struct sudoers_parse_tree parsed_policy = {
TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs),
TAILQ_HEAD_INITIALIZER(parsed_policy.defaults),
- NULL /* aliases */
+ NULL, /* aliases */
+ NULL, /* lhost */
+ NULL /* shost */
};
/*
static struct defaults *new_default(char *, char *, short);
static struct member *new_member(char *, int);
static struct command_digest *new_digest(int, char *);
-#line 80 "gram.y"
+#line 82 "gram.y"
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
int tok;
} YYSTYPE;
#endif /* YYSTYPE_DEFINED */
-#line 133 "gram.c"
+#line 135 "gram.c"
#define COMMAND 257
#define ALIAS 258
#define DEFVAR 259
YYSTYPE *yyvs;
unsigned int yystacksize;
int yyparse(void);
-#line 906 "gram.y"
+#line 908 "gram.y"
void
sudoerserror(const char *s)
{
* Initialized a sudoers parse tree.
*/
void
-init_parse_tree(struct sudoers_parse_tree *parse_tree)
+init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost,
+ const char *shost)
{
TAILQ_INIT(&parse_tree->userspecs);
TAILQ_INIT(&parse_tree->defaults);
parse_tree->aliases = NULL;
+ parse_tree->shost = shost;
+ parse_tree->lhost = lhost;
}
/*
opts->limitprivs = NULL;
#endif
}
-#line 1046 "gram.c"
+#line 1051 "gram.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
switch (yyn)
{
case 1:
-#line 178 "gram.y"
+#line 180 "gram.y"
{ ; }
break;
case 5:
-#line 186 "gram.y"
+#line 188 "gram.y"
{
;
}
break;
case 6:
-#line 189 "gram.y"
+#line 191 "gram.y"
{
yyerrok;
}
break;
case 7:
-#line 192 "gram.y"
+#line 194 "gram.y"
{
if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) {
sudoerserror(N_("unable to allocate memory"));
}
break;
case 8:
-#line 198 "gram.y"
+#line 200 "gram.y"
{
;
}
break;
case 9:
-#line 201 "gram.y"
+#line 203 "gram.y"
{
;
}
break;
case 10:
-#line 204 "gram.y"
+#line 206 "gram.y"
{
;
}
break;
case 11:
-#line 207 "gram.y"
+#line 209 "gram.y"
{
;
}
break;
case 12:
-#line 210 "gram.y"
+#line 212 "gram.y"
{
if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults))
YYERROR;
}
break;
case 13:
-#line 214 "gram.y"
+#line 216 "gram.y"
{
if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR;
}
break;
case 14:
-#line 218 "gram.y"
+#line 220 "gram.y"
{
if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR;
}
break;
case 15:
-#line 222 "gram.y"
+#line 224 "gram.y"
{
if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR;
}
break;
case 16:
-#line 226 "gram.y"
+#line 228 "gram.y"
{
if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults))
YYERROR;
}
break;
case 18:
-#line 233 "gram.y"
+#line 235 "gram.y"
{
HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries);
yyval.defaults = yyvsp[-2].defaults;
}
break;
case 19:
-#line 239 "gram.y"
+#line 241 "gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, true);
if (yyval.defaults == NULL) {
}
break;
case 20:
-#line 246 "gram.y"
+#line 248 "gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, false);
if (yyval.defaults == NULL) {
}
break;
case 21:
-#line 253 "gram.y"
+#line 255 "gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
if (yyval.defaults == NULL) {
}
break;
case 22:
-#line 260 "gram.y"
+#line 262 "gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
if (yyval.defaults == NULL) {
}
break;
case 23:
-#line 267 "gram.y"
+#line 269 "gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
if (yyval.defaults == NULL) {
}
break;
case 25:
-#line 277 "gram.y"
+#line 279 "gram.y"
{
HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries);
yyval.privilege = yyvsp[-2].privilege;
}
break;
case 26:
-#line 283 "gram.y"
+#line 285 "gram.y"
{
struct privilege *p = calloc(1, sizeof(*p));
if (p == NULL) {
}
break;
case 27:
-#line 297 "gram.y"
+#line 299 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
case 28:
-#line 301 "gram.y"
+#line 303 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
case 29:
-#line 307 "gram.y"
+#line 309 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) {
}
break;
case 30:
-#line 314 "gram.y"
+#line 316 "gram.y"
{
yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) {
}
break;
case 31:
-#line 321 "gram.y"
+#line 323 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
if (yyval.member == NULL) {
}
break;
case 32:
-#line 328 "gram.y"
+#line 330 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, NTWKADDR);
if (yyval.member == NULL) {
}
break;
case 33:
-#line 335 "gram.y"
+#line 337 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
if (yyval.member == NULL) {
}
break;
case 35:
-#line 345 "gram.y"
+#line 347 "gram.y"
{
struct cmndspec *prev;
prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries);
}
break;
case 36:
-#line 398 "gram.y"
+#line 400 "gram.y"
{
struct cmndspec *cs = calloc(1, sizeof(*cs));
if (cs == NULL) {
}
break;
case 37:
-#line 449 "gram.y"
+#line 451 "gram.y"
{
yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string);
if (yyval.digest == NULL) {
}
break;
case 38:
-#line 456 "gram.y"
+#line 458 "gram.y"
{
yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string);
if (yyval.digest == NULL) {
}
break;
case 39:
-#line 463 "gram.y"
+#line 465 "gram.y"
{
yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string);
if (yyval.digest == NULL) {
}
break;
case 40:
-#line 470 "gram.y"
+#line 472 "gram.y"
{
yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string);
if (yyval.digest == NULL) {
}
break;
case 41:
-#line 479 "gram.y"
+#line 481 "gram.y"
{
yyval.member = yyvsp[0].member;
}
break;
case 42:
-#line 482 "gram.y"
+#line 484 "gram.y"
{
if (yyvsp[0].member->type != COMMAND) {
sudoerserror(N_("a digest requires a path name"));
}
break;
case 43:
-#line 493 "gram.y"
+#line 495 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
case 44:
-#line 497 "gram.y"
+#line 499 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
case 45:
-#line 503 "gram.y"
+#line 505 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 46:
-#line 508 "gram.y"
+#line 510 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 47:
-#line 512 "gram.y"
+#line 514 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 48:
-#line 517 "gram.y"
+#line 519 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 49:
-#line 522 "gram.y"
+#line 524 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 50:
-#line 527 "gram.y"
+#line 529 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 51:
-#line 531 "gram.y"
+#line 533 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
case 52:
-#line 536 "gram.y"
+#line 538 "gram.y"
{
yyval.runas = NULL;
}
break;
case 53:
-#line 539 "gram.y"
+#line 541 "gram.y"
{
yyval.runas = yyvsp[-1].runas;
}
break;
case 54:
-#line 544 "gram.y"
+#line 546 "gram.y"
{
yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas != NULL) {
}
break;
case 55:
-#line 559 "gram.y"
+#line 561 "gram.y"
{
yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas == NULL) {
}
break;
case 56:
-#line 568 "gram.y"
+#line 570 "gram.y"
{
yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas == NULL) {
}
break;
case 57:
-#line 577 "gram.y"
+#line 579 "gram.y"
{
yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas == NULL) {
}
break;
case 58:
-#line 586 "gram.y"
+#line 588 "gram.y"
{
yyval.runas = calloc(1, sizeof(struct runascontainer));
if (yyval.runas != NULL) {
}
break;
case 59:
-#line 603 "gram.y"
+#line 605 "gram.y"
{
init_options(&yyval.options);
}
break;
case 60:
-#line 606 "gram.y"
+#line 608 "gram.y"
{
yyval.options.notbefore = parse_gentime(yyvsp[0].string);
free(yyvsp[0].string);
}
break;
case 61:
-#line 614 "gram.y"
+#line 616 "gram.y"
{
yyval.options.notafter = parse_gentime(yyvsp[0].string);
free(yyvsp[0].string);
}
break;
case 62:
-#line 622 "gram.y"
+#line 624 "gram.y"
{
yyval.options.timeout = parse_timeout(yyvsp[0].string);
free(yyvsp[0].string);
}
break;
case 63:
-#line 633 "gram.y"
+#line 635 "gram.y"
{
#ifdef HAVE_SELINUX
free(yyval.options.role);
}
break;
case 64:
-#line 639 "gram.y"
+#line 641 "gram.y"
{
#ifdef HAVE_SELINUX
free(yyval.options.type);
}
break;
case 65:
-#line 645 "gram.y"
+#line 647 "gram.y"
{
#ifdef HAVE_PRIV_SET
free(yyval.options.privs);
}
break;
case 66:
-#line 651 "gram.y"
+#line 653 "gram.y"
{
#ifdef HAVE_PRIV_SET
free(yyval.options.limitprivs);
}
break;
case 67:
-#line 659 "gram.y"
+#line 661 "gram.y"
{
TAGS_INIT(yyval.tag);
}
break;
case 68:
-#line 662 "gram.y"
+#line 664 "gram.y"
{
yyval.tag.nopasswd = true;
}
break;
case 69:
-#line 665 "gram.y"
+#line 667 "gram.y"
{
yyval.tag.nopasswd = false;
}
break;
case 70:
-#line 668 "gram.y"
+#line 670 "gram.y"
{
yyval.tag.noexec = true;
}
break;
case 71:
-#line 671 "gram.y"
+#line 673 "gram.y"
{
yyval.tag.noexec = false;
}
break;
case 72:
-#line 674 "gram.y"
+#line 676 "gram.y"
{
yyval.tag.setenv = true;
}
break;
case 73:
-#line 677 "gram.y"
+#line 679 "gram.y"
{
yyval.tag.setenv = false;
}
break;
case 74:
-#line 680 "gram.y"
+#line 682 "gram.y"
{
yyval.tag.log_input = true;
}
break;
case 75:
-#line 683 "gram.y"
+#line 685 "gram.y"
{
yyval.tag.log_input = false;
}
break;
case 76:
-#line 686 "gram.y"
+#line 688 "gram.y"
{
yyval.tag.log_output = true;
}
break;
case 77:
-#line 689 "gram.y"
+#line 691 "gram.y"
{
yyval.tag.log_output = false;
}
break;
case 78:
-#line 692 "gram.y"
+#line 694 "gram.y"
{
yyval.tag.follow = true;
}
break;
case 79:
-#line 695 "gram.y"
+#line 697 "gram.y"
{
yyval.tag.follow = false;
}
break;
case 80:
-#line 698 "gram.y"
+#line 700 "gram.y"
{
yyval.tag.send_mail = true;
}
break;
case 81:
-#line 701 "gram.y"
+#line 703 "gram.y"
{
yyval.tag.send_mail = false;
}
break;
case 82:
-#line 706 "gram.y"
+#line 708 "gram.y"
{
yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) {
}
break;
case 83:
-#line 713 "gram.y"
+#line 715 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) {
}
break;
case 84:
-#line 720 "gram.y"
+#line 722 "gram.y"
{
struct sudo_command *c = calloc(1, sizeof(*c));
if (c == NULL) {
}
break;
case 87:
-#line 741 "gram.y"
+#line 743 "gram.y"
{
const char *s;
s = alias_add(&parsed_policy, yyvsp[-2].string, HOSTALIAS,
}
break;
case 89:
-#line 753 "gram.y"
+#line 755 "gram.y"
{
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member;
}
break;
case 92:
-#line 763 "gram.y"
+#line 765 "gram.y"
{
const char *s;
s = alias_add(&parsed_policy, yyvsp[-2].string, CMNDALIAS,
}
break;
case 94:
-#line 775 "gram.y"
+#line 777 "gram.y"
{
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member;
}
break;
case 97:
-#line 785 "gram.y"
+#line 787 "gram.y"
{
const char *s;
s = alias_add(&parsed_policy, yyvsp[-2].string, RUNASALIAS,
}
break;
case 100:
-#line 800 "gram.y"
+#line 802 "gram.y"
{
const char *s;
s = alias_add(&parsed_policy, yyvsp[-2].string, USERALIAS,
}
break;
case 102:
-#line 812 "gram.y"
+#line 814 "gram.y"
{
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member;
}
break;
case 103:
-#line 818 "gram.y"
+#line 820 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
case 104:
-#line 822 "gram.y"
+#line 824 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
case 105:
-#line 828 "gram.y"
+#line 830 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) {
}
break;
case 106:
-#line 835 "gram.y"
+#line 837 "gram.y"
{
yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) {
}
break;
case 107:
-#line 842 "gram.y"
+#line 844 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
if (yyval.member == NULL) {
}
break;
case 108:
-#line 849 "gram.y"
+#line 851 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, USERGROUP);
if (yyval.member == NULL) {
}
break;
case 109:
-#line 856 "gram.y"
+#line 858 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
if (yyval.member == NULL) {
}
break;
case 111:
-#line 866 "gram.y"
+#line 868 "gram.y"
{
HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
yyval.member = yyvsp[-2].member;
}
break;
case 112:
-#line 872 "gram.y"
+#line 874 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
case 113:
-#line 876 "gram.y"
+#line 878 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
case 114:
-#line 882 "gram.y"
+#line 884 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
if (yyval.member == NULL) {
}
break;
case 115:
-#line 889 "gram.y"
+#line 891 "gram.y"
{
yyval.member = new_member(NULL, ALL);
if (yyval.member == NULL) {
}
break;
case 116:
-#line 896 "gram.y"
+#line 898 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
if (yyval.member == NULL) {
}
}
break;
-#line 2175 "gram.c"
+#line 2180 "gram.c"
}
yyssp -= yym;
yystate = *yyssp;
user_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
const struct member *m)
{
- struct alias *a;
+ const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost;
+ const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost;
int matched = UNSPEC;
+ struct alias *a;
debug_decl(user_matches, SUDOERS_DEBUG_MATCH)
switch (m->type) {
break;
case NETGROUP:
if (netgr_matches(m->name,
- def_netgroup_tuple ? user_runhost : NULL,
- def_netgroup_tuple ? user_srunhost : NULL, pw->pw_name))
+ def_netgroup_tuple ? lhost : NULL,
+ def_netgroup_tuple ? shost : NULL, pw->pw_name))
matched = !m->negated;
break;
case USERGROUP:
const struct member_list *user_list, const struct member_list *group_list,
struct member **matching_user, struct member **matching_group)
{
+ const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost;
+ const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost;
+ int user_matched = UNSPEC;
+ int group_matched = UNSPEC;
struct member *m;
struct alias *a;
int rc;
- int user_matched = UNSPEC;
- int group_matched = UNSPEC;
debug_decl(runaslist_matches, SUDOERS_DEBUG_MATCH)
if (ISSET(sudo_user.flags, RUNAS_USER_SPECIFIED) || !ISSET(sudo_user.flags, RUNAS_GROUP_SPECIFIED)) {
break;
case NETGROUP:
if (netgr_matches(m->name,
- def_netgroup_tuple ? user_runhost : NULL,
- def_netgroup_tuple ? user_srunhost : NULL,
+ def_netgroup_tuple ? lhost : NULL,
+ def_netgroup_tuple ? shost : NULL,
runas_pw->pw_name))
user_matched = !m->negated;
break;
hostlist_matches(struct sudoers_parse_tree *parse_tree, const struct passwd *pw,
const struct member_list *list)
{
- return hostlist_matches_int(parse_tree, pw, user_runhost, user_srunhost, list);
+ const char *lhost = parse_tree->lhost ? parse_tree->lhost : user_runhost;
+ const char *shost = parse_tree->shost ? parse_tree->shost : user_srunhost;
+
+ return hostlist_matches_int(parse_tree, pw, lhost, shost, list);
}
/*