yytname[] = +{ + "$", "error", "$undefined.", "COMMAND", "ALIAS", "DEFVAR", "NTWKADDR", + "NETGROUP", "USERGROUP", "WORD", "DEFAULTS", "DEFAULTS_HOST", + "DEFAULTS_USER", "RUNAS", "NOPASSWD", "PASSWD", "ALL", "COMMENT", + "HOSTALIAS", "CMNDALIAS", "USERALIAS", "RUNASALIAS", "':'", "'='", + "','", "'!'", "'+'", "'-'", "ERROR", "file", "entry", "@1", + "defaults_line", "defaults_type", "@2", "@3", "defaults_list", + "defaults_entry", "privileges", "privilege", "ophost", "host", + "cmndspeclist", "cmndspec", "opcmnd", "@4", "runasspec", "runaslist", + "oprunasuser", "@5", "runasuser", "nopasswd", "cmnd", "hostaliases", + "hostalias", "@6", "hostlist", "cmndaliases", "cmndalias", "@7", + "cmndlist", "runasaliases", "runasalias", "@8", "useraliases", + "useralias", "@9", "userlist", "opuser", "user", 0 }; -short yysindex[] = { -236, - -264, 0, 0, 0, 0, -249, -243, -231, -227, -236, - 0, -23, 0, -30, 0, -17, -23, 0, -36, 0, - 0, -26, 0, 0, -14, 0, 0, -7, 0, 0, - 0, 0, 0, 0, 0, -215, 0, -33, 0, -3, - -226, 0, 5, 0, 0, 0, 0, 0, -194, 0, - 6, 0, 8, -5, -249, -4, -243, -2, -231, -1, - -227, 0, -23, 7, -38, 0, -210, -193, -188, 0, - -30, 0, -17, -17, 0, -25, 0, -23, 0, 245, - 0, 0, -17, -189, 0, 0, 0, 0, 0, 6, - 0, 0, 0, 0, 0, 0, 33, 8, 0, 0, - 0, 0, 0, 0, 0, 0, 38, 0, 245, 39, - 0, -251, -244, -25, -190, 245, 38, -189, 0, 0, - -25, 0, 0, 0, 0, 0, 0, +#endif + +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const short yyr1[] = +{ + 0, 29, 29, 30, 30, 31, 30, 30, 30, 30, + 30, 30, 32, 33, 34, 33, 35, 33, 36, 36, + 37, 37, 37, 37, 37, 38, 38, 39, 40, 40, + 41, 41, 41, 41, 41, 42, 42, 43, 44, 45, + 44, 46, 46, 47, 47, 48, 49, 48, 50, 50, + 50, 50, 50, 51, 51, 51, 52, 52, 52, 53, + 53, 55, 54, 56, 56, 57, 57, 59, 58, 60, + 60, 61, 61, 63, 62, 64, 64, 66, 65, 67, + 67, 68, 68, 69, 69, 69, 69, 69 }; -short yyrindex[] = { 255, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, - 0, 0, 0, 0, 0, 0, 0, 0, 121, 0, - 0, 141, 0, 0, 161, 0, 0, 181, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, - 0, 0, 201, 0, 0, 0, 0, 0, 0, 0, - -28, 0, -8, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 221, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 265, 0, 0, 0, 0, 0, 21, - 0, 0, 0, 0, 0, 0, 41, 61, 0, 0, - 0, 0, 0, 0, 0, 0, 81, 0, 0, 101, - 0, -9, 0, 0, 0, 0, 285, 265, 0, 0, - 0, 0, 0, 0, 0, 0, 0, + +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const short yyr2[] = +{ + 0, 1, 2, 1, 2, 0, 3, 2, 2, 2, + 2, 1, 2, 1, 0, 3, 0, 3, 1, 3, + 1, 2, 3, 3, 3, 1, 3, 3, 1, 2, + 1, 1, 1, 1, 1, 1, 3, 3, 1, 0, + 3, 0, 2, 1, 3, 1, 0, 3, 1, 1, + 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, + 3, 0, 4, 1, 3, 1, 3, 0, 4, 1, + 3, 1, 3, 0, 4, 1, 3, 0, 4, 1, + 3, 1, 2, 1, 1, 1, 1, 1 }; -short yygindex[] = { 0, - -29, 36, -27, -24, -22, 50, 79, -15, 0, 0, - 0, 0, 0, 0, 0, 0, 19, 0, -12, 0, - 0, 10, 0, 18, -21, 0, 0, -102, 0, 0, - 40, 0, 43, 0, 0, 35, 0, 44, 0, 42, + +/* YYDEFACT[S] -- default rule to reduce with in state S when YYTABLE + doesn't specify something else to do. Zero means the default is an + error. */ +static const short yydefact[] = +{ + 0, 0, 13, 16, 14, 3, 0, 0, 0, 0, + 0, 1, 0, 11, 0, 4, 0, 0, 61, 8, + 59, 67, 9, 65, 77, 7, 75, 73, 10, 71, + 2, 86, 85, 84, 83, 87, 0, 0, 79, 81, + 20, 0, 12, 18, 34, 31, 32, 33, 30, 0, + 63, 28, 17, 15, 0, 0, 0, 0, 0, 0, + 0, 0, 82, 0, 6, 25, 0, 0, 0, 0, + 21, 0, 29, 0, 0, 60, 0, 66, 0, 76, + 0, 72, 80, 0, 41, 22, 23, 24, 19, 64, + 62, 58, 57, 56, 39, 69, 38, 68, 78, 51, + 50, 49, 48, 52, 46, 74, 43, 45, 26, 0, + 27, 35, 53, 0, 0, 0, 0, 42, 41, 54, + 55, 0, 40, 70, 47, 44, 36, 37, 0, 0 }; -#define YYTABLESIZE 555 -short yytable[] = { 49, - 20, 53, 41, 51, 17, 73, 15, 94, 18, 36, - 63, 123, 91, 92, 21, 49, 119, 120, 127, 1, - 62, 55, 84, 53, 15, 93, 24, 2, 3, 4, - 27, 57, 70, 20, 5, 6, 7, 8, 9, 68, - 68, 69, 31, 59, 20, 32, 33, 34, 71, 73, - 61, 63, 85, 62, 35, 74, 76, 67, 78, 80, - 78, 90, 98, 44, 83, 45, 46, 99, 47, 86, - 100, 101, 102, 68, 87, 48, 114, 109, 62, 103, - 74, 116, 118, 122, 72, 62, 117, 124, 30, 88, - 89, 125, 108, 78, 75, 81, 126, 0, 68, 77, - 27, 0, 79, 0, 82, 0, 0, 0, 0, 0, - 0, 0, 0, 74, 0, 0, 0, 0, 78, 0, - 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 27, 0, 0, 0, 0, 74, 0, - 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 8, 0, 0, 0, 0, 27, 0, - 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 9, 0, 0, 0, 0, 0, 0, - 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, - 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 10, 0, 0, 0, 0, 0, 0, - 6, 0, 0, 0, 44, 0, 45, 46, 40, 47, - 17, 91, 92, 18, 31, 0, 48, 32, 33, 34, - 44, 0, 45, 46, 93, 47, 35, 53, 53, 0, - 15, 0, 48, 6, 0, 0, 20, 0, 20, 0, - 53, 20, 20, 20, 20, 20, 20, 0, 0, 0, - 20, 20, 20, 20, 20, 20, 62, 104, 62, 0, - 0, 62, 62, 62, 62, 62, 62, 5, 0, 0, - 62, 62, 62, 62, 62, 62, 68, 41, 68, 0, - 0, 68, 68, 68, 68, 68, 68, 0, 0, 0, - 68, 68, 68, 68, 68, 68, 78, 42, 78, 0, - 0, 78, 78, 78, 78, 78, 78, 0, 0, 0, - 78, 78, 78, 78, 78, 78, 74, 0, 74, 0, - 0, 74, 74, 74, 74, 74, 74, 0, 0, 0, - 74, 74, 74, 74, 74, 74, 27, 0, 27, 0, - 0, 27, 27, 27, 27, 27, 27, 0, 0, 0, - 27, 27, 27, 27, 27, 27, 8, 0, 8, 0, - 0, 8, 8, 8, 8, 8, 8, 0, 0, 0, - 8, 8, 8, 8, 8, 8, 9, 0, 9, 0, - 0, 9, 9, 9, 9, 9, 9, 0, 0, 0, - 9, 9, 9, 9, 9, 9, 7, 0, 7, 0, - 0, 7, 7, 7, 7, 7, 7, 0, 0, 0, - 7, 7, 7, 7, 7, 7, 10, 0, 10, 0, - 0, 10, 10, 10, 10, 10, 10, 0, 0, 0, - 10, 10, 10, 10, 10, 10, 18, 0, 18, 0, - 0, 18, 18, 18, 18, 18, 18, 0, 0, 0, - 18, 18, 18, 18, 18, 18, 6, 0, 6, 0, - 0, 6, 6, 6, 6, 6, 6, 0, 0, 0, - 6, 6, 6, 6, 6, 6, 0, 0, 0, 0, - 0, 0, 99, 0, 0, 100, 101, 102, 0, 0, - 0, 0, 5, 0, 103, 5, 5, 5, 0, 0, - 0, 41, 41, 0, 5, 0, 0, 0, 0, 0, - 0, 0, 41, 41, 41, 0, 0, 0, 0, 0, - 0, 42, 42, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 42, 42, 42, + +static const short yydefgoto[] = +{ + 10, 11, 12, 13, 14, 17, 16, 42, 43, 64, + 65, 50, 51, 110, 111, 95, 113, 112, 105, 106, + 115, 107, 121, 96, 19, 20, 54, 66, 22, 23, + 56, 97, 28, 29, 60, 25, 26, 58, 37, 38, + 39 }; -short yycheck[] = { 33, - 0, 17, 33, 16, 33, 44, 271, 33, 258, 33, - 44, 114, 257, 258, 258, 33, 268, 269, 121, 256, - 0, 58, 61, 33, 33, 270, 258, 264, 265, 266, - 258, 58, 259, 33, 271, 272, 273, 274, 275, 43, - 0, 45, 258, 58, 44, 261, 262, 263, 44, 44, - 58, 44, 263, 33, 270, 61, 61, 61, 61, 61, - 0, 74, 78, 258, 58, 260, 261, 258, 263, 263, - 261, 262, 263, 33, 263, 270, 44, 267, 58, 270, - 0, 44, 44, 113, 49, 36, 109, 115, 10, 71, - 73, 116, 83, 33, 55, 61, 118, -1, 58, 57, - 0, -1, 59, -1, 63, -1, -1, -1, -1, -1, - -1, -1, -1, 33, -1, -1, -1, -1, 58, -1, - 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 33, -1, -1, -1, -1, 58, -1, - 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 33, -1, -1, -1, -1, 58, -1, - 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, - 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, - 0, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 33, -1, -1, -1, -1, -1, -1, - 0, -1, -1, -1, 258, -1, 260, 261, 259, 263, - 259, 257, 258, 33, 258, -1, 270, 261, 262, 263, - 258, -1, 260, 261, 270, 263, 270, 257, 258, -1, - 259, -1, 270, 33, -1, -1, 256, -1, 258, -1, - 270, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, 33, 258, -1, - -1, 261, 262, 263, 264, 265, 266, 33, -1, -1, - 270, 271, 272, 273, 274, 275, 256, 33, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, 33, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, 256, -1, 258, -1, - -1, 261, 262, 263, 264, 265, 266, -1, -1, -1, - 270, 271, 272, 273, 274, 275, -1, -1, -1, -1, - -1, -1, 258, -1, -1, 261, 262, 263, -1, -1, - -1, -1, 258, -1, 270, 261, 262, 263, -1, -1, - -1, 257, 258, -1, 270, -1, -1, -1, -1, -1, - -1, -1, 268, 269, 270, -1, -1, -1, -1, -1, - -1, 257, 258, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 268, 269, 270, + +static const short yypact[] = +{ + 24, -10,-32768,-32768,-32768,-32768, 12, 20, 35, 50, + 2,-32768, 48,-32768, 33,-32768, 68, 48,-32768, 15, + -32768,-32768, 40,-32768,-32768, 41,-32768,-32768, 45,-32768, + -32768,-32768,-32768,-32768,-32768,-32768, 78, 44,-32768,-32768, + 83, 65,-32768, 47,-32768,-32768,-32768,-32768,-32768, 92, + -32768,-32768, 59, 66, 69, 12, 79, 20, 84, 35, + 88, 50,-32768, 48, 67,-32768, 6, 82, 86, 104, + -32768, 33,-32768, 68, 68,-32768, 1,-32768, 48,-32768, + 72,-32768,-32768, 68, 101,-32768,-32768,-32768,-32768,-32768, + 59,-32768,-32768,-32768,-32768,-32768,-32768, 91, 66,-32768, + -32768,-32768,-32768,-32768,-32768, 93,-32768,-32768,-32768, 72, + 94,-32768, 32, 62, 1, 96, 72, 93, 101,-32768, + -32768, 1,-32768,-32768,-32768,-32768,-32768,-32768, 116,-32768 }; -#define YYFINAL 10 -#ifndef YYDEBUG -#define YYDEBUG 0 + +static const short yypgoto[] = +{ + -32768, 109,-32768,-32768,-32768,-32768,-32768, 49,-32768,-32768, + 38, 51, 73,-32768, 5, -106,-32768,-32768, 16, 10, + -32768, 13,-32768, 14,-32768, 74,-32768, -15,-32768, 75, + -32768,-32768,-32768, 70,-32768,-32768, 71,-32768, -17, 76, + 97 +}; + + +#define YYLAST 139 + + +static const short yytable[] = +{ + 53, 52, 128, 1, 91, 92, -5, 15, 123, -5, + -5, -5, 2, 3, 4, 127, 18, 93, -5, 5, + 6, 7, 8, 9, 21, 1, 94, -5, -5, 84, + 73, -5, -5, -5, 2, 3, 4, 55, 40, 24, + -5, 5, 6, 7, 8, 9, 119, 120, 44, -5, + 45, 46, 31, 47, 27, 32, 33, 34, 41, 90, + 48, 98, 57, 59, 35, 91, 92, 61, 63, 49, + 70, 71, 44, 36, 45, 46, 99, 47, 93, 100, + 101, 102, 31, 73, 48, 32, 33, 34, 103, 83, + 63, 85, 74, 49, 35, 86, 44, 104, 45, 46, + 99, 47, 76, 100, 101, 102, 67, 78, 48, 68, + 69, 80, 103, 87, 109, 114, 129, 116, 118, 30, + 88, 108, 72, 126, 89, 117, 125, 122, 124, 75, + 79, 81, 77, 62, 0, 0, 0, 0, 0, 82 +}; + +static const short yycheck[] = +{ + 17, 16, 0, 1, 3, 4, 4, 17, 114, 7, + 8, 9, 10, 11, 12, 121, 4, 16, 16, 17, + 18, 19, 20, 21, 4, 1, 25, 25, 4, 23, + 24, 7, 8, 9, 10, 11, 12, 22, 5, 4, + 16, 17, 18, 19, 20, 21, 14, 15, 4, 25, + 6, 7, 4, 9, 4, 7, 8, 9, 25, 74, + 16, 78, 22, 22, 16, 3, 4, 22, 24, 25, + 5, 24, 4, 25, 6, 7, 4, 9, 16, 7, + 8, 9, 4, 24, 16, 7, 8, 9, 16, 22, + 24, 9, 23, 25, 16, 9, 4, 25, 6, 7, + 4, 9, 23, 7, 8, 9, 23, 23, 16, 26, + 27, 23, 16, 9, 13, 24, 0, 24, 24, 10, + 71, 83, 49, 118, 73, 109, 116, 113, 115, 55, + 59, 61, 57, 36, -1, -1, -1, -1, -1, 63 +}; +/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ +#line 3 "/usr/share/bison/bison.simple" + +/* Skeleton output parser for bison, + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002 Free Software + Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* This is the parser code that is written into each bison parser when + the %semantic_parser declaration is not specified in the grammar. + It was written by Richard Stallman by simplifying the hairy parser + used when %semantic_parser is specified. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +#if ! defined (yyoverflow) || defined (YYERROR_VERBOSE) + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# if YYSTACK_USE_ALLOCA +# define YYSTACK_ALLOC alloca +# else +# ifndef YYSTACK_USE_ALLOCA +# if defined (alloca) || defined (_ALLOCA_H) +# define YYSTACK_ALLOC alloca +# else +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# endif +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) +# else +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif +# define YYSTACK_ALLOC malloc +# define YYSTACK_FREE free +# endif +#endif /* ! defined (yyoverflow) || defined (YYERROR_VERBOSE) */ + + +#if (! defined (yyoverflow) \ + && (! defined (__cplusplus) \ + || (YYLTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + short yyss; + YYSTYPE yyvs; +# if YYLSP_NEEDED + YYLTYPE yyls; +# endif +}; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAX (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# if YYLSP_NEEDED +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (short) + sizeof (YYSTYPE) + sizeof (YYLTYPE)) \ + + 2 * YYSTACK_GAP_MAX) +# else +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (short) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAX) +# endif + +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + register YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (0) +# endif +# endif + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack, Stack, yysize); \ + Stack = &yyptr->Stack; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAX; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (0) + #endif -#define YYMAXTOKEN 276 -#if YYDEBUG -#if defined(__cplusplus) || __STDC__ -const char * const yyname[] = -#else -char *yyname[] = + + +#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__) +# define YYSIZE_T __SIZE_TYPE__ #endif - { -"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -"'!'",0,0,0,0,0,0,0,0,0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",0,0, -"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS", -"DEFAULTS_HOST","DEFAULTS_USER","RUNAS","NOPASSWD","PASSWD","ALL","COMMENT", -"HOSTALIAS","CMNDALIAS","USERALIAS","RUNASALIAS","ERROR", -}; -#if defined(__cplusplus) || __STDC__ -const char * const yyrule[] = -#else -char *yyrule[] = +#if ! defined (YYSIZE_T) && defined (size_t) +# define YYSIZE_T size_t #endif - {"$accept : file", -"file : entry", -"file : file entry", -"entry : COMMENT", -"entry : error COMMENT", -"$$1 :", -"entry : $$1 userlist privileges", -"entry : USERALIAS useraliases", -"entry : HOSTALIAS hostaliases", -"entry : CMNDALIAS cmndaliases", -"entry : RUNASALIAS runasaliases", -"entry : defaults_line", -"defaults_line : defaults_type defaults_list", -"defaults_type : DEFAULTS", -"$$2 :", -"defaults_type : DEFAULTS_USER $$2 userlist", -"$$3 :", -"defaults_type : DEFAULTS_HOST $$3 hostlist", -"defaults_list : defaults_entry", -"defaults_list : defaults_entry ',' defaults_list", -"defaults_entry : DEFVAR", -"defaults_entry : '!' DEFVAR", -"defaults_entry : DEFVAR '=' WORD", -"defaults_entry : DEFVAR '+' WORD", -"defaults_entry : DEFVAR '-' WORD", -"privileges : privilege", -"privileges : privileges ':' privilege", -"privilege : hostlist '=' cmndspeclist", -"ophost : host", -"ophost : '!' host", -"host : ALL", -"host : NTWKADDR", -"host : NETGROUP", -"host : WORD", -"host : ALIAS", -"cmndspeclist : cmndspec", -"cmndspeclist : cmndspeclist ',' cmndspec", -"cmndspec : runasspec nopasswd opcmnd", -"opcmnd : cmnd", -"$$4 :", -"opcmnd : '!' $$4 cmnd", -"runasspec :", -"runasspec : RUNAS runaslist", -"runaslist : oprunasuser", -"runaslist : runaslist ',' oprunasuser", -"oprunasuser : runasuser", -"$$5 :", -"oprunasuser : '!' $$5 runasuser", -"runasuser : WORD", -"runasuser : USERGROUP", -"runasuser : NETGROUP", -"runasuser : ALIAS", -"runasuser : ALL", -"nopasswd :", -"nopasswd : NOPASSWD", -"nopasswd : PASSWD", -"cmnd : ALL", -"cmnd : ALIAS", -"cmnd : COMMAND", -"hostaliases : hostalias", -"hostaliases : hostaliases ':' hostalias", -"$$6 :", -"hostalias : ALIAS $$6 '=' hostlist", -"hostlist : ophost", -"hostlist : hostlist ',' ophost", -"cmndaliases : cmndalias", -"cmndaliases : cmndaliases ':' cmndalias", -"$$7 :", -"cmndalias : ALIAS $$7 '=' cmndlist", -"cmndlist : opcmnd", -"cmndlist : cmndlist ',' opcmnd", -"runasaliases : runasalias", -"runasaliases : runasaliases ':' runasalias", -"$$8 :", -"runasalias : ALIAS $$8 '=' runaslist", -"useraliases : useralias", -"useraliases : useraliases ':' useralias", -"$$9 :", -"useralias : ALIAS $$9 '=' userlist", -"userlist : opuser", -"userlist : userlist ',' opuser", -"opuser : user", -"opuser : '!' user", -"user : WORD", -"user : USERGROUP", -"user : NETGROUP", -"user : ALIAS", -"user : ALL", -}; +#if ! defined (YYSIZE_T) +# if defined (__STDC__) || defined (__cplusplus) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# endif #endif -#ifdef YYSTACKSIZE -#undef YYMAXDEPTH -#define YYMAXDEPTH YYSTACKSIZE -#else -#ifdef YYMAXDEPTH -#define YYSTACKSIZE YYMAXDEPTH -#else -#define YYSTACKSIZE 10000 -#define YYMAXDEPTH 10000 +#if ! defined (YYSIZE_T) +# define YYSIZE_T unsigned int #endif + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY -2 +#define YYEOF 0 +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrlab1 +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ +#define YYFAIL goto yyerrlab +#define YYRECOVERING() (!!yyerrstatus) +#define YYBACKUP(Token, Value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + yychar1 = YYTRANSLATE (yychar); \ + YYPOPSTACK; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror ("syntax error: cannot back up"); \ + YYERROR; \ + } \ +while (0) + +#define YYTERROR 1 +#define YYERRCODE 256 + + +/* YYLLOC_DEFAULT -- Compute the default location (before the actions + are run). + + When YYLLOC_DEFAULT is run, CURRENT is set the location of the + first token. By default, to implement support for ranges, extend + its range to the last symbol. */ + +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + Current.last_line = Rhs[N].last_line; \ + Current.last_column = Rhs[N].last_column; #endif -#define YYINITSTACKSIZE 200 + + +/* YYLEX -- calling `yylex' with the right arguments. */ + +#if YYPURE +# if YYLSP_NEEDED +# ifdef YYLEX_PARAM +# define YYLEX yylex (&yylval, &yylloc, YYLEX_PARAM) +# else +# define YYLEX yylex (&yylval, &yylloc) +# endif +# else /* !YYLSP_NEEDED */ +# ifdef YYLEX_PARAM +# define YYLEX yylex (&yylval, YYLEX_PARAM) +# else +# define YYLEX yylex (&yylval) +# endif +# endif /* !YYLSP_NEEDED */ +#else /* !YYPURE */ +# define YYLEX yylex () +#endif /* !YYPURE */ + + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ int yydebug; -int yynerrs; -int yyerrflag; -int yychar; -short *yyssp; -YYSTYPE *yyvsp; -YYSTYPE yyval; -YYSTYPE yylval; -short *yyss; -short *yysslim; -YYSTYPE *yyvs; -int yystacksize; -#line 844 "parse.yacc" +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +#endif /* !YYDEBUG */ -#define MOREALIASES (32) -aliasinfo *aliases = NULL; -size_t naliases = 0; -size_t nslots = 0; +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). -/* - * Compare two aliasinfo structures, strcmp() style. - * Note that we do *not* compare their values. - */ -static int -aliascmp(a1, a2) - const VOID *a1, *a2; -{ - int r; - aliasinfo *ai1, *ai2; + Do not make this value too large; the results are undefined if + SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ - ai1 = (aliasinfo *) a1; - ai2 = (aliasinfo *) a2; - if ((r = strcmp(ai1->name, ai2->name)) == 0) - r = ai1->type - ai2->type; +#if YYMAXDEPTH == 0 +# undef YYMAXDEPTH +#endif - return(r); +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + +#ifdef YYERROR_VERBOSE + +# ifndef yystrlen +# if defined (__GLIBC__) && defined (_STRING_H) +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +static YYSIZE_T +# if defined (__STDC__) || defined (__cplusplus) +yystrlen (const char *yystr) +# else +yystrlen (yystr) + const char *yystr; +# endif +{ + register const char *yys = yystr; + + while (*yys++ != '\0') + continue; + + return yys - yystr - 1; } +# endif +# endif -/* - * Compare two generic_alias structures, strcmp() style. - */ -static int -genaliascmp(entry, key) - const VOID *entry, *key; -{ - int r; - struct generic_alias *ga1, *ga2; +# ifndef yystpcpy +# if defined (__GLIBC__) && defined (_STRING_H) && defined (_GNU_SOURCE) +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +static char * +# if defined (__STDC__) || defined (__cplusplus) +yystpcpy (char *yydest, const char *yysrc) +# else +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +# endif +{ + register char *yyd = yydest; + register const char *yys = yysrc; + + while ((*yyd++ = *yys++) != '\0') + continue; + + return yyd - 1; +} +# endif +# endif +#endif + +#line 315 "/usr/share/bison/bison.simple" + + +/* The user can define YYPARSE_PARAM as the name of an argument to be passed + into yyparse. The argument should have type void *. + It should actually point to an object. + Grammar actions can access the variable by casting it + to the proper pointer type. */ + +#ifdef YYPARSE_PARAM +# if defined (__STDC__) || defined (__cplusplus) +# define YYPARSE_PARAM_ARG void *YYPARSE_PARAM +# define YYPARSE_PARAM_DECL +# else +# define YYPARSE_PARAM_ARG YYPARSE_PARAM +# define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; +# endif +#else /* !YYPARSE_PARAM */ +# define YYPARSE_PARAM_ARG +# define YYPARSE_PARAM_DECL +#endif /* !YYPARSE_PARAM */ + +/* Prevent warning if -Wstrict-prototypes. */ +#ifdef __GNUC__ +# ifdef YYPARSE_PARAM +int yyparse (void *); +# else +int yyparse (void); +# endif +#endif - ga1 = (struct generic_alias *) key; - ga2 = (struct generic_alias *) entry; - if ((r = strcmp(ga1->alias, ga2->alias)) == 0) - r = ga1->type - ga2->type; +/* YY_DECL_VARIABLES -- depending whether we use a pure parser, + variables are global, or local to YYPARSE. */ + +#define YY_DECL_NON_LSP_VARIABLES \ +/* The lookahead symbol. */ \ +int yychar; \ + \ +/* The semantic value of the lookahead symbol. */ \ +YYSTYPE yylval; \ + \ +/* Number of parse errors so far. */ \ +int yynerrs; - return(r); -} +#if YYLSP_NEEDED +# define YY_DECL_VARIABLES \ +YY_DECL_NON_LSP_VARIABLES \ + \ +/* Location data for the lookahead symbol. */ \ +YYLTYPE yylloc; +#else +# define YY_DECL_VARIABLES \ +YY_DECL_NON_LSP_VARIABLES +#endif -/* - * Adds the named alias of the specified type to the aliases list. - */ -static int -add_alias(alias, type, val) - char *alias; - int type; - int val; -{ - aliasinfo ai, *aip; - size_t onaliases; - char s[512]; +/* If nonreentrant, generate the variables here. */ - if (naliases >= nslots && !more_aliases()) { - (void) snprintf(s, sizeof(s), "Out of memory defining alias `%s'", - alias); - yyerror(s); - return(FALSE); - } +#if !YYPURE +YY_DECL_VARIABLES +#endif /* !YYPURE */ - ai.type = type; - ai.val = val; - ai.name = estrdup(alias); - onaliases = naliases; +int +yyparse (YYPARSE_PARAM_ARG) + YYPARSE_PARAM_DECL +{ + /* If reentrant, generate the variables here. */ +#if YYPURE + YY_DECL_VARIABLES +#endif /* !YYPURE */ + + register int yystate; + register int yyn; + int yyresult; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + /* Lookahead token as an internal (translated) token number. */ + int yychar1 = 0; + + /* Three stacks and their tools: + `yyss': related to states, + `yyvs': related to semantic values, + `yyls': related to locations. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + short yyssa[YYINITDEPTH]; + short *yyss = yyssa; + register short *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + register YYSTYPE *yyvsp; + +#if YYLSP_NEEDED + /* The location stack. */ + YYLTYPE yylsa[YYINITDEPTH]; + YYLTYPE *yyls = yylsa; + YYLTYPE *yylsp; +#endif - aip = (aliasinfo *) lsearch((VOID *)&ai, (VOID *)aliases, &naliases, - sizeof(ai), aliascmp); - if (aip == NULL) { - (void) snprintf(s, sizeof(s), "Aliases corrupted defining alias `%s'", - alias); - yyerror(s); - return(FALSE); - } - if (onaliases == naliases) { - (void) snprintf(s, sizeof(s), "Alias `%s' already defined", alias); - yyerror(s); - return(FALSE); - } +#if YYLSP_NEEDED +# define YYPOPSTACK (yyvsp--, yyssp--, yylsp--) +#else +# define YYPOPSTACK (yyvsp--, yyssp--) +#endif - return(TRUE); -} + YYSIZE_T yystacksize = YYINITDEPTH; -/* - * Searches for the named alias of the specified type. - */ -static aliasinfo * -find_alias(alias, type) - char *alias; - int type; -{ - aliasinfo ai; - ai.name = alias; - ai.type = type; + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; +#if YYLSP_NEEDED + YYLTYPE yyloc; +#endif - return((aliasinfo *) lfind((VOID *)&ai, (VOID *)aliases, &naliases, - sizeof(ai), aliascmp)); -} + /* When reducing, the number of symbols on the RHS of the reduced + rule. */ + int yylen; -/* - * Allocates more space for the aliases list. - */ -static int -more_aliases() -{ + YYDPRINTF ((stderr, "Starting parse\n")); - nslots += MOREALIASES; - if (nslots == MOREALIASES) - aliases = (aliasinfo *) malloc(nslots * sizeof(aliasinfo)); - else - aliases = (aliasinfo *) realloc(aliases, nslots * sizeof(aliasinfo)); + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ - return(aliases != NULL); -} + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ -/* - * Lists the contents of the aliases list. - */ -void -dumpaliases() -{ - size_t n; + yyssp = yyss; + yyvsp = yyvs; +#if YYLSP_NEEDED + yylsp = yyls; +#endif + goto yysetstate; + +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. + */ + yyssp++; - for (n = 0; n < naliases; n++) { - if (aliases[n].val == -1) - continue; + yysetstate: + *yyssp = yystate; - switch (aliases[n].type) { - case HOST_ALIAS: - (void) puts("HOST_ALIAS"); - break; + if (yyssp >= yyss + yystacksize - 1) + { + /* Get the current used size of the three stacks, in elements. */ + YYSIZE_T yysize = yyssp - yyss + 1; + +#ifdef yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + short *yyss1 = yyss; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. */ +# if YYLSP_NEEDED + YYLTYPE *yyls1 = yyls; + /* This used to be a conditional around just the two extra args, + but that might be undefined if yyoverflow is a macro. */ + yyoverflow ("parser stack overflow", + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + &yyls1, yysize * sizeof (*yylsp), + &yystacksize); + yyls = yyls1; +# else + yyoverflow ("parser stack overflow", + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + &yystacksize); +# endif + yyss = yyss1; + yyvs = yyvs1; + } +#else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyoverflowlab; +# else + /* Extend the stack our own way. */ + if (yystacksize >= YYMAXDEPTH) + goto yyoverflowlab; + yystacksize *= 2; + if (yystacksize > YYMAXDEPTH) + yystacksize = YYMAXDEPTH; + + { + short *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyoverflowlab; + YYSTACK_RELOCATE (yyss); + YYSTACK_RELOCATE (yyvs); +# if YYLSP_NEEDED + YYSTACK_RELOCATE (yyls); +# endif +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif +#endif /* no yyoverflow */ - case CMND_ALIAS: - (void) puts("CMND_ALIAS"); - break; + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; +#if YYLSP_NEEDED + yylsp = yyls + yysize - 1; +#endif - case USER_ALIAS: - (void) puts("USER_ALIAS"); - break; + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); - case RUNAS_ALIAS: - (void) puts("RUNAS_ALIAS"); - break; - } - (void) printf("\t%s: %d\n", aliases[n].name, aliases[n].val); + if (yyssp >= yyss + yystacksize - 1) + YYABORT; } -} -/* - * Lists the contents of cm_list and ga_list for `sudo -l'. - */ -void -list_matches() -{ - int i; - char *p; - struct generic_alias *ga, key; + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - (void) printf("User %s may run the following commands on this host:\n", - user_name); - for (i = 0; i < cm_list_len; i++) { + goto yybackup; - /* Print the runas list. */ - (void) fputs(" ", stdout); - if (cm_list[i].runas) { - (void) putchar('('); - p = strtok(cm_list[i].runas, ", "); - do { - if (p != cm_list[i].runas) - (void) fputs(", ", stdout); - key.alias = p; - key.type = RUNAS_ALIAS; - if ((ga = (struct generic_alias *) lfind((VOID *) &key, - (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp))) - (void) fputs(ga->entries, stdout); - else - (void) fputs(p, stdout); - } while ((p = strtok(NULL, ", "))); - (void) fputs(") ", stdout); - } else { - (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT)); - } +/*-----------. +| yybackup. | +`-----------*/ +yybackup: - /* Is a password required? */ - if (cm_list[i].nopasswd == TRUE && def_flag(I_AUTHENTICATE)) - (void) fputs("NOPASSWD: ", stdout); - else if (cm_list[i].nopasswd == FALSE && !def_flag(I_AUTHENTICATE)) - (void) fputs("PASSWD: ", stdout); +/* Do appropriate processing given the current state. */ +/* Read a lookahead token if we need one and don't already have one. */ +/* yyresume: */ - /* Print the actual command or expanded Cmnd_Alias. */ - key.alias = cm_list[i].cmnd; - key.type = CMND_ALIAS; - if ((ga = (struct generic_alias *) lfind((VOID *) &key, - (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp))) - (void) puts(ga->entries); - else - (void) puts(cm_list[i].cmnd); - } + /* First try to decide what to do without reference to lookahead token. */ - /* Be nice and free up space now that we are done. */ - for (i = 0; i < ga_list_len; i++) { - free(ga_list[i].alias); - free(ga_list[i].entries); - } - free(ga_list); - ga_list = NULL; + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yydefault; - for (i = 0; i < cm_list_len; i++) { - free(cm_list[i].runas); - free(cm_list[i].cmnd); + /* Not known => get a lookahead token if don't already have one. */ + + /* yychar is either YYEMPTY or YYEOF + or a valid token in external form. */ + + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); + yychar = YYLEX; } - free(cm_list); - cm_list = NULL; - cm_list_len = 0; - cm_list_size = 0; -} -/* - * Appends a source string to the destination, optionally prefixing a separator. - */ -static void -append(src, dstp, dst_len, dst_size, separator) - char *src, **dstp; - size_t *dst_len, *dst_size; - char *separator; -{ - size_t src_len = strlen(src); - char *dst = *dstp; + /* Convert token to internal form (in yychar1) for indexing tables with */ - /* - * Only add the separator if there is something to separate from. - * If the last char is a '!', don't apply the separator (XXX). - */ - if (separator && dst && dst[*dst_len - 1] != '!') - src_len += strlen(separator); - else - separator = NULL; + if (yychar <= 0) /* This means end of input. */ + { + yychar1 = 0; + yychar = YYEOF; /* Don't call YYLEX any more */ - /* Assumes dst will be NULL if not set. */ - if (dst == NULL) { - dst = (char *) emalloc(BUFSIZ); - *dst_size = BUFSIZ; - *dst_len = 0; - *dstp = dst; + YYDPRINTF ((stderr, "Now at end of input.\n")); } + else + { + yychar1 = YYTRANSLATE (yychar); - /* Allocate more space if necessary. */ - if (*dst_size <= *dst_len + src_len) { - while (*dst_size <= *dst_len + src_len) - *dst_size += BUFSIZ; - - dst = (char *) erealloc(dst, *dst_size); - *dstp = dst; +#if YYDEBUG + /* We have to keep this `#if YYDEBUG', since we use variables + which are defined only if `YYDEBUG' is set. */ + if (yydebug) + { + YYFPRINTF (stderr, "Next token is %d (%s", + yychar, yytname[yychar1]); + /* Give the individual parser a way to print the precise + meaning of a token, for further debugging info. */ +# ifdef YYPRINT + YYPRINT (stderr, yychar, yylval); +# endif + YYFPRINTF (stderr, ")\n"); + } +#endif } - /* Copy src -> dst adding a separator if appropriate and adjust len. */ - dst += *dst_len; - *dst_len += src_len; - *dst = '\0'; - if (separator) - (void) strcat(dst, separator); - (void) strcat(dst, src); -} + yyn += yychar1; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != yychar1) + goto yydefault; -/* - * Frees up space used by the aliases list and resets the associated counters. - */ -void -reset_aliases() -{ - size_t n; + yyn = yytable[yyn]; - if (aliases) { - for (n = 0; n < naliases; n++) - free(aliases[n].name); - free(aliases); - aliases = NULL; + /* yyn is what to do for this token type in this state. + Negative => reduce, -yyn is rule number. + Positive => shift, yyn is new state. + New state is final state => don't bother to shift, + just return success. + 0, or most negative number => error. */ + + if (yyn < 0) + { + if (yyn == YYFLAG) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; } - naliases = nslots = 0; -} + else if (yyn == 0) + goto yyerrlab; -/* - * Increments ga_list_len, allocating more space as necessary. - */ -static void -expand_ga_list() -{ + if (yyn == YYFINAL) + YYACCEPT; - if (++ga_list_len >= ga_list_size) { - while ((ga_list_size += STACKINCREMENT) < ga_list_len) - ; - ga_list = (struct generic_alias *) - erealloc(ga_list, sizeof(struct generic_alias) * ga_list_size); - } + /* Shift the lookahead token. */ + YYDPRINTF ((stderr, "Shifting token %d (%s), ", + yychar, yytname[yychar1])); - ga_list[ga_list_len - 1].entries = NULL; -} + /* Discard the token being shifted unless it is eof. */ + if (yychar != YYEOF) + yychar = YYEMPTY; -/* - * Increments cm_list_len, allocating more space as necessary. - */ -static void -expand_match_list() -{ + *++yyvsp = yylval; +#if YYLSP_NEEDED + *++yylsp = yylloc; +#endif - if (++cm_list_len >= cm_list_size) { - while ((cm_list_size += STACKINCREMENT) < cm_list_len) - ; - if (cm_list == NULL) - cm_list_len = 0; /* start at 0 since it is a subscript */ - cm_list = (struct command_match *) - erealloc(cm_list, sizeof(struct command_match) * cm_list_size); - } + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; - cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL; - cm_list[cm_list_len].nopasswd = FALSE; -} + yystate = yyn; + goto yynewstate; -/* - * Frees up spaced used by a previous parser run and allocates new space - * for various data structures. - */ -void -init_parser() -{ - /* Free up old data structures if we run the parser more than once. */ - if (match) { - free(match); - match = NULL; - top = 0; - parse_error = FALSE; - errorlineno = -1; - sudolineno = 1; - } +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; - /* Allocate space for the matching stack. */ - stacksize = STACKINCREMENT; - match = (struct matchstack *) emalloc(sizeof(struct matchstack) * stacksize); - /* Allocate space for the match list (for `sudo -l'). */ - if (printmatches == TRUE) - expand_match_list(); -} -#line 940 "sudo.tab.c" -/* allocate initial stack or double stack size, up to YYMAXDEPTH */ -#if defined(__cplusplus) || __STDC__ -static int yygrowstack(void) -#else -static int yygrowstack() +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. + + Otherwise, the following line sets YYVAL to the semantic value of + the lookahead token. This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + +#if YYLSP_NEEDED + /* Similarly for the default location. Let the user run additional + commands if for instance locations are ranges. */ + yyloc = yylsp[1-yylen]; + YYLLOC_DEFAULT (yyloc, (yylsp - yylen), yylen); #endif -{ - int newsize, i; - short *newss; - YYSTYPE *newvs; - - if ((newsize = yystacksize) == 0) - newsize = YYINITSTACKSIZE; - else if (newsize >= YYMAXDEPTH) - return -1; - else if ((newsize *= 2) > YYMAXDEPTH) - newsize = YYMAXDEPTH; - i = yyssp - yyss; - newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) : - (short *)malloc(newsize * sizeof *newss); - if (newss == NULL) - goto bail; - yyss = newss; - yyssp = newss + i; - newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) : - (YYSTYPE *)malloc(newsize * sizeof *newvs); - if (newvs == NULL) - goto bail; - yyvs = newvs; - yyvsp = newvs + i; - yystacksize = newsize; - yysslim = yyss + newsize - 1; - return 0; -bail: - if (yyss) - free(yyss); - if (yyvs) - free(yyvs); - yyss = yyssp = NULL; - yyvs = yyvsp = NULL; - yystacksize = 0; - return -1; -} -#define YYABORT goto yyabort -#define YYREJECT goto yyabort -#define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab -int -#if defined(__cplusplus) || __STDC__ -yyparse(void) -#else -yyparse() -#endif -{ - int yym, yyn, yystate; #if YYDEBUG -#if defined(__cplusplus) || __STDC__ - const char *yys; -#else /* !(defined(__cplusplus) || __STDC__) */ - char *yys; -#endif /* !(defined(__cplusplus) || __STDC__) */ - - if ((yys = getenv("YYDEBUG"))) + /* We have to keep this `#if YYDEBUG', since we use variables which + are defined only if `YYDEBUG' is set. */ + if (yydebug) { - yyn = *yys; - if (yyn >= '0' && yyn <= '9') - yydebug = yyn - '0'; - } -#endif /* YYDEBUG */ + int yyi; - yynerrs = 0; - yyerrflag = 0; - yychar = (-1); + YYFPRINTF (stderr, "Reducing via rule %d (line %d), ", + yyn, yyrline[yyn]); - if (yyss == NULL && yygrowstack()) goto yyoverflow; - yyssp = yyss; - yyvsp = yyvs; - *yyssp = yystate = 0; - -yyloop: - if ((yyn = yydefred[yystate]) != 0) goto yyreduce; - if (yychar < 0) - { - if ((yychar = yylex()) < 0) yychar = 0; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("%sdebug: state %d, reading %d (%s)\n", - YYPREFIX, yystate, yychar, yys); - } -#endif - } - if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, shifting to state %d\n", - YYPREFIX, yystate, yytable[yyn]); -#endif - if (yyssp >= yysslim && yygrowstack()) - { - goto yyoverflow; - } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; - yychar = (-1); - if (yyerrflag > 0) --yyerrflag; - goto yyloop; - } - if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { - yyn = yytable[yyn]; - goto yyreduce; - } - if (yyerrflag) goto yyinrecovery; -#if defined(lint) || defined(__GNUC__) - goto yynewerror; -#endif -yynewerror: - yyerror("syntax error"); -#if defined(lint) || defined(__GNUC__) - goto yyerrlab; -#endif -yyerrlab: - ++yynerrs; -yyinrecovery: - if (yyerrflag < 3) - { - yyerrflag = 3; - for (;;) - { - if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, error recovery shifting\ - to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); -#endif - if (yyssp >= yysslim && yygrowstack()) - { - goto yyoverflow; - } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; - goto yyloop; - } - else - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: error recovery discarding state %d\n", - YYPREFIX, *yyssp); -#endif - if (yyssp <= yyss) goto yyabort; - --yyssp; - --yyvsp; - } - } - } - else - { - if (yychar == 0) goto yyabort; -#if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("%sdebug: state %d, error recovery discards token %d (%s)\n", - YYPREFIX, yystate, yychar, yys); - } -#endif - yychar = (-1); - goto yyloop; + /* Print the symbols being reduced, and their result. */ + for (yyi = yyprhs[yyn]; yyrhs[yyi] > 0; yyi++) + YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]); + YYFPRINTF (stderr, " -> %s\n", yytname[yyr1[yyn]]); } -yyreduce: -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, reducing by rule %d (%s)\n", - YYPREFIX, yystate, yyn, yyrule[yyn]); #endif - yym = yylen[yyn]; - yyval = yyvsp[1-yym]; - switch (yyn) - { + + switch (yyn) { + case 3: #line 264 "parse.yacc" { ; } -break; + break; case 4: #line 266 "parse.yacc" { yyerrok; } -break; + break; case 5: #line 267 "parse.yacc" { push; } -break; + break; case 6: #line 267 "parse.yacc" { while (top && user_matches != TRUE) pop; } -break; + break; case 7: #line 272 "parse.yacc" { ; } -break; + break; case 8: #line 274 "parse.yacc" { ; } -break; + break; case 9: #line 276 "parse.yacc" { ; } -break; + break; case 10: #line 278 "parse.yacc" { ; } -break; + break; case 11: #line 280 "parse.yacc" { ; } -break; + break; case 13: #line 285 "parse.yacc" { defaults_matches = TRUE; } -break; + break; case 14: #line 288 "parse.yacc" { push; } -break; + break; case 15: #line 288 "parse.yacc" { defaults_matches = user_matches; pop; } -break; + break; case 16: #line 292 "parse.yacc" { push; } -break; + break; case 17: #line 292 "parse.yacc" { defaults_matches = host_matches; pop; } -break; + break; case 20: #line 301 "parse.yacc" { @@ -1215,7 +1279,7 @@ case 20: } free(yyvsp[0].string); } -break; + break; case 21: #line 309 "parse.yacc" { @@ -1226,7 +1290,7 @@ case 21: } free(yyvsp[0].string); } -break; + break; case 22: #line 317 "parse.yacc" { @@ -1238,7 +1302,7 @@ case 22: free(yyvsp[-2].string); free(yyvsp[0].string); } -break; + break; case 23: #line 326 "parse.yacc" { @@ -1250,7 +1314,7 @@ case 23: free(yyvsp[-2].string); free(yyvsp[0].string); } -break; + break; case 24: #line 335 "parse.yacc" { @@ -1262,7 +1326,7 @@ case 24: free(yyvsp[-2].string); free(yyvsp[0].string); } -break; + break; case 27: #line 349 "parse.yacc" { @@ -1278,27 +1342,27 @@ case 27: else no_passwd = TRUE; } -break; + break; case 28: #line 364 "parse.yacc" { if (yyvsp[0].BOOLEAN != -1) host_matches = yyvsp[0].BOOLEAN; } -break; + break; case 29: #line 368 "parse.yacc" { if (yyvsp[0].BOOLEAN != -1) host_matches = ! yyvsp[0].BOOLEAN; } -break; + break; case 30: #line 373 "parse.yacc" { yyval.BOOLEAN = TRUE; } -break; + break; case 31: #line 376 "parse.yacc" { @@ -1308,7 +1372,7 @@ case 31: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 32: #line 383 "parse.yacc" { @@ -1318,7 +1382,7 @@ case 32: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 33: #line 390 "parse.yacc" { @@ -1328,7 +1392,7 @@ case 33: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 34: #line 397 "parse.yacc" { @@ -1353,7 +1417,7 @@ case 34: } free(yyvsp[0].string); } -break; + break; case 37: #line 425 "parse.yacc" { @@ -1381,14 +1445,14 @@ case 37: pushcp; cmnd_matches = -1; } -break; + break; case 38: #line 452 "parse.yacc" { if (yyvsp[0].BOOLEAN != -1) cmnd_matches = yyvsp[0].BOOLEAN; } -break; + break; case 39: #line 456 "parse.yacc" { @@ -1400,14 +1464,14 @@ case 39: append_cmnd("!", NULL); } } -break; + break; case 40: #line 464 "parse.yacc" { if (yyvsp[0].BOOLEAN != -1) cmnd_matches = ! yyvsp[0].BOOLEAN; } -break; + break; case 41: #line 470 "parse.yacc" { @@ -1433,17 +1497,17 @@ case 41: runas_matches = (strcmp(*user_runas, def_str(I_RUNAS_DEFAULT)) == 0); } -break; + break; case 42: #line 493 "parse.yacc" { runas_matches = (yyvsp[0].BOOLEAN == TRUE ? TRUE : FALSE); } -break; + break; case 43: #line 498 "parse.yacc" { ; } -break; + break; case 44: #line 499 "parse.yacc" { @@ -1453,11 +1517,11 @@ case 44: else yyval.BOOLEAN = yyvsp[-2].BOOLEAN; } -break; + break; case 45: #line 508 "parse.yacc" { ; } -break; + break; case 46: #line 509 "parse.yacc" { @@ -1469,14 +1533,14 @@ case 46: append_runas("!", ", "); } } -break; + break; case 47: #line 517 "parse.yacc" { /* Set $$ to the negation of runasuser */ yyval.BOOLEAN = (yyvsp[0].BOOLEAN == -1 ? -1 : ! yyvsp[0].BOOLEAN); } -break; + break; case 48: #line 522 "parse.yacc" { @@ -1493,7 +1557,7 @@ case 48: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 49: #line 536 "parse.yacc" { @@ -1510,7 +1574,7 @@ case 49: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 50: #line 550 "parse.yacc" { @@ -1527,7 +1591,7 @@ case 50: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 51: #line 564 "parse.yacc" { @@ -1559,7 +1623,7 @@ case 51: } free(yyvsp[0].string); } -break; + break; case 52: #line 593 "parse.yacc" { @@ -1572,7 +1636,7 @@ case 52: } yyval.BOOLEAN = TRUE; } -break; + break; case 53: #line 605 "parse.yacc" { @@ -1585,7 +1649,7 @@ case 53: cm_list[cm_list_len].nopasswd = FALSE; } } -break; + break; case 54: #line 615 "parse.yacc" { @@ -1594,7 +1658,7 @@ case 54: user_matches == TRUE) cm_list[cm_list_len].nopasswd = TRUE; } -break; + break; case 55: #line 621 "parse.yacc" { @@ -1603,7 +1667,7 @@ case 55: user_matches == TRUE) cm_list[cm_list_len].nopasswd = FALSE; } -break; + break; case 56: #line 629 "parse.yacc" { @@ -1618,14 +1682,10 @@ case 56: } yyval.BOOLEAN = TRUE; - - if (safe_cmnd) - free(safe_cmnd); - safe_cmnd = estrdup(user_cmnd); } -break; + break; case 57: -#line 646 "parse.yacc" +#line 642 "parse.yacc" { aliasinfo *aip; @@ -1655,9 +1715,9 @@ case 57: } free(yyvsp[0].string); } -break; + break; case 58: -#line 675 "parse.yacc" +#line 671 "parse.yacc" { if (printmatches == TRUE) { if (in_alias == TRUE) { @@ -1684,22 +1744,22 @@ case 58: if (yyvsp[0].command.args) free(yyvsp[0].command.args); } -break; + break; case 61: -#line 707 "parse.yacc" +#line 703 "parse.yacc" { push; } -break; + break; case 62: -#line 707 "parse.yacc" +#line 703 "parse.yacc" { if ((host_matches != -1 || pedantic) && !add_alias(yyvsp[-3].string, HOST_ALIAS, host_matches)) YYERROR; pop; } -break; + break; case 67: -#line 723 "parse.yacc" +#line 719 "parse.yacc" { push; if (printmatches == TRUE) { @@ -1710,9 +1770,9 @@ case 67: ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string); } } -break; + break; case 68: -#line 732 "parse.yacc" +#line 728 "parse.yacc" { if ((cmnd_matches != -1 || pedantic) && !add_alias(yyvsp[-3].string, CMND_ALIAS, cmnd_matches)) @@ -1723,13 +1783,13 @@ case 68: if (printmatches == TRUE) in_alias = FALSE; } -break; + break; case 69: -#line 744 "parse.yacc" +#line 740 "parse.yacc" { ; } -break; + break; case 73: -#line 752 "parse.yacc" +#line 748 "parse.yacc" { if (printmatches == TRUE) { in_alias = TRUE; @@ -1739,9 +1799,9 @@ case 73: ga_list[ga_list_len-1].alias = estrdup(yyvsp[0].string); } } -break; + break; case 74: -#line 760 "parse.yacc" +#line 756 "parse.yacc" { if ((yyvsp[0].BOOLEAN != -1 || pedantic) && !add_alias(yyvsp[-3].string, RUNAS_ALIAS, yyvsp[0].BOOLEAN)) @@ -1751,13 +1811,13 @@ case 74: if (printmatches == TRUE) in_alias = FALSE; } -break; + break; case 77: -#line 775 "parse.yacc" +#line 771 "parse.yacc" { push; } -break; + break; case 78: -#line 775 "parse.yacc" +#line 771 "parse.yacc" { if ((user_matches != -1 || pedantic) && !add_alias(yyvsp[-3].string, USER_ALIAS, user_matches)) @@ -1765,23 +1825,23 @@ case 78: pop; free(yyvsp[-3].string); } -break; + break; case 81: -#line 788 "parse.yacc" +#line 784 "parse.yacc" { if (yyvsp[0].BOOLEAN != -1) user_matches = yyvsp[0].BOOLEAN; } -break; + break; case 82: -#line 792 "parse.yacc" +#line 788 "parse.yacc" { if (yyvsp[0].BOOLEAN != -1) user_matches = ! yyvsp[0].BOOLEAN; } -break; + break; case 83: -#line 797 "parse.yacc" +#line 793 "parse.yacc" { if (strcmp(yyvsp[0].string, user_name) == 0) yyval.BOOLEAN = TRUE; @@ -1789,9 +1849,9 @@ case 83: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 84: -#line 804 "parse.yacc" +#line 800 "parse.yacc" { if (usergr_matches(yyvsp[0].string, user_name)) yyval.BOOLEAN = TRUE; @@ -1799,9 +1859,9 @@ case 84: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 85: -#line 811 "parse.yacc" +#line 807 "parse.yacc" { if (netgr_matches(yyvsp[0].string, NULL, NULL, user_name)) yyval.BOOLEAN = TRUE; @@ -1809,9 +1869,9 @@ case 85: yyval.BOOLEAN = -1; free(yyvsp[0].string); } -break; + break; case 86: -#line 818 "parse.yacc" +#line 814 "parse.yacc" { aliasinfo *aip = find_alias(yyvsp[0].string, USER_ALIAS); @@ -1832,67 +1892,595 @@ case 86: } free(yyvsp[0].string); } -break; + break; case 87: -#line 838 "parse.yacc" +#line 834 "parse.yacc" { yyval.BOOLEAN = TRUE; } -break; -#line 1834 "sudo.tab.c" - } - yyssp -= yym; - yystate = *yyssp; - yyvsp -= yym; - yym = yylhs[yyn]; - if (yystate == 0 && yym == 0) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: after reduction, shifting from state 0 to\ - state %d\n", YYPREFIX, YYFINAL); + break; +} + +#line 705 "/usr/share/bison/bison.simple" + + + yyvsp -= yylen; + yyssp -= yylen; +#if YYLSP_NEEDED + yylsp -= yylen; #endif - yystate = YYFINAL; - *++yyssp = YYFINAL; - *++yyvsp = yyval; - if (yychar < 0) - { - if ((yychar = yylex()) < 0) yychar = 0; + #if YYDEBUG - if (yydebug) - { - yys = 0; - if (yychar <= YYMAXTOKEN) yys = yyname[yychar]; - if (!yys) yys = "illegal-symbol"; - printf("%sdebug: state %d, reading %d (%s)\n", - YYPREFIX, YYFINAL, yychar, yys); - } + if (yydebug) + { + short *yyssp1 = yyss - 1; + YYFPRINTF (stderr, "state stack now"); + while (yyssp1 != yyssp) + YYFPRINTF (stderr, " %d", *++yyssp1); + YYFPRINTF (stderr, "\n"); + } #endif - } - if (yychar == 0) goto yyaccept; - goto yyloop; + + *++yyvsp = yyval; +#if YYLSP_NEEDED + *++yylsp = yyloc; +#endif + + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTBASE] + *yyssp; + if (yystate >= 0 && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTBASE]; + + goto yynewstate; + + +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; + +#ifdef YYERROR_VERBOSE + yyn = yypact[yystate]; + + if (yyn > YYFLAG && yyn < YYLAST) + { + YYSIZE_T yysize = 0; + char *yymsg; + int yyx, yycount; + + yycount = 0; + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + for (yyx = yyn < 0 ? -yyn : 0; + yyx < (int) (sizeof (yytname) / sizeof (char *)); yyx++) + if (yycheck[yyx + yyn] == yyx) + yysize += yystrlen (yytname[yyx]) + 15, yycount++; + yysize += yystrlen ("parse error, unexpected ") + 1; + yysize += yystrlen (yytname[YYTRANSLATE (yychar)]); + yymsg = (char *) YYSTACK_ALLOC (yysize); + if (yymsg != 0) + { + char *yyp = yystpcpy (yymsg, "parse error, unexpected "); + yyp = yystpcpy (yyp, yytname[YYTRANSLATE (yychar)]); + + if (yycount < 5) + { + yycount = 0; + for (yyx = yyn < 0 ? -yyn : 0; + yyx < (int) (sizeof (yytname) / sizeof (char *)); + yyx++) + if (yycheck[yyx + yyn] == yyx) + { + const char *yyq = ! yycount ? ", expecting " : " or "; + yyp = yystpcpy (yyp, yyq); + yyp = yystpcpy (yyp, yytname[yyx]); + yycount++; + } + } + yyerror (yymsg); + YYSTACK_FREE (yymsg); + } + else + yyerror ("parse error; also virtual memory exhausted"); + } + else +#endif /* defined (YYERROR_VERBOSE) */ + yyerror ("parse error"); } - if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yystate) - yystate = yytable[yyn]; - else - yystate = yydgoto[yym]; + goto yyerrlab1; + + +/*--------------------------------------------------. +| yyerrlab1 -- error raised explicitly by an action | +`--------------------------------------------------*/ +yyerrlab1: + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + /* return failure if at end of input */ + if (yychar == YYEOF) + YYABORT; + YYDPRINTF ((stderr, "Discarding token %d (%s).\n", + yychar, yytname[yychar1])); + yychar = YYEMPTY; + } + + /* Else will try to reuse lookahead token after shifting the error + token. */ + + yyerrstatus = 3; /* Each real token shifted decrements this */ + + goto yyerrhandle; + + +/*-------------------------------------------------------------------. +| yyerrdefault -- current state does not do anything special for the | +| error token. | +`-------------------------------------------------------------------*/ +yyerrdefault: +#if 0 + /* This is wrong; only states that explicitly want error tokens + should shift them. */ + + /* If its default is to accept any token, ok. Otherwise pop it. */ + yyn = yydefact[yystate]; + if (yyn) + goto yydefault; +#endif + + +/*---------------------------------------------------------------. +| yyerrpop -- pop the current state because it cannot handle the | +| error token | +`---------------------------------------------------------------*/ +yyerrpop: + if (yyssp == yyss) + YYABORT; + yyvsp--; + yystate = *--yyssp; +#if YYLSP_NEEDED + yylsp--; +#endif + #if YYDEBUG - if (yydebug) - printf("%sdebug: after reduction, shifting from state %d \ -to state %d\n", YYPREFIX, *yyssp, yystate); + if (yydebug) + { + short *yyssp1 = yyss - 1; + YYFPRINTF (stderr, "Error: state stack now"); + while (yyssp1 != yyssp) + YYFPRINTF (stderr, " %d", *++yyssp1); + YYFPRINTF (stderr, "\n"); + } #endif - if (yyssp >= yysslim && yygrowstack()) + +/*--------------. +| yyerrhandle. | +`--------------*/ +yyerrhandle: + yyn = yypact[yystate]; + if (yyn == YYFLAG) + goto yyerrdefault; + + yyn += YYTERROR; + if (yyn < 0 || yyn > YYLAST || yycheck[yyn] != YYTERROR) + goto yyerrdefault; + + yyn = yytable[yyn]; + if (yyn < 0) { - goto yyoverflow; + if (yyn == YYFLAG) + goto yyerrpop; + yyn = -yyn; + goto yyreduce; } - *++yyssp = yystate; - *++yyvsp = yyval; - goto yyloop; -yyoverflow: - yyerror("yacc stack overflow"); -yyabort: - return (1); -yyaccept: - return (0); + else if (yyn == 0) + goto yyerrpop; + + if (yyn == YYFINAL) + YYACCEPT; + + YYDPRINTF ((stderr, "Shifting error token, ")); + + *++yyvsp = yylval; +#if YYLSP_NEEDED + *++yylsp = yylloc; +#endif + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +/*---------------------------------------------. +| yyoverflowab -- parser overflow comes here. | +`---------------------------------------------*/ +yyoverflowlab: + yyerror ("parser stack overflow"); + yyresult = 2; + /* Fall through. */ + +yyreturn: +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif + return yyresult; +} +#line 839 "parse.yacc" + + +#define MOREALIASES (32) +aliasinfo *aliases = NULL; +size_t naliases = 0; +size_t nslots = 0; + + +/* + * Compare two aliasinfo structures, strcmp() style. + * Note that we do *not* compare their values. + */ +static int +aliascmp(a1, a2) + const VOID *a1, *a2; +{ + int r; + aliasinfo *ai1, *ai2; + + ai1 = (aliasinfo *) a1; + ai2 = (aliasinfo *) a2; + if ((r = strcmp(ai1->name, ai2->name)) == 0) + r = ai1->type - ai2->type; + + return(r); +} + +/* + * Compare two generic_alias structures, strcmp() style. + */ +static int +genaliascmp(entry, key) + const VOID *entry, *key; +{ + int r; + struct generic_alias *ga1, *ga2; + + ga1 = (struct generic_alias *) key; + ga2 = (struct generic_alias *) entry; + if ((r = strcmp(ga1->alias, ga2->alias)) == 0) + r = ga1->type - ga2->type; + + return(r); +} + + +/* + * Adds the named alias of the specified type to the aliases list. + */ +static int +add_alias(alias, type, val) + char *alias; + int type; + int val; +{ + aliasinfo ai, *aip; + size_t onaliases; + char s[512]; + + if (naliases >= nslots && !more_aliases()) { + (void) snprintf(s, sizeof(s), "Out of memory defining alias `%s'", + alias); + yyerror(s); + return(FALSE); + } + + ai.type = type; + ai.val = val; + ai.name = estrdup(alias); + onaliases = naliases; + + aip = (aliasinfo *) lsearch((VOID *)&ai, (VOID *)aliases, &naliases, + sizeof(ai), aliascmp); + if (aip == NULL) { + (void) snprintf(s, sizeof(s), "Aliases corrupted defining alias `%s'", + alias); + yyerror(s); + return(FALSE); + } + if (onaliases == naliases) { + (void) snprintf(s, sizeof(s), "Alias `%s' already defined", alias); + yyerror(s); + return(FALSE); + } + + return(TRUE); +} + +/* + * Searches for the named alias of the specified type. + */ +static aliasinfo * +find_alias(alias, type) + char *alias; + int type; +{ + aliasinfo ai; + + ai.name = alias; + ai.type = type; + + return((aliasinfo *) lfind((VOID *)&ai, (VOID *)aliases, &naliases, + sizeof(ai), aliascmp)); +} + +/* + * Allocates more space for the aliases list. + */ +static int +more_aliases() +{ + + nslots += MOREALIASES; + if (nslots == MOREALIASES) + aliases = (aliasinfo *) malloc(nslots * sizeof(aliasinfo)); + else + aliases = (aliasinfo *) realloc(aliases, nslots * sizeof(aliasinfo)); + + return(aliases != NULL); +} + +/* + * Lists the contents of the aliases list. + */ +void +dumpaliases() +{ + size_t n; + + for (n = 0; n < naliases; n++) { + if (aliases[n].val == -1) + continue; + + switch (aliases[n].type) { + case HOST_ALIAS: + (void) puts("HOST_ALIAS"); + break; + + case CMND_ALIAS: + (void) puts("CMND_ALIAS"); + break; + + case USER_ALIAS: + (void) puts("USER_ALIAS"); + break; + + case RUNAS_ALIAS: + (void) puts("RUNAS_ALIAS"); + break; + } + (void) printf("\t%s: %d\n", aliases[n].name, aliases[n].val); + } +} + +/* + * Lists the contents of cm_list and ga_list for `sudo -l'. + */ +void +list_matches() +{ + int i; + char *p; + struct generic_alias *ga, key; + + (void) printf("User %s may run the following commands on this host:\n", + user_name); + for (i = 0; i < cm_list_len; i++) { + + /* Print the runas list. */ + (void) fputs(" ", stdout); + if (cm_list[i].runas) { + (void) putchar('('); + p = strtok(cm_list[i].runas, ", "); + do { + if (p != cm_list[i].runas) + (void) fputs(", ", stdout); + + key.alias = p; + key.type = RUNAS_ALIAS; + if ((ga = (struct generic_alias *) lfind((VOID *) &key, + (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp))) + (void) fputs(ga->entries, stdout); + else + (void) fputs(p, stdout); + } while ((p = strtok(NULL, ", "))); + (void) fputs(") ", stdout); + } else { + (void) printf("(%s) ", def_str(I_RUNAS_DEFAULT)); + } + + /* Is a password required? */ + if (cm_list[i].nopasswd == TRUE && def_flag(I_AUTHENTICATE)) + (void) fputs("NOPASSWD: ", stdout); + else if (cm_list[i].nopasswd == FALSE && !def_flag(I_AUTHENTICATE)) + (void) fputs("PASSWD: ", stdout); + + /* Print the actual command or expanded Cmnd_Alias. */ + key.alias = cm_list[i].cmnd; + key.type = CMND_ALIAS; + if ((ga = (struct generic_alias *) lfind((VOID *) &key, + (VOID *) &ga_list[0], &ga_list_len, sizeof(key), genaliascmp))) + (void) puts(ga->entries); + else + (void) puts(cm_list[i].cmnd); + } + + /* Be nice and free up space now that we are done. */ + for (i = 0; i < ga_list_len; i++) { + free(ga_list[i].alias); + free(ga_list[i].entries); + } + free(ga_list); + ga_list = NULL; + + for (i = 0; i < cm_list_len; i++) { + free(cm_list[i].runas); + free(cm_list[i].cmnd); + } + free(cm_list); + cm_list = NULL; + cm_list_len = 0; + cm_list_size = 0; +} + +/* + * Appends a source string to the destination, optionally prefixing a separator. + */ +static void +append(src, dstp, dst_len, dst_size, separator) + char *src, **dstp; + size_t *dst_len, *dst_size; + char *separator; +{ + size_t src_len = strlen(src); + char *dst = *dstp; + + /* + * Only add the separator if there is something to separate from. + * If the last char is a '!', don't apply the separator (XXX). + */ + if (separator && dst && dst[*dst_len - 1] != '!') + src_len += strlen(separator); + else + separator = NULL; + + /* Assumes dst will be NULL if not set. */ + if (dst == NULL) { + dst = (char *) emalloc(BUFSIZ); + *dst_size = BUFSIZ; + *dst_len = 0; + *dstp = dst; + } + + /* Allocate more space if necessary. */ + if (*dst_size <= *dst_len + src_len) { + while (*dst_size <= *dst_len + src_len) + *dst_size += BUFSIZ; + + dst = (char *) erealloc(dst, *dst_size); + *dstp = dst; + } + + /* Copy src -> dst adding a separator if appropriate and adjust len. */ + dst += *dst_len; + *dst_len += src_len; + *dst = '\0'; + if (separator) + (void) strcat(dst, separator); + (void) strcat(dst, src); +} + +/* + * Frees up space used by the aliases list and resets the associated counters. + */ +void +reset_aliases() +{ + size_t n; + + if (aliases) { + for (n = 0; n < naliases; n++) + free(aliases[n].name); + free(aliases); + aliases = NULL; + } + naliases = nslots = 0; +} + +/* + * Increments ga_list_len, allocating more space as necessary. + */ +static void +expand_ga_list() +{ + + if (++ga_list_len >= ga_list_size) { + while ((ga_list_size += STACKINCREMENT) < ga_list_len) + ; + ga_list = (struct generic_alias *) + erealloc(ga_list, sizeof(struct generic_alias) * ga_list_size); + } + + ga_list[ga_list_len - 1].entries = NULL; +} + +/* + * Increments cm_list_len, allocating more space as necessary. + */ +static void +expand_match_list() +{ + + if (++cm_list_len >= cm_list_size) { + while ((cm_list_size += STACKINCREMENT) < cm_list_len) + ; + if (cm_list == NULL) + cm_list_len = 0; /* start at 0 since it is a subscript */ + cm_list = (struct command_match *) + erealloc(cm_list, sizeof(struct command_match) * cm_list_size); + } + + cm_list[cm_list_len].runas = cm_list[cm_list_len].cmnd = NULL; + cm_list[cm_list_len].nopasswd = FALSE; +} + +/* + * Frees up spaced used by a previous parser run and allocates new space + * for various data structures. + */ +void +init_parser() +{ + + /* Free up old data structures if we run the parser more than once. */ + if (match) { + free(match); + match = NULL; + top = 0; + parse_error = FALSE; + errorlineno = -1; + sudolineno = 1; + } + + /* Allocate space for the matching stack. */ + stacksize = STACKINCREMENT; + match = (struct matchstack *) emalloc(sizeof(struct matchstack) * stacksize); + + /* Allocate space for the match list (for `sudo -l'). */ + if (printmatches == TRUE) + expand_match_list(); } diff --git a/sudo.tab.h b/sudo.tab.h index 71b1255..b2afd8d 100644 --- a/sudo.tab.h +++ b/sudo.tab.h @@ -1,27 +1,38 @@ -#define COMMAND 257 -#define ALIAS 258 -#define DEFVAR 259 -#define NTWKADDR 260 -#define NETGROUP 261 -#define USERGROUP 262 -#define WORD 263 -#define DEFAULTS 264 -#define DEFAULTS_HOST 265 -#define DEFAULTS_USER 266 -#define RUNAS 267 -#define NOPASSWD 268 -#define PASSWD 269 -#define ALL 270 -#define COMMENT 271 -#define HOSTALIAS 272 -#define CMNDALIAS 273 -#define USERALIAS 274 -#define RUNASALIAS 275 -#define ERROR 276 +#ifndef BISON_SUDO_TAB_H +# define BISON_SUDO_TAB_H + +#ifndef YYSTYPE typedef union { char *string; int BOOLEAN; struct sudo_command command; int tok; -} YYSTYPE; +} yystype; +# define YYSTYPE yystype +# define YYSTYPE_IS_TRIVIAL 1 +#endif +# define COMMAND 257 +# define ALIAS 258 +# define DEFVAR 259 +# define NTWKADDR 260 +# define NETGROUP 261 +# define USERGROUP 262 +# define WORD 263 +# define DEFAULTS 264 +# define DEFAULTS_HOST 265 +# define DEFAULTS_USER 266 +# define RUNAS 267 +# define NOPASSWD 268 +# define PASSWD 269 +# define ALL 270 +# define COMMENT 271 +# define HOSTALIAS 272 +# define CMNDALIAS 273 +# define USERALIAS 274 +# define RUNASALIAS 275 +# define ERROR 276 + + extern YYSTYPE yylval; + +#endif /* not BISON_SUDO_TAB_H */ diff --git a/sudoers b/sudoers index 0bc6c9a..3dbc03f 100644 --- a/sudoers +++ b/sudoers @@ -5,6 +5,8 @@ # See the sudoers man page for the details on how to write a sudoers file. # +# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin" + # Host alias specification # User alias specification diff --git a/sudoers.pod b/sudoers.pod index 80fd724..6e74fba 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -580,8 +580,8 @@ interpreting the C<@> sign. Defaults to C<@mailto@>. =item exempt_group -Users in this group are exempt from password and PATH requirements. -This is not set by default. +Users in this group are exempt from password and PATH requirements. This +option is turned on for Debian. =item verifypw -- 2.47.2