/*
- * CU sudo version 1.6
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
+ * This code is derived from software contributed by Chris Jepeway
+ * <jepeway@cs.utk.edu>.
*
- * parse.c -- sudo parser frontend and comparison routines.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
*
- * This code is derived from software contributed by Chris Jepeway
- * <jepeway@cs.utk.edu>
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#endif
#include "sudo.h"
+#include "parse.h"
#include "interfaces.h"
#ifndef lint
*/
int parse_error = FALSE;
extern FILE *yyin, *yyout;
-extern int printmatches;
/*
* Prototypes
{
int return_code;
- /* become sudoers file owner */
+ /* Become sudoers file owner */
set_perms(PERM_SUDOERS, 0);
- /* we opened _PATH_SUDO_SUDOERS in check_sudoers() so just rewind it */
+ /* We opened _PATH_SUDO_SUDOERS in check_sudoers() so just rewind it. */
rewind(sudoers_fp);
yyin = sudoers_fp;
yyout = stdout;
}
/*
- * we popped everything off the stack =>
- * user was mentioned, but not explicitly
- * granted nor denied access => say no
+ * We popped everything off the stack and the user was mentioned, but
+ * not explicitly granted nor denied access.
*/
return(VALIDATE_NOT_OK);
}
-
-
/*
* If path doesn't end in /, return TRUE iff cmnd & path name the same inode;
* otherwise, return TRUE if cmnd names one of the inodes in path.
*/
int
-command_matches(cmnd, user_args, path, sudoers_args)
+command_matches(cmnd, cmnd_args, path, sudoers_args)
char *cmnd;
- char *user_args;
+ char *cmnd_args;
char *path;
char *sudoers_args;
{
if (fnmatch(path, cmnd, FNM_PATHNAME) != 0)
return(FALSE);
if (!sudoers_args ||
- (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
- (sudoers_args && fnmatch(sudoers_args, user_args ? user_args : "",
+ (!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+ (sudoers_args && fnmatch(sudoers_args, cmnd_args ? cmnd_args : "",
0) == 0)) {
- if (cmnd_safe)
- free(cmnd_safe);
- cmnd_safe = estrdup(cmnd);
+ if (safe_cmnd)
+ free(safe_cmnd);
+ safe_cmnd = estrdup(user_cmnd);
return(TRUE);
} else
return(FALSE);
if (cst.st_dev != pst.st_dev || cst.st_ino != pst.st_ino)
return(FALSE);
if (!sudoers_args ||
- (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+ (!cmnd_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
(sudoers_args &&
- fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
- if (cmnd_safe)
- free(cmnd_safe);
- cmnd_safe = estrdup(path);
+ fnmatch(sudoers_args, cmnd_args ? cmnd_args : "", 0) == 0)) {
+ if (safe_cmnd)
+ free(safe_cmnd);
+ safe_cmnd = estrdup(path);
return(TRUE);
} else
return(FALSE);
if (strcmp(cmnd_base, dent->d_name) != 0 || stat(buf, &pst) == -1)
continue;
if (cst.st_dev == pst.st_dev && cst.st_ino == pst.st_ino) {
- if (cmnd_safe)
- free(cmnd_safe);
- cmnd_safe = estrdup(buf);
+ if (safe_cmnd)
+ free(safe_cmnd);
+ safe_cmnd = estrdup(buf);
break;
}
}
}
}
-
-
/*
* Returns TRUE if "n" is one of our ip addresses or if
* "n" is a network that we are on, else returns FALSE.
return(FALSE);
}
-
-
/*
* Returns TRUE if the given user belongs to the named group,
* else returns FALSE.
return(FALSE);
}
-
-
/*
* Returns TRUE if "host" and "user" belong to the netgroup "netgr",
* else return FALSE. Either of "host" or "user" may be NULL
#endif /* HAVE_INNETGR */
}
-
-
/*
* Returns TRUE if "s" has shell meta characters in it,
* else returns FALSE.
--- /dev/null
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $Sudo$
+ */
+
+#ifndef _SUDO_PARSE_H
+#define _SUDO_PARSE_H
+
+/*
+ * Data structure used in parsing sudoers;
+ * top of stack values are the ones that
+ * apply when parsing is done & can be
+ * accessed by *_matches macros
+ */
+#define STACKINCREMENT (32)
+struct matchstack {
+ int user;
+ int cmnd;
+ int host;
+ int runas;
+ int nopass;
+};
+
+/*
+ * Data structure describing a command in the
+ * sudoers file.
+ */
+struct sudo_command {
+ char *cmnd;
+ char *args;
+};
+
+#define user_matches (match[top-1].user)
+#define user_matched (match[top].user)
+#define cmnd_matches (match[top-1].cmnd)
+#define cmnd_matched (match[top].cmnd)
+#define host_matches (match[top-1].host)
+#define host_matched (match[top].host)
+#define runas_matches (match[top-1].runas)
+#define runas_matched (match[top].runas)
+#define no_passwd (match[top-1].nopass)
+
+/*
+ * Structure containing command matches if "sudo -l" is used.
+ */
+struct command_match {
+ char *runas;
+ size_t runas_len;
+ size_t runas_size;
+ char *cmnd;
+ size_t cmnd_len;
+ size_t cmnd_size;
+ int nopasswd;
+};
+
+/*
+ * Structure containing Cmnd_Alias's if "sudo -l" is used.
+ */
+struct generic_alias {
+ char *alias;
+ char *entries;
+ size_t entries_size;
+ size_t entries_len;
+};
+
+/* The matching stack and number of entries on it. */
+extern struct matchstack *match;
+extern int top;
+
+#endif /* _SUDO_PARSE_H */
%{
/*
- * CU sudo version 1.6
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * parse.lex -- lexigraphical analyzer for sudo.
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
*
* This code is derived from software contributed by Chris Jepeway
* <jepeway@cs.utk.edu>
+ *
+ * This code is derived from software contributed by Chris Jepeway
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include <sys/types.h>
#include <sys/param.h>
#include "sudo.h"
+#include "parse.h"
#include "sudo.tab.h"
#ifndef lint
yylval.string[len] = '\0';
}
-
static void
fill_cmnd(s, len)
char *s;
yylval.command.args = NULL;
}
-
static void
fill_args(s, len, addspace)
char *s;
arg_len = new_len;
}
-
int
yywrap()
{
YY_NEW_FILE;
#endif /* YY_NEW_FILE */
- /* don't reset the aliases if called by testsudoers */
+ /* Don't reset the aliases if called by testsudoers. */
if (clearaliases)
reset_aliases();
%{
-
/*
- * CU sudo version 1.6
- * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 1, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Please send bugs, changes, problems to sudo-bugs@courtesan.com
- *
- *******************************************************************
- *
- * parse.yacc -- yacc parser and alias manipulation routines for sudo.
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
*
* This code is derived from software contributed by Chris Jepeway
* <jepeway@cs.utk.edu>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#endif /* HAVE_LSEARCH */
#include "sudo.h"
+#include "parse.h"
#ifndef HAVE_LSEARCH
#include "emul/search.h"
yyerror(s)
char *s;
{
- /* save the line the first error occured on */
+ /* Save the line the first error occured on. */
if (errorlineno == -1)
errorlineno = sudolineno ? sudolineno - 1 : 0;
#ifndef TRACELEXER
int tok;
}
-
%start file /* special start symbol */
%token <string> ALIAS /* an UPPERCASE alias name */
%token <string> NTWKADDR /* w.x.y.z */
free($1);
}
| NETGROUP {
- if (netgr_matches($1, host, NULL))
+ if (netgr_matches($1, user_host, NULL))
host_matches = TRUE;
free($1);
}
| NAME {
- if (strcasecmp(shost, $1) == 0)
+ if (strcasecmp(user_shost, $1) == 0)
host_matches = TRUE;
free($1);
}
| FQHOST {
- if (strcasecmp(host, $1) == 0)
+ if (strcasecmp(user_host, $1) == 0)
host_matches = TRUE;
free($1);
}
| ALIAS {
/* could be an all-caps hostname */
if (find_alias($1, HOST_ALIAS) == TRUE ||
- strcasecmp(shost, $1) == 0)
+ strcasecmp(user_shost, $1) == 0)
host_matches = TRUE;
free($1);
}
*/
if (runas_matches == -1)
runas_matches =
- (strcmp(RUNAS_DEFAULT, runas_user) == 0);
+ (strcmp(RUNAS_DEFAULT, user_runas) == 0);
}
| RUNAS runaslist { ; }
;
}
runasuser : NAME {
- runas_matches = (strcmp($1, runas_user) == 0);
+ runas_matches = (strcmp($1, user_runas) == 0);
if (printmatches == TRUE && in_alias == TRUE)
append($1, &ga_list[ga_list_len-1].entries,
&ga_list[ga_list_len-1].entries_len,
free($1);
}
| USERGROUP {
- runas_matches = usergr_matches($1, runas_user);
+ runas_matches = usergr_matches($1, user_runas);
if (printmatches == TRUE && in_alias == TRUE)
append($1, &ga_list[ga_list_len-1].entries,
&ga_list[ga_list_len-1].entries_len,
free($1);
}
| NETGROUP {
- runas_matches = netgr_matches($1, NULL, runas_user);
+ runas_matches = netgr_matches($1, NULL, user_runas);
if (printmatches == TRUE && in_alias == TRUE)
append($1, &ga_list[ga_list_len-1].entries,
&ga_list[ga_list_len-1].entries_len,
| ALIAS {
/* could be an all-caps username */
if (find_alias($1, RUNAS_ALIAS) == TRUE ||
- strcmp($1, runas_user) == 0)
+ strcmp($1, user_runas) == 0)
runas_matches = TRUE;
else
runas_matches = FALSE;
}
$$ = cmnd_matches = TRUE;
- if (cmnd_safe)
- free(cmnd_safe);
- cmnd_safe = estrdup(cmnd);
+ if (safe_cmnd)
+ free(safe_cmnd);
+ safe_cmnd = estrdup(user_cmnd);
}
| ALIAS {
if (printmatches == TRUE && in_alias == TRUE) {
}
/* if NewArgc > 1 pass ptr to 1st arg, else NULL */
- if (command_matches(cmnd, (NewArgc > 1) ?
- cmnd_args : NULL, $1.cmnd, $1.args)) {
+ if (command_matches(user_cmnd, (NewArgc > 1) ?
+ user_args : NULL, $1.cmnd, $1.args)) {
cmnd_matches = TRUE;
$$ = TRUE;
}
%%
-
typedef struct {
int type;
char name[BUFSIZ];
size_t nslots = 0;
-/**********************************************************************
- *
- * aliascmp()
- *
- * This function compares two aliasinfo structures.
+/*
+ * Compare two aliasinfo structures, strcmp() style.
*/
-
static int
aliascmp(a1, a2)
const VOID *a1, *a2;
return(r);
}
-
-/**********************************************************************
- *
- * genaliascmp()
- *
- * This function compares two generic_alias structures.
+/*
+ * Compare two generic_alias structures, strcmp() style.
*/
-
static int
genaliascmp(entry, key)
const VOID *entry, *key;
}
-/**********************************************************************
- *
- * add_alias()
- *
- * This function adds the named alias of the specified type to the
- * aliases list.
+/*
+ * Adds the named alias of the specified type to the aliases list.
*/
-
static int
add_alias(alias, type)
char *alias;
return(ok);
}
-
-/**********************************************************************
- *
- * find_alias()
- *
- * This function searches for the named alias of the specified type.
+/*
+ * Searches for the named alias of the specified type.
*/
-
static int
find_alias(alias, type)
char *alias;
sizeof(ai), aliascmp) != NULL);
}
-
-/**********************************************************************
- *
- * more_aliases()
- *
- * This function allocates more space for the aliases list.
+/*
+ * Allocates more space for the aliases list.
*/
-
static int
more_aliases()
{
+
nslots += MOREALIASES;
if (nslots == MOREALIASES)
aliases = (aliasinfo *) malloc(nslots * sizeof(aliasinfo));
return(aliases != NULL);
}
-
-/**********************************************************************
- *
- * dumpaliases()
- *
- * This function lists the contents of the aliases list.
+/*
+ * Lists the contents of the aliases list.
*/
-
void
dumpaliases()
{
}
}
-
-/**********************************************************************
- *
- * list_matches()
- *
- * This function lists the contents of cm_list and ga_list for
- * `sudo -l'.
+/*
+ * Lists the contents of cm_list and ga_list for `sudo -l'.
*/
-
void
list_matches()
{
cm_list_size = 0;
}
-
-/**********************************************************************
- *
- * append()
- *
- * This function appends a source string to the destination prefixing
- * a separator if one is given.
+/*
+ * Appends a source string to the destination, optionally prefixing a separator.
*/
-
static void
append(src, dstp, dst_len, dst_size, separator)
char *src, **dstp;
*dst_len += src_len;
}
-
-/**********************************************************************
- *
- * reset_aliases()
- *
- * This function frees up space used by the aliases list and resets
- * the associated counters.
+/*
+ * Frees up space used by the aliases list and resets the associated counters.
*/
-
void
reset_aliases()
{
+
if (aliases) {
free(aliases);
aliases = NULL;
naliases = nslots = 0;
}
-
-/**********************************************************************
- *
- * expand_ga_list()
- *
- * This function increments ga_list_len, allocating more space as necessary.
+/*
+ * Increments ga_list_len, allocating more space as necessary.
*/
-
static void
expand_ga_list()
{
+
if (++ga_list_len >= ga_list_size) {
while ((ga_list_size += STACKINCREMENT) < ga_list_len)
;
ga_list[ga_list_len - 1].entries = NULL;
}
-
-/**********************************************************************
- *
- * expand_match_list()
- *
- * This function increments cm_list_len, allocating more space as necessary.
+/*
+ * Increments cm_list_len, allocating more space as necessary.
*/
-
static void
expand_match_list()
{
+
if (++cm_list_len >= cm_list_size) {
while ((cm_list_size += STACKINCREMENT) < cm_list_len)
;
cm_list[cm_list_len].nopasswd = FALSE;
}
-
-/**********************************************************************
- *
- * init_parser()
- *
- * This function frees up spaced used by a previous parse and
- * allocates new space for various data structures.
+/*
+ * Frees up spaced used by a previous parser run and allocates new space
+ * for various data structures.
*/
-
void
init_parser()
{
+
/* Free up old data structures if we run the parser more than once. */
if (match) {
free(match);
projects / sudo / commitdiff