2004-10-26 22:10:55 +00:00
|
|
|
%{
|
|
|
|
|
/*
|
2019-04-29 07:21:51 -06:00
|
|
|
* SPDX-License-Identifier: ISC
|
|
|
|
|
*
|
2020-03-11 11:17:52 -06:00
|
|
|
* Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2020
|
2017-12-03 17:53:40 -07:00
|
|
|
* Todd C. Miller <Todd.Miller@sudo.ws>
|
2004-10-26 22:10:55 +00:00
|
|
|
*
|
|
|
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
*
|
|
|
|
|
* Sponsored in part by the Defense Advanced Research Projects
|
|
|
|
|
* Agency (DARPA) and Air Force Research Laboratory, Air Force
|
|
|
|
|
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
|
|
|
|
*/
|
|
|
|
|
|
2004-11-19 18:39:14 +00:00
|
|
|
#include <config.h>
|
2004-10-26 22:10:55 +00:00
|
|
|
|
|
|
|
|
#include <stdio.h>
|
2015-06-19 14:29:27 -06:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stddef.h>
|
2020-05-18 07:59:24 -06:00
|
|
|
#include <string.h>
|
2015-07-02 09:08:28 -06:00
|
|
|
#include <unistd.h>
|
2004-10-26 22:10:55 +00:00
|
|
|
#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
|
|
|
|
|
# include <alloca.h>
|
|
|
|
|
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
|
2017-02-14 15:56:34 -07:00
|
|
|
#include <errno.h>
|
2004-10-26 22:10:55 +00:00
|
|
|
|
2018-05-14 09:05:02 -06:00
|
|
|
#include "sudoers.h"
|
2018-05-24 21:04:07 -06:00
|
|
|
#include "sudo_digest.h"
|
2011-03-21 12:39:06 -04:00
|
|
|
#include "toke.h"
|
2004-10-26 22:10:55 +00:00
|
|
|
|
2020-08-10 13:59:31 -06:00
|
|
|
#ifdef YYBISON
|
|
|
|
|
# define YYERROR_VERBOSE
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-11-12 19:22:32 -07:00
|
|
|
/* If we last saw a newline the entry is on the preceding line. */
|
2020-09-26 06:39:57 -06:00
|
|
|
#define this_lineno (sudoerschar == '\n' ? sudolineno - 1 : sudolineno)
|
2016-11-12 19:22:32 -07:00
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
/*
|
|
|
|
|
* Globals
|
|
|
|
|
*/
|
2012-02-29 15:50:48 -05:00
|
|
|
bool sudoers_warnings = true;
|
2019-11-05 15:18:34 -07:00
|
|
|
bool sudoers_strict = false;
|
2011-12-02 11:27:33 -05:00
|
|
|
bool parse_error = false;
|
2004-10-26 22:10:55 +00:00
|
|
|
int errorlineno = -1;
|
2016-10-31 15:21:18 -06:00
|
|
|
char *errorfile = NULL;
|
2004-10-26 22:10:55 +00:00
|
|
|
|
2018-07-26 15:12:33 -06:00
|
|
|
struct sudoers_parse_tree parsed_policy = {
|
|
|
|
|
TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs),
|
|
|
|
|
TAILQ_HEAD_INITIALIZER(parsed_policy.defaults),
|
2019-08-15 14:20:12 -06:00
|
|
|
NULL, /* aliases */
|
|
|
|
|
NULL, /* lhost */
|
|
|
|
|
NULL /* shost */
|
2018-07-26 15:12:33 -06:00
|
|
|
};
|
2004-10-26 22:10:55 +00:00
|
|
|
|
|
|
|
|
/*
|
2020-05-06 09:27:43 -06:00
|
|
|
* Local prototypes
|
2004-10-26 22:10:55 +00:00
|
|
|
*/
|
2017-02-14 15:56:34 -07:00
|
|
|
static void init_options(struct command_options *opts);
|
2015-05-27 10:36:03 -06:00
|
|
|
static bool add_defaults(int, struct member *, struct defaults *);
|
|
|
|
|
static bool add_userspec(struct member *, struct privilege *);
|
2016-11-09 16:00:12 -07:00
|
|
|
static struct defaults *new_default(char *, char *, short);
|
2010-03-17 19:56:27 -04:00
|
|
|
static struct member *new_member(char *, int);
|
2020-08-10 13:59:31 -06:00
|
|
|
static struct sudo_command *new_command(char *, char *);
|
2018-05-24 21:04:07 -06:00
|
|
|
static struct command_digest *new_digest(int, char *);
|
2004-10-26 22:10:55 +00:00
|
|
|
%}
|
|
|
|
|
|
|
|
|
|
%union {
|
|
|
|
|
struct cmndspec *cmndspec;
|
|
|
|
|
struct defaults *defaults;
|
|
|
|
|
struct member *member;
|
2007-11-21 20:12:00 +00:00
|
|
|
struct runascontainer *runas;
|
2004-10-26 22:10:55 +00:00
|
|
|
struct privilege *privilege;
|
2018-05-24 21:04:07 -06:00
|
|
|
struct command_digest *digest;
|
2004-10-26 22:10:55 +00:00
|
|
|
struct sudo_command command;
|
2017-02-14 15:56:34 -07:00
|
|
|
struct command_options options;
|
2017-02-14 15:56:34 -07:00
|
|
|
struct cmndtag tag;
|
2004-10-26 22:10:55 +00:00
|
|
|
char *string;
|
|
|
|
|
int tok;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
%start file /* special start symbol */
|
2020-08-07 14:22:24 -06:00
|
|
|
%token END 0 /* end of file from lexer */
|
2004-10-26 22:10:55 +00:00
|
|
|
%token <command> COMMAND /* absolute pathname w/ optional args */
|
|
|
|
|
%token <string> ALIAS /* an UPPERCASE alias name */
|
|
|
|
|
%token <string> DEFVAR /* a Defaults variable name */
|
2007-08-13 16:29:25 +00:00
|
|
|
%token <string> NTWKADDR /* ipv4 or ipv6 address */
|
2004-10-26 22:10:55 +00:00
|
|
|
%token <string> NETGROUP /* a netgroup (+NAME) */
|
|
|
|
|
%token <string> USERGROUP /* a usergroup (%NAME) */
|
|
|
|
|
%token <string> WORD /* a word */
|
2013-04-15 15:12:00 -04:00
|
|
|
%token <string> DIGEST /* a SHA-2 digest */
|
2020-05-20 13:10:53 -06:00
|
|
|
%token <tok> INCLUDE /* @include */
|
|
|
|
|
%token <tok> INCLUDEDIR /* @includedir */
|
2004-10-26 22:10:55 +00:00
|
|
|
%token <tok> DEFAULTS /* Defaults entry */
|
|
|
|
|
%token <tok> DEFAULTS_HOST /* Host-specific defaults entry */
|
|
|
|
|
%token <tok> DEFAULTS_USER /* User-specific defaults entry */
|
|
|
|
|
%token <tok> DEFAULTS_RUNAS /* Runas-specific defaults entry */
|
2004-11-19 21:35:12 +00:00
|
|
|
%token <tok> DEFAULTS_CMND /* Command-specific defaults entry */
|
2004-10-26 22:10:55 +00:00
|
|
|
%token <tok> NOPASSWD /* no passwd req for command */
|
|
|
|
|
%token <tok> PASSWD /* passwd req for command (default) */
|
|
|
|
|
%token <tok> NOEXEC /* preload dummy execve() for cmnd */
|
|
|
|
|
%token <tok> EXEC /* don't preload dummy execve() */
|
2007-06-23 23:58:54 +00:00
|
|
|
%token <tok> SETENV /* user may set environment for cmnd */
|
|
|
|
|
%token <tok> NOSETENV /* user may not set environment */
|
2010-05-30 10:31:38 -04:00
|
|
|
%token <tok> LOG_INPUT /* log user's cmnd input */
|
|
|
|
|
%token <tok> NOLOG_INPUT /* don't log user's cmnd input */
|
|
|
|
|
%token <tok> LOG_OUTPUT /* log cmnd output */
|
|
|
|
|
%token <tok> NOLOG_OUTPUT /* don't log cmnd output */
|
2015-02-19 10:02:20 -07:00
|
|
|
%token <tok> MAIL /* mail log message */
|
|
|
|
|
%token <tok> NOMAIL /* don't mail log message */
|
2019-02-12 12:02:02 -07:00
|
|
|
%token <tok> FOLLOWLNK /* follow symbolic links */
|
|
|
|
|
%token <tok> NOFOLLOWLNK /* don't follow symbolic links */
|
2004-10-26 22:10:55 +00:00
|
|
|
%token <tok> ALL /* ALL keyword */
|
|
|
|
|
%token <tok> HOSTALIAS /* Host_Alias keyword */
|
|
|
|
|
%token <tok> CMNDALIAS /* Cmnd_Alias keyword */
|
|
|
|
|
%token <tok> USERALIAS /* User_Alias keyword */
|
|
|
|
|
%token <tok> RUNASALIAS /* Runas_Alias keyword */
|
|
|
|
|
%token <tok> ':' '=' ',' '!' '+' '-' /* union member tokens */
|
2007-08-22 22:23:59 +00:00
|
|
|
%token <tok> '(' ')' /* runas tokens */
|
2020-08-10 13:59:31 -06:00
|
|
|
%token <tok> '\n' /* newline (with optional comment) */
|
2020-08-07 14:22:24 -06:00
|
|
|
%token <tok> ERROR /* error from lexer */
|
2020-08-16 06:42:15 -06:00
|
|
|
%token <tok> NOMATCH /* no match from lexer */
|
2020-09-01 06:26:00 -06:00
|
|
|
%token <tok> CHROOT /* root directory for command */
|
|
|
|
|
%token <tok> CWD /* working directory for command */
|
2008-02-09 14:30:06 +00:00
|
|
|
%token <tok> TYPE /* SELinux type */
|
|
|
|
|
%token <tok> ROLE /* SELinux role */
|
2012-07-26 13:49:21 -04:00
|
|
|
%token <tok> PRIVS /* Solaris privileges */
|
|
|
|
|
%token <tok> LIMITPRIVS /* Solaris limit privileges */
|
2017-02-14 15:56:34 -07:00
|
|
|
%token <tok> CMND_TIMEOUT /* command timeout */
|
2017-02-18 15:35:48 -07:00
|
|
|
%token <tok> NOTBEFORE /* time restriction */
|
|
|
|
|
%token <tok> NOTAFTER /* time restriction */
|
2012-08-02 14:02:54 -04:00
|
|
|
%token <tok> MYSELF /* run as myself, not another user */
|
2014-04-09 16:31:13 -06:00
|
|
|
%token <tok> SHA224_TOK /* sha224 token */
|
|
|
|
|
%token <tok> SHA256_TOK /* sha256 token */
|
|
|
|
|
%token <tok> SHA384_TOK /* sha384 token */
|
|
|
|
|
%token <tok> SHA512_TOK /* sha512 token */
|
2004-10-26 22:10:55 +00:00
|
|
|
|
|
|
|
|
%type <cmndspec> cmndspec
|
|
|
|
|
%type <cmndspec> cmndspeclist
|
|
|
|
|
%type <defaults> defaults_entry
|
|
|
|
|
%type <defaults> defaults_list
|
|
|
|
|
%type <member> cmnd
|
|
|
|
|
%type <member> opcmnd
|
2013-04-14 07:00:21 -04:00
|
|
|
%type <member> digcmnd
|
2004-10-26 22:10:55 +00:00
|
|
|
%type <member> cmndlist
|
|
|
|
|
%type <member> host
|
|
|
|
|
%type <member> hostlist
|
|
|
|
|
%type <member> ophost
|
|
|
|
|
%type <member> opuser
|
|
|
|
|
%type <member> user
|
|
|
|
|
%type <member> userlist
|
2007-11-21 20:12:00 +00:00
|
|
|
%type <member> opgroup
|
|
|
|
|
%type <member> group
|
|
|
|
|
%type <member> grouplist
|
|
|
|
|
%type <runas> runasspec
|
|
|
|
|
%type <runas> runaslist
|
2004-10-26 22:10:55 +00:00
|
|
|
%type <privilege> privilege
|
|
|
|
|
%type <privilege> privileges
|
2017-02-14 15:56:34 -07:00
|
|
|
%type <tag> cmndtag
|
2017-02-14 15:56:34 -07:00
|
|
|
%type <options> options
|
2020-09-01 06:26:00 -06:00
|
|
|
%type <string> chdirspec
|
|
|
|
|
%type <string> chrootspec
|
2008-02-09 14:30:06 +00:00
|
|
|
%type <string> rolespec
|
|
|
|
|
%type <string> typespec
|
2012-07-26 13:49:21 -04:00
|
|
|
%type <string> privsspec
|
|
|
|
|
%type <string> limitprivsspec
|
2017-02-14 15:56:34 -07:00
|
|
|
%type <string> timeoutspec
|
2017-02-18 15:35:48 -07:00
|
|
|
%type <string> notbeforespec
|
|
|
|
|
%type <string> notafterspec
|
2020-08-07 14:22:24 -06:00
|
|
|
%type <string> include
|
|
|
|
|
%type <string> includedir
|
2020-03-11 11:17:52 -06:00
|
|
|
%type <digest> digestspec
|
|
|
|
|
%type <digest> digestlist
|
2004-10-26 22:10:55 +00:00
|
|
|
|
|
|
|
|
%%
|
|
|
|
|
|
2020-08-16 14:59:45 -06:00
|
|
|
file : {
|
|
|
|
|
; /* empty file */
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
| line
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
line : entry
|
|
|
|
|
| line entry
|
|
|
|
|
;
|
|
|
|
|
|
2020-08-10 13:59:31 -06:00
|
|
|
entry : '\n' {
|
2020-08-16 14:59:45 -06:00
|
|
|
; /* blank line */
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| error eol {
|
2020-08-15 11:38:56 -06:00
|
|
|
yyerrok;
|
|
|
|
|
}
|
2020-08-07 14:22:24 -06:00
|
|
|
| include {
|
|
|
|
|
if (!push_include($1, false)) {
|
|
|
|
|
free($1);
|
2020-05-20 13:10:53 -06:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2020-08-07 14:22:24 -06:00
|
|
|
free($1);
|
2020-05-20 13:10:53 -06:00
|
|
|
}
|
2020-08-07 14:22:24 -06:00
|
|
|
| includedir {
|
|
|
|
|
if (!push_include($1, true)) {
|
|
|
|
|
free($1);
|
2020-05-20 13:10:53 -06:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2020-08-07 14:22:24 -06:00
|
|
|
free($1);
|
2020-05-20 13:10:53 -06:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| userlist privileges eol {
|
2015-05-27 10:36:03 -06:00
|
|
|
if (!add_userspec($1, $2)) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| USERALIAS useraliases eol {
|
2004-11-15 03:55:22 +00:00
|
|
|
;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| HOSTALIAS hostaliases eol {
|
2004-11-15 03:55:22 +00:00
|
|
|
;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| CMNDALIAS cmndaliases eol {
|
2004-11-15 03:55:22 +00:00
|
|
|
;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| RUNASALIAS runasaliases eol {
|
2004-11-15 03:55:22 +00:00
|
|
|
;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| DEFAULTS defaults_list eol {
|
2016-11-01 14:13:47 -06:00
|
|
|
if (!add_defaults(DEFAULTS, NULL, $2))
|
2015-05-27 10:36:03 -06:00
|
|
|
YYERROR;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| DEFAULTS_USER userlist defaults_list eol {
|
2016-11-01 14:13:47 -06:00
|
|
|
if (!add_defaults(DEFAULTS_USER, $2, $3))
|
2015-05-27 10:36:03 -06:00
|
|
|
YYERROR;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| DEFAULTS_RUNAS userlist defaults_list eol {
|
2016-11-01 14:13:47 -06:00
|
|
|
if (!add_defaults(DEFAULTS_RUNAS, $2, $3))
|
2015-05-27 10:36:03 -06:00
|
|
|
YYERROR;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| DEFAULTS_HOST hostlist defaults_list eol {
|
2016-11-01 14:13:47 -06:00
|
|
|
if (!add_defaults(DEFAULTS_HOST, $2, $3))
|
2015-05-27 10:36:03 -06:00
|
|
|
YYERROR;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| DEFAULTS_CMND cmndlist defaults_list eol {
|
2016-11-01 14:13:47 -06:00
|
|
|
if (!add_defaults(DEFAULTS_CMND, $2, $3))
|
2015-05-27 10:36:03 -06:00
|
|
|
YYERROR;
|
2004-11-19 21:35:12 +00:00
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
2020-08-16 14:59:45 -06:00
|
|
|
include : INCLUDE WORD eol {
|
2020-08-15 11:29:46 -06:00
|
|
|
$$ = $2;
|
|
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| INCLUDE WORD error eol {
|
2020-08-15 11:29:46 -06:00
|
|
|
yyerrok;
|
|
|
|
|
$$ = $2;
|
|
|
|
|
}
|
2020-08-07 14:22:24 -06:00
|
|
|
;
|
|
|
|
|
|
2020-08-16 14:59:45 -06:00
|
|
|
includedir : INCLUDEDIR WORD eol {
|
2020-08-07 14:22:24 -06:00
|
|
|
$$ = $2;
|
|
|
|
|
}
|
2020-08-16 14:59:45 -06:00
|
|
|
| INCLUDEDIR WORD error eol {
|
2020-08-15 11:29:46 -06:00
|
|
|
yyerrok;
|
|
|
|
|
$$ = $2;
|
|
|
|
|
}
|
2020-08-07 14:22:24 -06:00
|
|
|
;
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
defaults_list : defaults_entry
|
|
|
|
|
| defaults_list ',' defaults_entry {
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
defaults_entry : DEFVAR {
|
2011-12-02 11:27:33 -05:00
|
|
|
$$ = new_default($1, NULL, true);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| '!' DEFVAR {
|
2011-12-02 11:27:33 -05:00
|
|
|
$$ = new_default($2, NULL, false);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| DEFVAR '=' WORD {
|
2011-12-02 11:27:33 -05:00
|
|
|
$$ = new_default($1, $3, true);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| DEFVAR '+' WORD {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_default($1, $3, '+');
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| DEFVAR '-' WORD {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_default($1, $3, '-');
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
privileges : privilege
|
|
|
|
|
| privileges ':' privilege {
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
2020-09-02 11:01:09 -06:00
|
|
|
| privileges ':' error {
|
2020-08-16 15:19:53 -06:00
|
|
|
yyerrok;
|
|
|
|
|
$$ = $1;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
privilege : hostlist '=' cmndspeclist {
|
2015-05-27 10:36:03 -06:00
|
|
|
struct privilege *p = calloc(1, sizeof(*p));
|
|
|
|
|
if (p == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2018-02-09 18:21:01 -07:00
|
|
|
TAILQ_INIT(&p->defaults);
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_TO_TAILQ(&p->hostlist, $1, entries);
|
|
|
|
|
HLTQ_TO_TAILQ(&p->cmndlist, $3, entries);
|
|
|
|
|
HLTQ_INIT(p, entries);
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = p;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
ophost : host {
|
|
|
|
|
$$ = $1;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = false;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| '!' host {
|
|
|
|
|
$$ = $2;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = true;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
host : ALIAS {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, ALIAS);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| ALL {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member(NULL, ALL);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| NETGROUP {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, NETGROUP);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| NTWKADDR {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, NTWKADDR);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| WORD {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, WORD);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
cmndspeclist : cmndspec
|
|
|
|
|
| cmndspeclist ',' cmndspec {
|
2013-10-22 09:08:38 -06:00
|
|
|
struct cmndspec *prev;
|
|
|
|
|
prev = HLTQ_LAST($1, cmndspec, entries);
|
|
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2020-09-01 06:26:00 -06:00
|
|
|
|
|
|
|
|
/* propagate runcwd and runchroot */
|
|
|
|
|
if ($3->runcwd == NULL)
|
|
|
|
|
$3->runcwd = prev->runcwd;
|
|
|
|
|
if ($3->runchroot == NULL)
|
|
|
|
|
$3->runchroot = prev->runchroot;
|
2008-02-09 14:30:06 +00:00
|
|
|
#ifdef HAVE_SELINUX
|
|
|
|
|
/* propagate role and type */
|
2017-02-14 15:56:34 -07:00
|
|
|
if ($3->role == NULL && $3->type == NULL) {
|
2013-10-22 09:08:38 -06:00
|
|
|
$3->role = prev->role;
|
|
|
|
|
$3->type = prev->type;
|
2017-02-14 15:56:34 -07:00
|
|
|
}
|
2008-02-09 14:30:06 +00:00
|
|
|
#endif /* HAVE_SELINUX */
|
2012-07-26 13:49:21 -04:00
|
|
|
#ifdef HAVE_PRIV_SET
|
|
|
|
|
/* propagate privs & limitprivs */
|
2017-02-14 15:56:34 -07:00
|
|
|
if ($3->privs == NULL && $3->limitprivs == NULL) {
|
2013-10-22 09:08:38 -06:00
|
|
|
$3->privs = prev->privs;
|
|
|
|
|
$3->limitprivs = prev->limitprivs;
|
2017-02-14 15:56:34 -07:00
|
|
|
}
|
2012-07-26 13:49:21 -04:00
|
|
|
#endif /* HAVE_PRIV_SET */
|
2017-02-18 15:35:48 -07:00
|
|
|
/* propagate command time restrictions */
|
|
|
|
|
if ($3->notbefore == UNSPEC)
|
|
|
|
|
$3->notbefore = prev->notbefore;
|
|
|
|
|
if ($3->notafter == UNSPEC)
|
|
|
|
|
$3->notafter = prev->notafter;
|
2017-02-14 15:56:34 -07:00
|
|
|
/* propagate command timeout */
|
|
|
|
|
if ($3->timeout == UNSPEC)
|
|
|
|
|
$3->timeout = prev->timeout;
|
2007-09-01 21:39:18 +00:00
|
|
|
/* propagate tags and runas list */
|
|
|
|
|
if ($3->tags.nopasswd == UNSPEC)
|
2013-10-22 09:08:38 -06:00
|
|
|
$3->tags.nopasswd = prev->tags.nopasswd;
|
2007-09-01 21:39:18 +00:00
|
|
|
if ($3->tags.noexec == UNSPEC)
|
2013-10-22 09:08:38 -06:00
|
|
|
$3->tags.noexec = prev->tags.noexec;
|
2007-11-21 16:05:31 +00:00
|
|
|
if ($3->tags.setenv == UNSPEC &&
|
2013-10-22 09:08:38 -06:00
|
|
|
prev->tags.setenv != IMPLIED)
|
|
|
|
|
$3->tags.setenv = prev->tags.setenv;
|
2010-05-30 10:31:38 -04:00
|
|
|
if ($3->tags.log_input == UNSPEC)
|
2013-10-22 09:08:38 -06:00
|
|
|
$3->tags.log_input = prev->tags.log_input;
|
2010-05-30 10:31:38 -04:00
|
|
|
if ($3->tags.log_output == UNSPEC)
|
2013-10-22 09:08:38 -06:00
|
|
|
$3->tags.log_output = prev->tags.log_output;
|
2015-02-19 10:02:20 -07:00
|
|
|
if ($3->tags.send_mail == UNSPEC)
|
|
|
|
|
$3->tags.send_mail = prev->tags.send_mail;
|
2015-08-06 13:20:01 -06:00
|
|
|
if ($3->tags.follow == UNSPEC)
|
|
|
|
|
$3->tags.follow = prev->tags.follow;
|
2013-10-22 09:08:38 -06:00
|
|
|
if (($3->runasuserlist == NULL &&
|
|
|
|
|
$3->runasgrouplist == NULL) &&
|
|
|
|
|
(prev->runasuserlist != NULL ||
|
|
|
|
|
prev->runasgrouplist != NULL)) {
|
|
|
|
|
$3->runasuserlist = prev->runasuserlist;
|
|
|
|
|
$3->runasgrouplist = prev->runasgrouplist;
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2017-02-14 15:56:34 -07:00
|
|
|
cmndspec : runasspec options cmndtag digcmnd {
|
2015-05-27 10:36:03 -06:00
|
|
|
struct cmndspec *cs = calloc(1, sizeof(*cs));
|
|
|
|
|
if (cs == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
if ($1 != NULL) {
|
2013-10-22 09:08:38 -06:00
|
|
|
if ($1->runasusers != NULL) {
|
|
|
|
|
cs->runasuserlist =
|
2015-05-27 10:36:03 -06:00
|
|
|
malloc(sizeof(*cs->runasuserlist));
|
|
|
|
|
if (cs->runasuserlist == NULL) {
|
2019-08-30 10:38:07 -06:00
|
|
|
free(cs);
|
2015-05-27 10:36:03 -06:00
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_TO_TAILQ(cs->runasuserlist,
|
|
|
|
|
$1->runasusers, entries);
|
|
|
|
|
}
|
|
|
|
|
if ($1->runasgroups != NULL) {
|
|
|
|
|
cs->runasgrouplist =
|
2015-05-27 10:36:03 -06:00
|
|
|
malloc(sizeof(*cs->runasgrouplist));
|
|
|
|
|
if (cs->runasgrouplist == NULL) {
|
2019-08-30 10:38:07 -06:00
|
|
|
free(cs);
|
2015-05-27 10:36:03 -06:00
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_TO_TAILQ(cs->runasgrouplist,
|
|
|
|
|
$1->runasgroups, entries);
|
|
|
|
|
}
|
2015-05-27 10:36:03 -06:00
|
|
|
free($1);
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
2008-02-09 14:30:06 +00:00
|
|
|
#ifdef HAVE_SELINUX
|
|
|
|
|
cs->role = $2.role;
|
|
|
|
|
cs->type = $2.type;
|
|
|
|
|
#endif
|
2012-07-26 13:49:21 -04:00
|
|
|
#ifdef HAVE_PRIV_SET
|
2017-02-14 15:56:34 -07:00
|
|
|
cs->privs = $2.privs;
|
|
|
|
|
cs->limitprivs = $2.limitprivs;
|
2012-07-26 13:49:21 -04:00
|
|
|
#endif
|
2017-02-18 15:35:48 -07:00
|
|
|
cs->notbefore = $2.notbefore;
|
|
|
|
|
cs->notafter = $2.notafter;
|
2017-02-14 15:56:34 -07:00
|
|
|
cs->timeout = $2.timeout;
|
2020-09-01 06:26:00 -06:00
|
|
|
cs->runcwd = $2.runcwd;
|
|
|
|
|
cs->runchroot = $2.runchroot;
|
2017-02-14 15:56:34 -07:00
|
|
|
cs->tags = $3;
|
|
|
|
|
cs->cmnd = $4;
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_INIT(cs, entries);
|
2007-11-21 16:05:31 +00:00
|
|
|
/* sudo "ALL" implies the SETENV tag */
|
|
|
|
|
if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
|
|
|
|
|
cs->tags.setenv == UNSPEC)
|
|
|
|
|
cs->tags.setenv = IMPLIED;
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = cs;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2020-03-11 11:17:52 -06:00
|
|
|
digestspec : SHA224_TOK ':' DIGEST {
|
2013-04-14 07:00:21 -04:00
|
|
|
$$ = new_digest(SUDO_DIGEST_SHA224, $3);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2013-04-14 07:00:21 -04:00
|
|
|
}
|
2014-04-09 16:31:13 -06:00
|
|
|
| SHA256_TOK ':' DIGEST {
|
2013-04-14 07:00:21 -04:00
|
|
|
$$ = new_digest(SUDO_DIGEST_SHA256, $3);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2013-04-14 07:00:21 -04:00
|
|
|
}
|
2014-04-09 16:31:13 -06:00
|
|
|
| SHA384_TOK ':' DIGEST {
|
2013-04-14 07:00:21 -04:00
|
|
|
$$ = new_digest(SUDO_DIGEST_SHA384, $3);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2013-04-14 07:00:21 -04:00
|
|
|
}
|
2014-04-09 16:31:13 -06:00
|
|
|
| SHA512_TOK ':' DIGEST {
|
2013-04-14 07:00:21 -04:00
|
|
|
$$ = new_digest(SUDO_DIGEST_SHA512, $3);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2013-04-14 07:00:21 -04:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2020-03-11 11:17:52 -06:00
|
|
|
digestlist : digestspec
|
|
|
|
|
| digestlist ',' digestspec {
|
|
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
|
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2013-04-14 07:00:21 -04:00
|
|
|
digcmnd : opcmnd {
|
|
|
|
|
$$ = $1;
|
|
|
|
|
}
|
2020-03-11 11:17:52 -06:00
|
|
|
| digestlist opcmnd {
|
|
|
|
|
struct sudo_command *c =
|
|
|
|
|
(struct sudo_command *) $2->name;
|
|
|
|
|
|
2020-03-11 11:19:37 -06:00
|
|
|
if ($2->type != COMMAND && $2->type != ALL) {
|
2014-11-19 17:07:24 -07:00
|
|
|
sudoerserror(N_("a digest requires a path name"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2020-03-11 11:19:37 -06:00
|
|
|
if (c == NULL) {
|
|
|
|
|
/* lazy-allocate sudo_command for ALL */
|
|
|
|
|
if ((c = new_command(NULL, NULL)) == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
|
|
|
|
$2->name = (char *)c;
|
|
|
|
|
}
|
2020-03-11 11:17:52 -06:00
|
|
|
HLTQ_TO_TAILQ(&c->digests, $1, entries);
|
2013-04-14 07:00:21 -04:00
|
|
|
$$ = $2;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
opcmnd : cmnd {
|
|
|
|
|
$$ = $1;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = false;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| '!' cmnd {
|
|
|
|
|
$$ = $2;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = true;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2020-09-01 06:26:00 -06:00
|
|
|
chdirspec : CWD '=' WORD {
|
2020-09-01 14:10:02 -06:00
|
|
|
if ($3[0] != '/' && $3[0] != '~') {
|
|
|
|
|
if (strcmp($3, "*") != 0) {
|
|
|
|
|
sudoerserror(N_("values for \"CWD\" must"
|
|
|
|
|
" start with a '/', '~', or '*'"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-09-01 06:26:00 -06:00
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
chrootspec : CHROOT '=' WORD {
|
2020-09-01 14:10:02 -06:00
|
|
|
if ($3[0] != '/' && $3[0] != '~') {
|
|
|
|
|
if (strcmp($3, "*") != 0) {
|
|
|
|
|
sudoerserror(N_("values for \"CHROOT\" must"
|
|
|
|
|
" start with a '/', '~', or '*'"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-09-01 06:26:00 -06:00
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2017-02-14 15:56:34 -07:00
|
|
|
timeoutspec : CMND_TIMEOUT '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2017-02-18 15:35:48 -07:00
|
|
|
notbeforespec : NOTBEFORE '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
notafterspec : NOTAFTER '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2008-02-09 14:30:06 +00:00
|
|
|
rolespec : ROLE '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
typespec : TYPE '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2012-07-26 13:49:21 -04:00
|
|
|
privsspec : PRIVS '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
limitprivsspec : LIMITPRIVS '=' WORD {
|
|
|
|
|
$$ = $3;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
runasspec : /* empty */ {
|
|
|
|
|
$$ = NULL;
|
|
|
|
|
}
|
2007-08-22 22:23:59 +00:00
|
|
|
| '(' runaslist ')' {
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $2;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2012-08-02 14:02:54 -04:00
|
|
|
runaslist : /* empty */ {
|
2015-05-27 10:36:03 -06:00
|
|
|
$$ = calloc(1, sizeof(struct runascontainer));
|
|
|
|
|
if ($$ != NULL) {
|
|
|
|
|
$$->runasusers = new_member(NULL, MYSELF);
|
|
|
|
|
/* $$->runasgroups = NULL; */
|
|
|
|
|
if ($$->runasusers == NULL) {
|
|
|
|
|
free($$);
|
|
|
|
|
$$ = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2012-08-02 14:02:54 -04:00
|
|
|
}
|
|
|
|
|
| userlist {
|
2015-05-27 10:36:03 -06:00
|
|
|
$$ = calloc(1, sizeof(struct runascontainer));
|
|
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
$$->runasusers = $1;
|
2012-03-19 11:24:24 -04:00
|
|
|
/* $$->runasgroups = NULL; */
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
| userlist ':' grouplist {
|
2015-05-27 10:36:03 -06:00
|
|
|
$$ = calloc(1, sizeof(struct runascontainer));
|
|
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
$$->runasusers = $1;
|
|
|
|
|
$$->runasgroups = $3;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
| ':' grouplist {
|
2015-05-27 10:36:03 -06:00
|
|
|
$$ = calloc(1, sizeof(struct runascontainer));
|
|
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2012-03-19 11:24:24 -04:00
|
|
|
/* $$->runasusers = NULL; */
|
2007-11-21 20:12:00 +00:00
|
|
|
$$->runasgroups = $2;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2012-08-02 14:02:54 -04:00
|
|
|
| ':' {
|
2015-05-27 10:36:03 -06:00
|
|
|
$$ = calloc(1, sizeof(struct runascontainer));
|
|
|
|
|
if ($$ != NULL) {
|
|
|
|
|
$$->runasusers = new_member(NULL, MYSELF);
|
|
|
|
|
/* $$->runasgroups = NULL; */
|
|
|
|
|
if ($$->runasusers == NULL) {
|
|
|
|
|
free($$);
|
|
|
|
|
$$ = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2012-08-02 14:02:54 -04:00
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
2020-09-25 12:24:45 -06:00
|
|
|
reserved_word : ALL
|
|
|
|
|
| CHROOT
|
|
|
|
|
| CWD
|
|
|
|
|
| CMND_TIMEOUT
|
|
|
|
|
| NOTBEFORE
|
|
|
|
|
| NOTAFTER
|
|
|
|
|
| ROLE
|
|
|
|
|
| TYPE
|
|
|
|
|
| PRIVS
|
|
|
|
|
| LIMITPRIVS
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
reserved_alias : reserved_word {
|
|
|
|
|
sudoerserror(N_("syntax error, reserved word used as an alias name"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2017-02-14 15:56:34 -07:00
|
|
|
options : /* empty */ {
|
2017-02-14 15:56:34 -07:00
|
|
|
init_options(&$$);
|
|
|
|
|
}
|
2020-09-01 06:26:00 -06:00
|
|
|
| options chdirspec {
|
|
|
|
|
free($$.runcwd);
|
|
|
|
|
$$.runcwd = $2;
|
|
|
|
|
}
|
|
|
|
|
| options chrootspec {
|
|
|
|
|
free($$.runchroot);
|
|
|
|
|
$$.runchroot = $2;
|
|
|
|
|
}
|
2017-02-18 15:35:48 -07:00
|
|
|
| options notbeforespec {
|
|
|
|
|
$$.notbefore = parse_gentime($2);
|
|
|
|
|
free($2);
|
|
|
|
|
if ($$.notbefore == -1) {
|
|
|
|
|
sudoerserror(N_("invalid notbefore value"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
| options notafterspec {
|
|
|
|
|
$$.notafter = parse_gentime($2);
|
|
|
|
|
free($2);
|
|
|
|
|
if ($$.notafter == -1) {
|
|
|
|
|
sudoerserror(N_("invalid notafter value"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-02-14 15:56:34 -07:00
|
|
|
| options timeoutspec {
|
|
|
|
|
$$.timeout = parse_timeout($2);
|
2017-02-14 15:56:34 -07:00
|
|
|
free($2);
|
2017-02-14 15:56:34 -07:00
|
|
|
if ($$.timeout == -1) {
|
2017-02-15 15:13:37 -07:00
|
|
|
if (errno == ERANGE)
|
|
|
|
|
sudoerserror(N_("timeout value too large"));
|
|
|
|
|
else
|
|
|
|
|
sudoerserror(N_("invalid timeout value"));
|
2017-02-14 15:56:34 -07:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2017-02-14 15:56:34 -07:00
|
|
|
}
|
|
|
|
|
| options rolespec {
|
|
|
|
|
#ifdef HAVE_SELINUX
|
2017-02-14 15:56:34 -07:00
|
|
|
free($$.role);
|
2017-02-14 15:56:34 -07:00
|
|
|
$$.role = $2;
|
|
|
|
|
#endif
|
2015-02-19 10:02:20 -07:00
|
|
|
}
|
2017-02-14 15:56:34 -07:00
|
|
|
| options typespec {
|
|
|
|
|
#ifdef HAVE_SELINUX
|
2017-02-14 15:56:34 -07:00
|
|
|
free($$.type);
|
2017-02-14 15:56:34 -07:00
|
|
|
$$.type = $2;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
| options privsspec {
|
|
|
|
|
#ifdef HAVE_PRIV_SET
|
2017-02-14 15:56:34 -07:00
|
|
|
free($$.privs);
|
2017-02-14 15:56:34 -07:00
|
|
|
$$.privs = $2;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
| options limitprivsspec {
|
|
|
|
|
#ifdef HAVE_PRIV_SET
|
2017-02-14 15:56:34 -07:00
|
|
|
free($$.limitprivs);
|
2017-02-14 15:56:34 -07:00
|
|
|
$$.limitprivs = $2;
|
|
|
|
|
#endif
|
2015-02-19 10:02:20 -07:00
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
2017-02-14 15:56:34 -07:00
|
|
|
cmndtag : /* empty */ {
|
|
|
|
|
TAGS_INIT($$);
|
|
|
|
|
}
|
|
|
|
|
| cmndtag NOPASSWD {
|
|
|
|
|
$$.nopasswd = true;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag PASSWD {
|
|
|
|
|
$$.nopasswd = false;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag NOEXEC {
|
|
|
|
|
$$.noexec = true;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag EXEC {
|
|
|
|
|
$$.noexec = false;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag SETENV {
|
|
|
|
|
$$.setenv = true;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag NOSETENV {
|
|
|
|
|
$$.setenv = false;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag LOG_INPUT {
|
|
|
|
|
$$.log_input = true;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag NOLOG_INPUT {
|
|
|
|
|
$$.log_input = false;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag LOG_OUTPUT {
|
|
|
|
|
$$.log_output = true;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag NOLOG_OUTPUT {
|
|
|
|
|
$$.log_output = false;
|
|
|
|
|
}
|
2019-02-12 12:02:02 -07:00
|
|
|
| cmndtag FOLLOWLNK {
|
2017-02-14 15:56:34 -07:00
|
|
|
$$.follow = true;
|
|
|
|
|
}
|
2019-02-12 12:02:02 -07:00
|
|
|
| cmndtag NOFOLLOWLNK {
|
2017-02-14 15:56:34 -07:00
|
|
|
$$.follow = false;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag MAIL {
|
|
|
|
|
$$.send_mail = true;
|
|
|
|
|
}
|
|
|
|
|
| cmndtag NOMAIL {
|
|
|
|
|
$$.send_mail = false;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
cmnd : ALL {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member(NULL, ALL);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| ALIAS {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, ALIAS);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| COMMAND {
|
2020-03-11 11:19:37 -06:00
|
|
|
struct sudo_command *c;
|
|
|
|
|
|
|
|
|
|
if ((c = new_command($1.cmnd, $1.args)) == NULL) {
|
2015-05-27 10:36:03 -06:00
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member((char *)c, COMMAND);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
free(c);
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
hostaliases : hostalias
|
2004-11-15 03:55:22 +00:00
|
|
|
| hostaliases ':' hostalias
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
hostalias : ALIAS '=' hostlist {
|
2015-05-27 09:48:34 -06:00
|
|
|
const char *s;
|
2018-07-26 15:12:33 -06:00
|
|
|
s = alias_add(&parsed_policy, $1, HOSTALIAS,
|
|
|
|
|
sudoers, this_lineno, $3);
|
2016-11-12 19:22:32 -07:00
|
|
|
if (s != NULL) {
|
2012-09-17 17:03:17 -04:00
|
|
|
sudoerserror(s);
|
2004-11-15 03:55:22 +00:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-09-25 12:24:45 -06:00
|
|
|
| reserved_alias '=' hostlist
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
hostlist : ophost
|
|
|
|
|
| hostlist ',' ophost {
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
cmndaliases : cmndalias
|
2004-11-15 03:55:22 +00:00
|
|
|
| cmndaliases ':' cmndalias
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
cmndalias : ALIAS '=' cmndlist {
|
2015-05-27 09:48:34 -06:00
|
|
|
const char *s;
|
2018-07-26 15:12:33 -06:00
|
|
|
s = alias_add(&parsed_policy, $1, CMNDALIAS,
|
|
|
|
|
sudoers, this_lineno, $3);
|
2016-11-12 19:22:32 -07:00
|
|
|
if (s != NULL) {
|
2012-09-17 17:03:17 -04:00
|
|
|
sudoerserror(s);
|
2004-11-15 03:55:22 +00:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-09-25 12:24:45 -06:00
|
|
|
| reserved_alias '=' cmndlist
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
2013-04-14 07:00:21 -04:00
|
|
|
cmndlist : digcmnd
|
|
|
|
|
| cmndlist ',' digcmnd {
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
runasaliases : runasalias
|
2004-11-15 03:55:22 +00:00
|
|
|
| runasaliases ':' runasalias
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
2007-11-21 20:12:00 +00:00
|
|
|
runasalias : ALIAS '=' userlist {
|
2015-05-27 09:48:34 -06:00
|
|
|
const char *s;
|
2018-07-26 15:12:33 -06:00
|
|
|
s = alias_add(&parsed_policy, $1, RUNASALIAS,
|
|
|
|
|
sudoers, this_lineno, $3);
|
2016-11-12 19:22:32 -07:00
|
|
|
if (s != NULL) {
|
2012-09-17 17:03:17 -04:00
|
|
|
sudoerserror(s);
|
2004-11-15 03:55:22 +00:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-09-25 12:24:45 -06:00
|
|
|
| reserved_alias '=' userlist
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
useraliases : useralias
|
2004-11-15 03:55:22 +00:00
|
|
|
| useraliases ':' useralias
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
useralias : ALIAS '=' userlist {
|
2015-05-27 09:48:34 -06:00
|
|
|
const char *s;
|
2018-07-26 15:12:33 -06:00
|
|
|
s = alias_add(&parsed_policy, $1, USERALIAS,
|
|
|
|
|
sudoers, this_lineno, $3);
|
2016-11-12 19:22:32 -07:00
|
|
|
if (s != NULL) {
|
2012-09-17 17:03:17 -04:00
|
|
|
sudoerserror(s);
|
2004-11-15 03:55:22 +00:00
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2020-09-25 12:24:45 -06:00
|
|
|
| reserved_alias '=' userlist
|
2004-10-26 22:10:55 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
userlist : opuser
|
|
|
|
|
| userlist ',' opuser {
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2004-10-26 22:10:55 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
opuser : user {
|
|
|
|
|
$$ = $1;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = false;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| '!' user {
|
|
|
|
|
$$ = $2;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = true;
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
user : ALIAS {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, ALIAS);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| ALL {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member(NULL, ALL);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| NETGROUP {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, NETGROUP);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| USERGROUP {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, USERGROUP);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
| WORD {
|
2007-08-31 17:56:30 +00:00
|
|
|
$$ = new_member($1, WORD);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2007-11-21 20:12:00 +00:00
|
|
|
grouplist : opgroup
|
|
|
|
|
| grouplist ',' opgroup {
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_CONCAT($1, $3, entries);
|
2007-11-21 20:12:00 +00:00
|
|
|
$$ = $1;
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
opgroup : group {
|
|
|
|
|
$$ = $1;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = false;
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
|
|
|
|
| '!' group {
|
|
|
|
|
$$ = $2;
|
2011-12-02 11:27:33 -05:00
|
|
|
$$->negated = true;
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
group : ALIAS {
|
|
|
|
|
$$ = new_member($1, ALIAS);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
|
|
|
|
| ALL {
|
|
|
|
|
$$ = new_member(NULL, ALL);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
|
|
|
|
| WORD {
|
|
|
|
|
$$ = new_member($1, WORD);
|
2015-05-27 10:36:03 -06:00
|
|
|
if ($$ == NULL) {
|
|
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
|
|
|
|
YYERROR;
|
|
|
|
|
}
|
2007-11-21 20:12:00 +00:00
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2020-08-16 14:59:45 -06:00
|
|
|
eol : '\n' {
|
|
|
|
|
;
|
|
|
|
|
}
|
|
|
|
|
| END {
|
|
|
|
|
; /* EOF */
|
|
|
|
|
}
|
|
|
|
|
;
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
%%
|
2013-03-31 09:58:37 -04:00
|
|
|
void
|
|
|
|
|
sudoerserror(const char *s)
|
|
|
|
|
{
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER);
|
2013-03-31 09:58:37 -04:00
|
|
|
|
2020-08-16 06:42:15 -06:00
|
|
|
/* The lexer displays more detailed messages for ERROR tokens. */
|
2020-09-26 06:39:57 -06:00
|
|
|
if (sudoerschar == ERROR)
|
2020-08-07 14:20:45 -06:00
|
|
|
debug_return;
|
|
|
|
|
|
2013-03-31 09:58:37 -04:00
|
|
|
/* Save the line the first error occurred on. */
|
|
|
|
|
if (errorlineno == -1) {
|
2016-11-12 19:22:32 -07:00
|
|
|
errorlineno = this_lineno;
|
2016-11-11 16:18:27 -07:00
|
|
|
rcstr_delref(errorfile);
|
|
|
|
|
errorfile = rcstr_addref(sudoers);
|
2013-03-31 09:58:37 -04:00
|
|
|
}
|
|
|
|
|
if (sudoers_warnings && s != NULL) {
|
|
|
|
|
LEXTRACE("<*> ");
|
|
|
|
|
#ifndef TRACELEXER
|
|
|
|
|
if (trace_print == NULL || trace_print == sudoers_trace_print) {
|
|
|
|
|
int oldlocale;
|
|
|
|
|
|
|
|
|
|
/* Warnings are displayed in the user's locale. */
|
|
|
|
|
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
|
2020-08-07 14:20:45 -06:00
|
|
|
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d: %s\n"), sudoers,
|
|
|
|
|
this_lineno, _(s));
|
2013-03-31 09:58:37 -04:00
|
|
|
sudoers_setlocale(oldlocale, NULL);
|
2020-08-06 21:16:35 -06:00
|
|
|
|
2020-08-07 14:13:25 -06:00
|
|
|
/* Display the offending line and token if possible. */
|
2020-08-06 21:16:35 -06:00
|
|
|
if (sudolinebuf.len != 0) {
|
2020-08-07 14:13:25 -06:00
|
|
|
char tildes[128];
|
|
|
|
|
size_t tlen = 0;
|
|
|
|
|
|
2020-08-06 21:16:35 -06:00
|
|
|
sudo_printf(SUDO_CONV_ERROR_MSG, "%s%s", sudolinebuf.buf,
|
|
|
|
|
sudolinebuf.buf[sudolinebuf.len - 1] == '\n' ? "" : "\n");
|
2020-08-07 14:13:25 -06:00
|
|
|
if (sudolinebuf.toke_end > sudolinebuf.toke_start) {
|
|
|
|
|
tlen = sudolinebuf.toke_end - sudolinebuf.toke_start - 1;
|
|
|
|
|
if (tlen >= sizeof(tildes))
|
|
|
|
|
tlen = sizeof(tildes) - 1;
|
|
|
|
|
memset(tildes, '~', tlen);
|
|
|
|
|
}
|
|
|
|
|
tildes[tlen] = '\0';
|
|
|
|
|
sudo_printf(SUDO_CONV_ERROR_MSG, "%*s^%s\n",
|
|
|
|
|
(int)sudolinebuf.toke_start, "", tildes);
|
2020-08-06 21:16:35 -06:00
|
|
|
}
|
2013-03-31 09:58:37 -04:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
parse_error = true;
|
|
|
|
|
debug_return;
|
|
|
|
|
}
|
|
|
|
|
|
2007-08-31 17:56:30 +00:00
|
|
|
static struct defaults *
|
2016-11-09 16:00:12 -07:00
|
|
|
new_default(char *var, char *val, short op)
|
2007-08-31 17:56:30 +00:00
|
|
|
{
|
|
|
|
|
struct defaults *d;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(new_default, SUDOERS_DEBUG_PARSER);
|
2007-08-31 17:56:30 +00:00
|
|
|
|
2015-07-14 15:28:01 -06:00
|
|
|
if ((d = calloc(1, sizeof(struct defaults))) == NULL) {
|
|
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
|
|
|
|
debug_return_ptr(NULL);
|
2015-05-27 10:36:03 -06:00
|
|
|
}
|
2007-08-31 17:56:30 +00:00
|
|
|
|
2015-07-14 15:28:01 -06:00
|
|
|
d->var = var;
|
|
|
|
|
d->val = val;
|
|
|
|
|
/* d->type = 0; */
|
|
|
|
|
d->op = op;
|
|
|
|
|
/* d->binding = NULL */
|
2016-11-12 19:22:32 -07:00
|
|
|
d->lineno = this_lineno;
|
2016-11-11 16:18:27 -07:00
|
|
|
d->file = rcstr_addref(sudoers);
|
2015-07-14 15:28:01 -06:00
|
|
|
HLTQ_INIT(d, entries);
|
|
|
|
|
|
2011-10-22 14:40:21 -04:00
|
|
|
debug_return_ptr(d);
|
2007-08-31 17:56:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct member *
|
2011-01-08 15:15:30 -05:00
|
|
|
new_member(char *name, int type)
|
2007-08-31 17:56:30 +00:00
|
|
|
{
|
|
|
|
|
struct member *m;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(new_member, SUDOERS_DEBUG_PARSER);
|
2007-08-31 17:56:30 +00:00
|
|
|
|
2015-07-14 15:28:01 -06:00
|
|
|
if ((m = calloc(1, sizeof(struct member))) == NULL) {
|
|
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
|
|
|
|
debug_return_ptr(NULL);
|
2015-05-27 10:36:03 -06:00
|
|
|
}
|
2007-08-31 17:56:30 +00:00
|
|
|
|
2015-07-14 15:28:01 -06:00
|
|
|
m->name = name;
|
|
|
|
|
m->type = type;
|
|
|
|
|
HLTQ_INIT(m, entries);
|
|
|
|
|
|
2011-10-22 14:40:21 -04:00
|
|
|
debug_return_ptr(m);
|
2007-08-31 17:56:30 +00:00
|
|
|
}
|
2020-08-10 13:59:31 -06:00
|
|
|
|
2020-03-11 11:19:37 -06:00
|
|
|
static struct sudo_command *
|
|
|
|
|
new_command(char *cmnd, char *args)
|
|
|
|
|
{
|
|
|
|
|
struct sudo_command *c;
|
|
|
|
|
debug_decl(new_command, SUDOERS_DEBUG_PARSER);
|
|
|
|
|
|
|
|
|
|
if ((c = calloc(1, sizeof(*c))) == NULL) {
|
|
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
|
|
|
|
debug_return_ptr(NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c->cmnd = cmnd;
|
|
|
|
|
c->args = args;
|
|
|
|
|
TAILQ_INIT(&c->digests);
|
|
|
|
|
|
|
|
|
|
debug_return_ptr(c);
|
|
|
|
|
}
|
2007-08-31 17:56:30 +00:00
|
|
|
|
2018-05-24 21:04:07 -06:00
|
|
|
static struct command_digest *
|
2017-02-14 15:56:34 -07:00
|
|
|
new_digest(int digest_type, char *digest_str)
|
2013-04-14 07:00:21 -04:00
|
|
|
{
|
2018-05-24 21:04:07 -06:00
|
|
|
struct command_digest *digest;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(new_digest, SUDOERS_DEBUG_PARSER);
|
2013-04-14 07:00:21 -04:00
|
|
|
|
2018-05-24 21:04:07 -06:00
|
|
|
if ((digest = malloc(sizeof(*digest))) == NULL) {
|
2015-07-14 15:28:01 -06:00
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
|
|
|
|
debug_return_ptr(NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-11 11:17:52 -06:00
|
|
|
HLTQ_INIT(digest, entries);
|
2018-05-24 21:04:07 -06:00
|
|
|
digest->digest_type = digest_type;
|
|
|
|
|
digest->digest_str = digest_str;
|
|
|
|
|
if (digest->digest_str == NULL) {
|
2015-07-14 15:28:01 -06:00
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
2018-05-24 21:04:07 -06:00
|
|
|
free(digest);
|
|
|
|
|
digest = NULL;
|
2015-05-27 10:36:03 -06:00
|
|
|
}
|
2013-04-14 07:00:21 -04:00
|
|
|
|
2018-05-24 21:04:07 -06:00
|
|
|
debug_return_ptr(digest);
|
2013-04-14 07:00:21 -04:00
|
|
|
}
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
/*
|
|
|
|
|
* Add a list of defaults structures to the defaults list.
|
|
|
|
|
* The binding, if non-NULL, specifies a list of hosts, users, or
|
|
|
|
|
* runas users the entries apply to (specified by the type).
|
|
|
|
|
*/
|
2015-05-27 10:36:03 -06:00
|
|
|
static bool
|
2011-01-08 15:15:30 -05:00
|
|
|
add_defaults(int type, struct member *bmem, struct defaults *defs)
|
2004-10-26 22:10:55 +00:00
|
|
|
{
|
2016-11-01 14:22:32 -06:00
|
|
|
struct defaults *d, *next;
|
2013-10-22 09:08:38 -06:00
|
|
|
struct member_list *binding;
|
2016-11-01 14:22:32 -06:00
|
|
|
bool ret = true;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(add_defaults, SUDOERS_DEBUG_PARSER);
|
2008-03-05 20:19:50 +00:00
|
|
|
|
2013-10-22 14:58:00 -06:00
|
|
|
if (defs != NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* We use a single binding for each entry in defs.
|
|
|
|
|
*/
|
2015-07-14 15:28:01 -06:00
|
|
|
if ((binding = malloc(sizeof(*binding))) == NULL) {
|
|
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
2016-11-01 14:13:47 -06:00
|
|
|
sudoerserror(N_("unable to allocate memory"));
|
2015-05-27 10:36:03 -06:00
|
|
|
debug_return_bool(false);
|
2015-07-14 15:28:01 -06:00
|
|
|
}
|
2013-10-22 14:58:00 -06:00
|
|
|
if (bmem != NULL)
|
|
|
|
|
HLTQ_TO_TAILQ(binding, bmem, entries);
|
|
|
|
|
else
|
|
|
|
|
TAILQ_INIT(binding);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Set type and binding (who it applies to) for new entries.
|
2016-11-09 16:00:12 -07:00
|
|
|
* Then add to the global defaults list.
|
2013-10-22 14:58:00 -06:00
|
|
|
*/
|
2016-11-01 14:22:32 -06:00
|
|
|
HLTQ_FOREACH_SAFE(d, defs, entries, next) {
|
2016-11-09 16:00:12 -07:00
|
|
|
d->type = type;
|
|
|
|
|
d->binding = binding;
|
2018-07-26 15:12:33 -06:00
|
|
|
TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries);
|
2013-10-22 14:58:00 -06:00
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2011-10-22 14:40:21 -04:00
|
|
|
|
2016-11-01 14:22:32 -06:00
|
|
|
debug_return_bool(ret);
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allocate a new struct userspec, populate it, and insert it at the
|
2013-10-22 09:08:38 -06:00
|
|
|
* end of the userspecs list.
|
2004-10-26 22:10:55 +00:00
|
|
|
*/
|
2015-05-27 10:36:03 -06:00
|
|
|
static bool
|
2011-01-08 15:15:30 -05:00
|
|
|
add_userspec(struct member *members, struct privilege *privs)
|
2004-10-26 22:10:55 +00:00
|
|
|
{
|
|
|
|
|
struct userspec *u;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(add_userspec, SUDOERS_DEBUG_PARSER);
|
2004-10-26 22:10:55 +00:00
|
|
|
|
2015-07-14 15:28:01 -06:00
|
|
|
if ((u = calloc(1, sizeof(*u))) == NULL) {
|
|
|
|
|
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
|
|
|
|
|
"unable to allocate memory");
|
2015-05-27 10:36:03 -06:00
|
|
|
debug_return_bool(false);
|
2015-07-14 15:28:01 -06:00
|
|
|
}
|
2016-11-12 19:22:32 -07:00
|
|
|
u->lineno = this_lineno;
|
|
|
|
|
u->file = rcstr_addref(sudoers);
|
2013-10-22 09:08:38 -06:00
|
|
|
HLTQ_TO_TAILQ(&u->users, members, entries);
|
|
|
|
|
HLTQ_TO_TAILQ(&u->privileges, privs, entries);
|
2018-03-04 07:03:43 -07:00
|
|
|
STAILQ_INIT(&u->comments);
|
2018-07-26 15:12:33 -06:00
|
|
|
TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries);
|
2011-10-22 14:40:21 -04:00
|
|
|
|
2015-05-27 10:36:03 -06:00
|
|
|
debug_return_bool(true);
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-01 14:15:07 -06:00
|
|
|
/*
|
2018-02-05 13:33:29 -07:00
|
|
|
* Free a member struct and its contents.
|
2016-11-01 14:15:07 -06:00
|
|
|
*/
|
|
|
|
|
void
|
2018-02-05 13:33:29 -07:00
|
|
|
free_member(struct member *m)
|
2016-11-01 14:15:07 -06:00
|
|
|
{
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_member, SUDOERS_DEBUG_PARSER);
|
2018-03-21 12:11:19 -06:00
|
|
|
|
2020-03-11 11:19:37 -06:00
|
|
|
if (m->type == COMMAND || (m->type == ALL && m->name != NULL)) {
|
2020-03-11 11:17:52 -06:00
|
|
|
struct command_digest *digest;
|
|
|
|
|
struct sudo_command *c = (struct sudo_command *)m->name;
|
|
|
|
|
free(c->cmnd);
|
|
|
|
|
free(c->args);
|
|
|
|
|
while ((digest = TAILQ_FIRST(&c->digests)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(&c->digests, digest, entries);
|
|
|
|
|
free(digest->digest_str);
|
|
|
|
|
free(digest);
|
|
|
|
|
}
|
2016-11-01 14:15:07 -06:00
|
|
|
}
|
2018-02-05 13:33:29 -07:00
|
|
|
free(m->name);
|
|
|
|
|
free(m);
|
2018-03-21 12:11:19 -06:00
|
|
|
|
|
|
|
|
debug_return;
|
2016-11-01 14:15:07 -06:00
|
|
|
}
|
|
|
|
|
|
2004-10-26 22:10:55 +00:00
|
|
|
/*
|
2018-02-05 13:33:29 -07:00
|
|
|
* Free a tailq of members but not the struct member_list container itself.
|
2004-10-26 22:10:55 +00:00
|
|
|
*/
|
2018-02-05 13:33:29 -07:00
|
|
|
void
|
|
|
|
|
free_members(struct member_list *members)
|
2004-10-26 22:10:55 +00:00
|
|
|
{
|
2018-02-05 13:33:29 -07:00
|
|
|
struct member *m;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_members, SUDOERS_DEBUG_PARSER);
|
2018-02-05 13:33:29 -07:00
|
|
|
|
|
|
|
|
while ((m = TAILQ_FIRST(members)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(members, m, entries);
|
|
|
|
|
free_member(m);
|
|
|
|
|
}
|
2018-03-21 12:11:19 -06:00
|
|
|
|
|
|
|
|
debug_return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-15 16:35:07 -06:00
|
|
|
void
|
|
|
|
|
free_defaults(struct defaults_list *defs)
|
|
|
|
|
{
|
|
|
|
|
struct member_list *prev_binding = NULL;
|
|
|
|
|
struct defaults *def;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_defaults, SUDOERS_DEBUG_PARSER);
|
2018-05-15 16:35:07 -06:00
|
|
|
|
|
|
|
|
while ((def = TAILQ_FIRST(defs)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(defs, def, entries);
|
|
|
|
|
free_default(def, &prev_binding);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
debug_return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-21 14:55:17 -06:00
|
|
|
void
|
|
|
|
|
free_default(struct defaults *def, struct member_list **binding)
|
2018-03-21 12:11:19 -06:00
|
|
|
{
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_default, SUDOERS_DEBUG_PARSER);
|
2018-03-21 12:11:19 -06:00
|
|
|
|
2018-03-21 14:55:17 -06:00
|
|
|
if (def->binding != *binding) {
|
|
|
|
|
*binding = def->binding;
|
2018-04-13 10:49:05 -06:00
|
|
|
if (def->binding != NULL) {
|
|
|
|
|
free_members(def->binding);
|
|
|
|
|
free(def->binding);
|
|
|
|
|
}
|
2018-03-21 12:11:19 -06:00
|
|
|
}
|
|
|
|
|
rcstr_delref(def->file);
|
|
|
|
|
free(def->var);
|
|
|
|
|
free(def->val);
|
|
|
|
|
free(def);
|
|
|
|
|
|
2018-03-21 14:55:17 -06:00
|
|
|
debug_return;
|
2018-02-05 13:33:29 -07:00
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
|
2018-02-05 13:33:29 -07:00
|
|
|
void
|
2018-02-09 18:21:40 -07:00
|
|
|
free_privilege(struct privilege *priv)
|
2018-02-05 13:33:29 -07:00
|
|
|
{
|
2018-02-09 18:21:40 -07:00
|
|
|
struct member_list *runasuserlist = NULL, *runasgrouplist = NULL;
|
2018-03-21 14:55:17 -06:00
|
|
|
struct member_list *prev_binding = NULL;
|
2018-02-09 18:21:40 -07:00
|
|
|
struct cmndspec *cs;
|
|
|
|
|
struct defaults *def;
|
2020-09-01 06:26:00 -06:00
|
|
|
char *runcwd = NULL, *runchroot = NULL;
|
2008-02-09 14:30:06 +00:00
|
|
|
#ifdef HAVE_SELINUX
|
2018-02-09 18:21:40 -07:00
|
|
|
char *role = NULL, *type = NULL;
|
2008-02-09 14:30:06 +00:00
|
|
|
#endif /* HAVE_SELINUX */
|
2012-07-26 13:49:21 -04:00
|
|
|
#ifdef HAVE_PRIV_SET
|
2018-02-09 18:21:40 -07:00
|
|
|
char *privs = NULL, *limitprivs = NULL;
|
2012-07-26 13:49:21 -04:00
|
|
|
#endif /* HAVE_PRIV_SET */
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_privilege, SUDOERS_DEBUG_PARSER);
|
2007-11-21 20:12:00 +00:00
|
|
|
|
2018-02-09 18:21:40 -07:00
|
|
|
free(priv->ldap_role);
|
|
|
|
|
free_members(&priv->hostlist);
|
|
|
|
|
while ((cs = TAILQ_FIRST(&priv->cmndlist)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(&priv->cmndlist, cs, entries);
|
2020-09-01 06:26:00 -06:00
|
|
|
/* Only free the first instance of runcwd/runchroot. */
|
|
|
|
|
if (cs->runcwd != runcwd) {
|
|
|
|
|
runcwd = cs->runcwd;
|
|
|
|
|
free(cs->runcwd);
|
|
|
|
|
}
|
|
|
|
|
if (cs->runchroot != runchroot) {
|
2020-09-03 13:23:27 -06:00
|
|
|
runchroot = cs->runchroot;
|
2020-09-01 06:26:00 -06:00
|
|
|
free(cs->runchroot);
|
|
|
|
|
}
|
2008-02-09 14:30:06 +00:00
|
|
|
#ifdef HAVE_SELINUX
|
2018-02-09 18:21:40 -07:00
|
|
|
/* Only free the first instance of a role/type. */
|
|
|
|
|
if (cs->role != role) {
|
|
|
|
|
role = cs->role;
|
|
|
|
|
free(cs->role);
|
|
|
|
|
}
|
|
|
|
|
if (cs->type != type) {
|
|
|
|
|
type = cs->type;
|
|
|
|
|
free(cs->type);
|
|
|
|
|
}
|
2008-02-09 14:30:06 +00:00
|
|
|
#endif /* HAVE_SELINUX */
|
2012-07-26 13:49:21 -04:00
|
|
|
#ifdef HAVE_PRIV_SET
|
2018-02-09 18:21:40 -07:00
|
|
|
/* Only free the first instance of privs/limitprivs. */
|
|
|
|
|
if (cs->privs != privs) {
|
|
|
|
|
privs = cs->privs;
|
|
|
|
|
free(cs->privs);
|
|
|
|
|
}
|
|
|
|
|
if (cs->limitprivs != limitprivs) {
|
|
|
|
|
limitprivs = cs->limitprivs;
|
|
|
|
|
free(cs->limitprivs);
|
|
|
|
|
}
|
2012-07-26 13:49:21 -04:00
|
|
|
#endif /* HAVE_PRIV_SET */
|
2018-02-09 18:21:40 -07:00
|
|
|
/* Only free the first instance of runas user/group lists. */
|
|
|
|
|
if (cs->runasuserlist && cs->runasuserlist != runasuserlist) {
|
|
|
|
|
runasuserlist = cs->runasuserlist;
|
|
|
|
|
free_members(runasuserlist);
|
|
|
|
|
free(runasuserlist);
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2018-02-09 18:21:40 -07:00
|
|
|
if (cs->runasgrouplist && cs->runasgrouplist != runasgrouplist) {
|
|
|
|
|
runasgrouplist = cs->runasgrouplist;
|
|
|
|
|
free_members(runasgrouplist);
|
|
|
|
|
free(runasgrouplist);
|
2018-02-09 18:21:01 -07:00
|
|
|
}
|
2018-02-09 18:21:40 -07:00
|
|
|
free_member(cs->cmnd);
|
|
|
|
|
free(cs);
|
|
|
|
|
}
|
|
|
|
|
while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(&priv->defaults, def, entries);
|
2018-03-21 14:55:17 -06:00
|
|
|
free_default(def, &prev_binding);
|
2018-02-09 18:21:40 -07:00
|
|
|
}
|
|
|
|
|
free(priv);
|
2018-03-21 12:11:19 -06:00
|
|
|
|
|
|
|
|
debug_return;
|
2018-02-09 18:21:40 -07:00
|
|
|
}
|
|
|
|
|
|
2018-05-15 16:35:07 -06:00
|
|
|
void
|
|
|
|
|
free_userspecs(struct userspec_list *usl)
|
|
|
|
|
{
|
|
|
|
|
struct userspec *us;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER);
|
2018-05-15 16:35:07 -06:00
|
|
|
|
|
|
|
|
while ((us = TAILQ_FIRST(usl)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(usl, us, entries);
|
|
|
|
|
free_userspec(us);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
debug_return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-09 18:21:40 -07:00
|
|
|
void
|
|
|
|
|
free_userspec(struct userspec *us)
|
|
|
|
|
{
|
|
|
|
|
struct privilege *priv;
|
2018-03-10 20:16:20 -07:00
|
|
|
struct sudoers_comment *comment;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(free_userspec, SUDOERS_DEBUG_PARSER);
|
2018-02-09 18:21:40 -07:00
|
|
|
|
|
|
|
|
free_members(&us->users);
|
|
|
|
|
while ((priv = TAILQ_FIRST(&us->privileges)) != NULL) {
|
|
|
|
|
TAILQ_REMOVE(&us->privileges, priv, entries);
|
|
|
|
|
free_privilege(priv);
|
2018-02-05 13:33:29 -07:00
|
|
|
}
|
2018-03-04 07:03:43 -07:00
|
|
|
while ((comment = STAILQ_FIRST(&us->comments)) != NULL) {
|
|
|
|
|
STAILQ_REMOVE_HEAD(&us->comments, entries);
|
|
|
|
|
free(comment->str);
|
|
|
|
|
free(comment);
|
|
|
|
|
}
|
2018-02-05 13:33:29 -07:00
|
|
|
rcstr_delref(us->file);
|
|
|
|
|
free(us);
|
2018-03-21 12:11:19 -06:00
|
|
|
|
|
|
|
|
debug_return;
|
2018-02-05 13:33:29 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-26 15:12:33 -06:00
|
|
|
/*
|
|
|
|
|
* Initialized a sudoers parse tree.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2019-08-15 14:20:12 -06:00
|
|
|
init_parse_tree(struct sudoers_parse_tree *parse_tree, const char *lhost,
|
|
|
|
|
const char *shost)
|
2018-07-26 15:12:33 -06:00
|
|
|
{
|
|
|
|
|
TAILQ_INIT(&parse_tree->userspecs);
|
|
|
|
|
TAILQ_INIT(&parse_tree->defaults);
|
|
|
|
|
parse_tree->aliases = NULL;
|
2019-08-15 14:20:12 -06:00
|
|
|
parse_tree->shost = shost;
|
|
|
|
|
parse_tree->lhost = lhost;
|
2018-07-26 15:12:33 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Move the contents of parsed_policy to new_tree.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
reparent_parse_tree(struct sudoers_parse_tree *new_tree)
|
|
|
|
|
{
|
|
|
|
|
TAILQ_CONCAT(&new_tree->userspecs, &parsed_policy.userspecs, entries);
|
|
|
|
|
TAILQ_CONCAT(&new_tree->defaults, &parsed_policy.defaults, entries);
|
|
|
|
|
new_tree->aliases = parsed_policy.aliases;
|
|
|
|
|
parsed_policy.aliases = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Free the contents of a sudoers parse tree and initialize it.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
free_parse_tree(struct sudoers_parse_tree *parse_tree)
|
|
|
|
|
{
|
|
|
|
|
free_userspecs(&parse_tree->userspecs);
|
|
|
|
|
free_defaults(&parse_tree->defaults);
|
|
|
|
|
free_aliases(parse_tree->aliases);
|
|
|
|
|
parse_tree->aliases = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-05 13:33:29 -07:00
|
|
|
/*
|
|
|
|
|
* Free up space used by data structures from a previous parser run and sets
|
|
|
|
|
* the current sudoers file to path.
|
|
|
|
|
*/
|
|
|
|
|
bool
|
2019-11-05 15:18:34 -07:00
|
|
|
init_parser(const char *path, bool quiet, bool strict)
|
2018-02-05 13:33:29 -07:00
|
|
|
{
|
|
|
|
|
bool ret = true;
|
2019-12-22 08:48:16 -07:00
|
|
|
debug_decl(init_parser, SUDOERS_DEBUG_PARSER);
|
2018-02-05 13:33:29 -07:00
|
|
|
|
2018-07-26 15:12:33 -06:00
|
|
|
free_parse_tree(&parsed_policy);
|
2009-04-18 23:25:08 +00:00
|
|
|
init_lexer();
|
|
|
|
|
|
2016-11-11 16:18:27 -07:00
|
|
|
rcstr_delref(sudoers);
|
2015-05-27 09:51:54 -06:00
|
|
|
if (path != NULL) {
|
2016-11-11 16:18:27 -07:00
|
|
|
if ((sudoers = rcstr_dup(path)) == NULL) {
|
2015-06-19 14:51:17 -06:00
|
|
|
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
|
2016-09-08 16:38:08 -06:00
|
|
|
ret = false;
|
2015-05-27 09:51:54 -06:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
sudoers = NULL;
|
|
|
|
|
}
|
2004-10-26 22:10:55 +00:00
|
|
|
|
2011-12-02 11:27:33 -05:00
|
|
|
parse_error = false;
|
2004-10-26 22:10:55 +00:00
|
|
|
errorlineno = -1;
|
2016-11-11 16:18:27 -07:00
|
|
|
rcstr_delref(errorfile);
|
2016-10-31 15:21:18 -06:00
|
|
|
errorfile = NULL;
|
2012-02-29 15:50:48 -05:00
|
|
|
sudoers_warnings = !quiet;
|
2019-11-05 15:18:34 -07:00
|
|
|
sudoers_strict = strict;
|
2011-10-22 14:40:21 -04:00
|
|
|
|
2016-09-08 16:38:08 -06:00
|
|
|
debug_return_bool(ret);
|
2004-10-26 22:10:55 +00:00
|
|
|
}
|
2017-02-14 15:56:34 -07:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Initialize all options in a cmndspec.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
init_options(struct command_options *opts)
|
|
|
|
|
{
|
2017-02-18 15:35:48 -07:00
|
|
|
opts->notbefore = UNSPEC;
|
|
|
|
|
opts->notafter = UNSPEC;
|
2017-02-14 15:56:34 -07:00
|
|
|
opts->timeout = UNSPEC;
|
2020-09-02 09:34:43 -06:00
|
|
|
opts->runchroot = NULL;
|
|
|
|
|
opts->runcwd = NULL;
|
2017-02-14 15:56:34 -07:00
|
|
|
#ifdef HAVE_SELINUX
|
|
|
|
|
opts->role = NULL;
|
|
|
|
|
opts->type = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef HAVE_PRIV_SET
|
|
|
|
|
opts->privs = NULL;
|
|
|
|
|
opts->limitprivs = NULL;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
