From c7bc24d40b62c038c050f729a70ddc95a4fc3cb3 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 16 Aug 2020 15:19:53 -0600 Subject: [PATCH] Recover from a syntax error after the ':' in a privilege spec. For compound privilege specs, don't throw away the entire thing if we have a syntax error, only the part after the error is encountered. --- plugins/sudoers/gram.c | 610 +++++++++++++++++++++-------------------- plugins/sudoers/gram.y | 4 + 2 files changed, 314 insertions(+), 300 deletions(-) diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 688165aaa..55558e2d7 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -188,96 +188,96 @@ const short sudoerslhs[] = 0, 0, 35, 35, 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, 36, 31, 31, 32, 32, 4, 4, 3, 3, 3, 3, 3, 21, - 21, 20, 11, 11, 9, 9, 9, 9, 9, 2, - 2, 1, 33, 33, 33, 33, 34, 34, 7, 7, - 6, 6, 28, 29, 30, 24, 25, 26, 27, 18, - 18, 19, 19, 19, 19, 19, 23, 23, 23, 23, - 23, 23, 23, 23, 22, 22, 22, 22, 22, 22, - 22, 22, 22, 22, 22, 22, 22, 22, 22, 5, - 5, 5, 39, 39, 42, 10, 10, 40, 40, 43, - 8, 8, 41, 41, 44, 38, 38, 45, 14, 14, - 12, 12, 13, 13, 13, 13, 13, 17, 17, 15, - 15, 16, 16, 16, 37, 37, + 21, 21, 20, 11, 11, 9, 9, 9, 9, 9, + 2, 2, 1, 33, 33, 33, 33, 34, 34, 7, + 7, 6, 6, 28, 29, 30, 24, 25, 26, 27, + 18, 18, 19, 19, 19, 19, 19, 23, 23, 23, + 23, 23, 23, 23, 23, 22, 22, 22, 22, 22, + 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, + 5, 5, 5, 39, 39, 42, 10, 10, 40, 40, + 43, 8, 8, 41, 41, 44, 38, 38, 45, 14, + 14, 12, 12, 13, 13, 13, 13, 13, 17, 17, + 15, 15, 16, 16, 16, 37, 37, }; const short sudoerslen[] = { 2, 0, 1, 1, 2, 1, 2, 1, 1, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 3, 4, 3, 4, 1, 3, 1, 2, 3, 3, 3, 1, - 3, 3, 1, 2, 1, 1, 1, 1, 1, 1, - 3, 4, 3, 3, 3, 3, 1, 3, 1, 2, - 1, 2, 3, 3, 3, 3, 3, 3, 3, 0, - 3, 0, 1, 3, 2, 1, 0, 2, 2, 2, - 2, 2, 2, 2, 0, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, - 1, 1, 1, 3, 3, 1, 3, 1, 3, 3, - 1, 3, 1, 3, 3, 1, 3, 3, 1, 3, - 1, 2, 1, 1, 1, 1, 1, 1, 3, 1, - 2, 1, 1, 1, 1, 1, + 3, 4, 3, 1, 2, 1, 1, 1, 1, 1, + 1, 3, 4, 3, 3, 3, 3, 1, 3, 1, + 2, 1, 2, 3, 3, 3, 3, 3, 3, 3, + 0, 3, 0, 1, 3, 2, 1, 0, 2, 2, + 2, 2, 2, 2, 2, 0, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 1, 1, 1, 1, 3, 3, 1, 3, 1, 3, + 3, 1, 3, 1, 3, 3, 1, 3, 3, 1, + 3, 1, 2, 1, 1, 1, 1, 1, 1, 3, + 1, 2, 1, 1, 1, 1, 1, }; const short sudoersdefred[] = { 0, - 0, 113, 115, 116, 117, 0, 0, 0, 0, 0, - 0, 0, 114, 0, 0, 0, 0, 0, 5, 0, - 109, 111, 0, 7, 8, 0, 3, 126, 125, 6, - 0, 0, 0, 0, 23, 0, 35, 38, 37, 39, - 36, 0, 33, 0, 96, 0, 0, 92, 91, 90, - 0, 0, 0, 0, 0, 51, 49, 101, 0, 47, - 0, 0, 0, 93, 0, 0, 98, 0, 0, 106, - 0, 0, 103, 112, 0, 0, 30, 0, 4, 0, - 19, 0, 21, 0, 0, 0, 26, 0, 14, 34, - 0, 0, 0, 0, 52, 0, 0, 0, 0, 0, - 0, 0, 50, 0, 0, 11, 0, 0, 12, 0, - 0, 10, 0, 0, 13, 110, 0, 0, 9, 20, - 22, 27, 28, 29, 24, 97, 17, 15, 16, 43, - 44, 45, 46, 102, 18, 48, 0, 94, 0, 99, - 0, 107, 0, 104, 0, 40, 0, 67, 31, 0, - 0, 0, 0, 0, 122, 124, 123, 0, 118, 120, - 0, 0, 61, 41, 0, 0, 0, 0, 0, 0, - 0, 0, 71, 72, 73, 74, 70, 68, 69, 121, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 76, - 77, 78, 79, 80, 81, 82, 83, 84, 85, 88, - 89, 86, 87, 42, 119, 57, 56, 58, 59, 53, - 54, 55, + 0, 114, 116, 117, 118, 0, 0, 0, 0, 0, + 0, 0, 115, 0, 0, 0, 0, 0, 5, 0, + 110, 112, 0, 7, 8, 0, 3, 127, 126, 6, + 0, 0, 0, 0, 23, 0, 36, 39, 38, 40, + 37, 0, 34, 0, 97, 0, 0, 93, 92, 91, + 0, 0, 0, 0, 0, 52, 50, 102, 0, 48, + 0, 0, 0, 94, 0, 0, 99, 0, 0, 107, + 0, 0, 104, 113, 0, 0, 30, 0, 4, 0, + 19, 0, 21, 0, 0, 0, 26, 0, 14, 35, + 0, 0, 0, 0, 53, 0, 0, 0, 0, 0, + 0, 0, 51, 0, 0, 11, 0, 0, 12, 0, + 0, 10, 0, 0, 13, 111, 0, 0, 9, 20, + 22, 27, 28, 29, 24, 98, 17, 15, 16, 44, + 45, 46, 47, 103, 18, 49, 0, 95, 0, 100, + 0, 108, 0, 105, 0, 41, 0, 68, 0, 31, + 0, 0, 0, 0, 0, 32, 123, 125, 124, 0, + 119, 121, 0, 0, 62, 42, 0, 0, 0, 0, + 0, 0, 0, 0, 72, 73, 74, 75, 71, 69, + 70, 122, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 77, 78, 79, 80, 81, 82, 83, 84, 85, + 86, 89, 90, 87, 88, 43, 120, 58, 57, 59, + 60, 54, 55, 56, }; const short sudoersdgoto[] = { 20, 146, 147, 35, 36, 56, 57, 58, 59, 43, 76, - 45, 21, 22, 23, 159, 160, 161, 148, 152, 77, - 78, 172, 154, 173, 174, 175, 176, 177, 178, 179, + 45, 21, 22, 23, 161, 162, 163, 148, 153, 77, + 78, 174, 155, 175, 176, 177, 178, 179, 180, 181, 24, 25, 60, 61, 26, 27, 30, 69, 63, 66, 72, 64, 67, 73, 70, }; const short sudoerssindex[] = { -10, - 58, 0, 0, 0, 0, -253, -235, -29, 76, 105, - 105, -32, 0, -229, -205, -191, -188, -157, 0, 0, + 58, 0, 0, 0, 0, -243, -235, -29, 105, 109, + 109, -32, 0, -229, -226, -211, -181, -145, 0, 0, 0, 0, -22, 0, 0, -10, 0, 0, 0, 0, - 6, 7, 81, -186, 0, 55, 0, 0, 0, 0, - 0, -146, 0, -31, 0, -30, -30, 0, 0, 0, - -207, 13, 19, 20, 22, 0, 0, 0, -25, 0, - 83, 29, 24, 0, 37, 27, 0, 46, 31, 0, - 50, 33, 0, 0, 105, 3, 0, 35, 0, 58, - 0, 58, 0, -180, -171, -150, 0, -29, 0, 0, - 76, 55, 55, 55, 0, -145, -143, -142, -139, -32, - 55, -169, 0, 76, -229, 0, -32, -205, 0, 105, - -191, 0, 105, -188, 0, 0, 78, 76, 0, 0, + 6, 7, 76, -179, 0, 59, 0, 0, 0, 0, + 0, -196, 0, -31, 0, -30, -30, 0, 0, 0, + -205, 25, 31, 40, 43, 0, 0, 0, -25, 0, + 116, 45, 21, 0, 46, 24, 0, 49, 27, 0, + 53, 33, 0, 0, 109, 12, 0, 35, 0, 58, + 0, 58, 0, -159, -148, -143, 0, -29, 0, 0, + 105, 59, 59, 59, 0, -142, -141, -139, -129, -32, + 59, -156, 0, 105, -229, 0, -32, -226, 0, 109, + -211, 0, 109, -181, 0, 0, 96, 78, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 92, 0, 93, 0, - 95, 0, 95, 0, -18, 0, 97, 0, 0, -21, - -26, 110, 78, -149, 0, 0, 0, -202, 0, 0, - 108, -21, 0, 0, 96, 98, 99, 100, 101, 102, - 103, 42, 0, 0, 0, 0, 0, 0, 0, 0, - -21, 108, -110, -109, -107, -105, -98, -97, -96, 0, + 0, 0, 0, 0, 0, 0, 106, 0, 107, 0, + 108, 0, 108, 0, -18, 0, 110, 0, 58, 0, + -21, 26, 99, 96, -165, 0, 0, 0, 0, -208, + 0, 0, 111, -21, 0, 0, 92, 95, 97, 98, + 100, 101, 102, 42, 0, 0, 0, 0, 0, 0, + 0, 0, -21, 111, -106, -99, -98, -97, -96, -95, + -94, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0,}; + 0, 0, 0, 0,}; const short sudoersrindex[] = - { 168, + { 170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 169, 0, 0, 0, 0, - 0, 0, 59, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 171, 0, 0, 0, 0, + 0, 0, 61, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -288,88 +288,89 @@ const short sudoersrindex[] = 0, 0, 0, 0, 0, 0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 36, 0, 38, 0, - 39, 0, 44, 0, 129, 0, 52, 0, 0, 130, - 131, 0, 9, 75, 0, 0, 0, 0, 0, 0, - 132, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 39, 0, 41, 0, 131, 0, 44, 0, 0, 0, + 132, 133, 0, 9, 75, 0, 0, 0, 0, 0, + 0, 0, 134, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 133, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 135, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0,}; + 0, 0, 0, 0,}; const short sudoersgindex[] = { 0, - 23, 0, 87, 84, 126, 117, -91, 72, 138, -4, - 90, 107, 165, 10, 4, 26, 25, 0, 0, 68, + 23, 0, 90, 80, 128, 119, -82, 74, 140, -4, + 93, 112, 165, -1, 2, 28, 22, 0, 0, 71, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 86, 0, 0, 163, -6, 0, 0, 0, - 0, 85, 88, 77, 82, + 0, 0, 88, 0, 0, 166, -6, 0, 0, 0, + 0, 86, 85, 81, 83, }; -#define YYTABLESIZE 391 +#define YYTABLESIZE 402 const short sudoerstable[] = { 19, - 51, 34, 34, 34, 44, 28, 28, 34, 134, 31, - 42, 158, 91, 75, 18, 29, 29, 75, 100, 46, - 47, 75, 18, 28, 81, 83, 28, 32, 62, 89, - 28, 162, 28, 29, 28, 95, 29, 100, 108, 150, - 29, 60, 29, 105, 29, 95, 91, 100, 108, 48, - 49, 32, 65, 105, 28, 155, 106, 28, 25, 109, - 156, 32, 112, 117, 29, 115, 68, 29, 25, 71, - 96, 119, 87, 120, 51, 121, 97, 98, 50, 99, - 204, 105, 122, 157, 108, 127, 128, 129, 111, 104, - 114, 123, 118, 95, 135, 100, 108, 107, 88, 137, - 2, 105, 25, 3, 4, 5, 110, 75, 42, 32, - 113, 37, 124, 38, 39, 51, 40, 145, 130, 141, - 131, 132, 143, 85, 133, 86, 102, 92, 13, 93, - 94, 52, 53, 54, 55, 91, 100, 18, 75, 41, - 153, 84, 101, 165, 166, 167, 168, 169, 170, 171, - 163, 181, 206, 207, 151, 208, 183, 209, 184, 185, - 186, 187, 188, 189, 210, 211, 212, 1, 2, 62, - 66, 63, 65, 64, 125, 164, 95, 103, 139, 90, - 126, 116, 74, 180, 205, 149, 182, 136, 79, 138, - 144, 0, 142, 0, 0, 140, 0, 0, 0, 0, + 51, 34, 34, 34, 44, 28, 28, 34, 46, 47, + 42, 160, 91, 75, 18, 29, 29, 134, 100, 31, + 28, 75, 18, 28, 81, 83, 28, 32, 62, 89, + 29, 65, 28, 29, 28, 96, 29, 101, 109, 151, + 106, 61, 29, 33, 29, 96, 68, 101, 109, 157, + 106, 48, 49, 33, 158, 91, 106, 28, 28, 109, + 25, 37, 112, 38, 39, 115, 40, 29, 29, 75, + 25, 119, 117, 120, 51, 121, 71, 159, 105, 87, + 50, 108, 96, 164, 111, 127, 128, 129, 97, 41, + 114, 206, 118, 96, 135, 101, 109, 98, 106, 137, + 99, 33, 88, 122, 25, 104, 107, 76, 141, 110, + 42, 143, 2, 113, 123, 3, 4, 5, 85, 124, + 86, 130, 131, 92, 132, 93, 94, 167, 168, 169, + 170, 171, 172, 173, 133, 145, 84, 42, 101, 165, + 13, 18, 156, 152, 52, 53, 54, 55, 51, 91, + 100, 75, 185, 154, 183, 186, 208, 187, 188, 102, + 189, 190, 191, 209, 210, 211, 212, 213, 214, 1, + 2, 63, 67, 64, 66, 65, 166, 125, 95, 103, + 139, 90, 74, 126, 207, 184, 116, 182, 150, 136, + 138, 79, 140, 142, 144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 48, 49, 0, 33, 33, 33, - 0, 0, 0, 33, 0, 37, 155, 38, 39, 2, - 40, 156, 3, 4, 5, 1, 0, 2, 0, 0, + 0, 0, 0, 33, 0, 37, 157, 38, 39, 2, + 40, 158, 3, 4, 5, 1, 0, 2, 0, 0, 3, 4, 5, 50, 6, 7, 8, 9, 10, 11, - 12, 80, 82, 41, 157, 60, 60, 13, 52, 53, + 12, 80, 82, 41, 159, 61, 61, 13, 52, 53, 54, 55, 0, 0, 0, 13, 14, 15, 16, 17, - 60, 60, 60, 60, 60, 60, 60, 60, 60, 60, - 60, 60, 60, 60, 60, 0, 0, 0, 48, 49, - 0, 60, 60, 60, 60, 60, 60, 60, 0, 60, - 60, 60, 60, 190, 191, 192, 193, 194, 195, 196, - 197, 198, 199, 200, 201, 202, 203, 50, 0, 0, - 0, 75, 75, 37, 0, 38, 39, 0, 40, 48, - 49, 0, 52, 53, 54, 55, 75, 75, 75, 75, - 75, 75, 75, 75, 75, 75, 75, 75, 75, 75, - 75, 41, 2, 0, 0, 3, 4, 5, 50, 0, - 0, 0, 0, 0, 0, 75, 75, 75, 75, 0, + 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, + 61, 61, 61, 61, 61, 0, 0, 0, 48, 49, + 0, 61, 61, 61, 61, 61, 61, 61, 0, 61, + 61, 61, 61, 192, 193, 194, 195, 196, 197, 198, + 199, 200, 201, 202, 203, 204, 205, 50, 0, 0, + 0, 76, 76, 149, 0, 37, 0, 38, 39, 0, + 40, 0, 52, 53, 54, 55, 76, 76, 76, 76, + 76, 76, 76, 76, 76, 76, 76, 76, 76, 76, + 76, 0, 37, 41, 38, 39, 2, 40, 0, 3, + 4, 5, 48, 49, 0, 76, 76, 76, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 13, + 41, 0, 0, 0, 13, 0, 0, 0, 0, 0, + 0, 50, }; const short sudoerscheck[] = { 10, - 33, 33, 33, 33, 9, 0, 0, 33, 100, 263, - 33, 33, 44, 44, 33, 10, 10, 44, 44, 10, - 11, 44, 33, 0, 31, 32, 0, 263, 258, 36, - 0, 58, 0, 10, 0, 0, 10, 0, 0, 58, - 10, 33, 10, 0, 10, 10, 44, 10, 10, 257, - 258, 0, 258, 10, 0, 258, 63, 0, 0, 66, - 263, 10, 69, 61, 10, 72, 258, 10, 10, 258, - 58, 78, 259, 80, 33, 82, 58, 58, 286, 58, - 172, 58, 263, 286, 58, 92, 93, 94, 58, 61, - 58, 263, 58, 58, 101, 58, 58, 61, 44, 104, - 258, 58, 44, 261, 262, 263, 61, 33, 33, 58, - 61, 258, 263, 260, 261, 33, 263, 40, 264, 110, - 264, 264, 113, 43, 264, 45, 44, 44, 286, 46, - 47, 301, 302, 303, 304, 44, 44, 33, 44, 286, - 44, 61, 59, 293, 294, 295, 296, 297, 298, 299, - 41, 44, 263, 263, 145, 263, 61, 263, 61, 61, - 61, 61, 61, 61, 263, 263, 263, 0, 0, 41, - 41, 41, 41, 41, 88, 153, 51, 61, 107, 42, - 91, 75, 18, 158, 181, 118, 162, 102, 26, 105, - 114, -1, 111, -1, -1, 108, -1, -1, -1, -1, + 33, 33, 33, 33, 9, 0, 0, 33, 10, 11, + 33, 33, 44, 44, 33, 10, 10, 100, 44, 263, + 0, 44, 33, 0, 31, 32, 0, 263, 258, 36, + 10, 258, 0, 10, 0, 0, 10, 0, 0, 58, + 0, 33, 10, 0, 10, 10, 258, 10, 10, 258, + 10, 257, 258, 10, 263, 44, 63, 0, 0, 66, + 0, 258, 69, 260, 261, 72, 263, 10, 10, 44, + 10, 78, 61, 80, 33, 82, 258, 286, 58, 259, + 286, 58, 58, 58, 58, 92, 93, 94, 58, 286, + 58, 174, 58, 58, 101, 58, 58, 58, 58, 104, + 58, 58, 44, 263, 44, 61, 61, 33, 110, 61, + 33, 113, 258, 61, 263, 261, 262, 263, 43, 263, + 45, 264, 264, 44, 264, 46, 47, 293, 294, 295, + 296, 297, 298, 299, 264, 40, 61, 33, 59, 41, + 286, 33, 149, 145, 301, 302, 303, 304, 33, 44, + 44, 44, 61, 44, 44, 61, 263, 61, 61, 44, + 61, 61, 61, 263, 263, 263, 263, 263, 263, 0, + 0, 41, 41, 41, 41, 41, 154, 88, 51, 61, + 107, 42, 18, 91, 183, 164, 75, 160, 118, 102, + 105, 26, 108, 111, 114, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 257, 258, -1, 259, 259, 259, @@ -383,13 +384,14 @@ const short sudoerscheck[] = -1, 293, 294, 295, 296, 297, 298, 299, -1, 301, 302, 303, 304, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, -1, -1, - -1, 257, 258, 258, -1, 260, 261, -1, 263, 257, - 258, -1, 301, 302, 303, 304, 272, 273, 274, 275, + -1, 257, 258, 256, -1, 258, -1, 260, 261, -1, + 263, -1, 301, 302, 303, 304, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 286, 258, -1, -1, 261, 262, 263, 286, -1, - -1, -1, -1, -1, -1, 301, 302, 303, 304, -1, + 286, -1, 258, 286, 260, 261, 258, 263, -1, 261, + 262, 263, 257, 258, -1, 301, 302, 303, 304, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 286, + 286, -1, -1, -1, 286, -1, -1, -1, -1, -1, + -1, 286, }; #define YYFINAL 20 #ifndef YYDEBUG @@ -448,6 +450,7 @@ const char * const sudoersrule[] = "defaults_entry : DEFVAR '-' WORD", "privileges : privilege", "privileges : privileges ':' privilege", +"privileges : privileges ':' error eol", "privilege : hostlist '=' cmndspeclist", "ophost : host", "ophost : '!' host", @@ -571,7 +574,7 @@ short *yysslim; YYSTYPE *yyvs; unsigned int yystacksize; int yyparse(void); -#line 970 "gram.y" +#line 974 "gram.y" void sudoerserror(const char *s) { @@ -1044,7 +1047,7 @@ init_options(struct command_options *opts) opts->limitprivs = NULL; #endif } -#line 1034 "gram.c" +#line 1037 "gram.c" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ static int yygrowstack(void) { @@ -1431,7 +1434,14 @@ case 31: } break; case 32: -#line 321 "gram.y" +#line 319 "gram.y" +{ + yyerrok; + yyval.privilege = yyvsp[-3].privilege; + } +break; +case 33: +#line 325 "gram.y" { struct privilege *p = calloc(1, sizeof(*p)); if (p == NULL) { @@ -1445,22 +1455,22 @@ case 32: yyval.privilege = p; } break; -case 33: -#line 335 "gram.y" +case 34: +#line 339 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 34: -#line 339 "gram.y" +case 35: +#line 343 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 35: -#line 345 "gram.y" +case 36: +#line 349 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -1469,8 +1479,8 @@ case 35: } } break; -case 36: -#line 352 "gram.y" +case 37: +#line 356 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -1479,8 +1489,8 @@ case 36: } } break; -case 37: -#line 359 "gram.y" +case 38: +#line 363 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -1489,8 +1499,8 @@ case 37: } } break; -case 38: -#line 366 "gram.y" +case 39: +#line 370 "gram.y" { yyval.member = new_member(yyvsp[0].string, NTWKADDR); if (yyval.member == NULL) { @@ -1499,8 +1509,8 @@ case 38: } } break; -case 39: -#line 373 "gram.y" +case 40: +#line 377 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -1509,8 +1519,8 @@ case 39: } } break; -case 41: -#line 383 "gram.y" +case 42: +#line 387 "gram.y" { struct cmndspec *prev; prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries); @@ -1563,8 +1573,8 @@ case 41: yyval.cmndspec = yyvsp[-2].cmndspec; } break; -case 42: -#line 436 "gram.y" +case 43: +#line 440 "gram.y" { struct cmndspec *cs = calloc(1, sizeof(*cs)); if (cs == NULL) { @@ -1617,8 +1627,8 @@ case 42: yyval.cmndspec = cs; } break; -case 43: -#line 489 "gram.y" +case 44: +#line 493 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1627,8 +1637,8 @@ case 43: } } break; -case 44: -#line 496 "gram.y" +case 45: +#line 500 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1637,8 +1647,8 @@ case 44: } } break; -case 45: -#line 503 "gram.y" +case 46: +#line 507 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1647,8 +1657,8 @@ case 45: } } break; -case 46: -#line 510 "gram.y" +case 47: +#line 514 "gram.y" { yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string); if (yyval.digest == NULL) { @@ -1657,21 +1667,21 @@ case 46: } } break; -case 48: -#line 520 "gram.y" +case 49: +#line 524 "gram.y" { HLTQ_CONCAT(yyvsp[-2].digest, yyvsp[0].digest, entries); yyval.digest = yyvsp[-2].digest; } break; -case 49: -#line 526 "gram.y" +case 50: +#line 530 "gram.y" { yyval.member = yyvsp[0].member; } break; -case 50: -#line 529 "gram.y" +case 51: +#line 533 "gram.y" { struct sudo_command *c = (struct sudo_command *) yyvsp[0].member->name; @@ -1692,28 +1702,22 @@ case 50: yyval.member = yyvsp[0].member; } break; -case 51: -#line 550 "gram.y" +case 52: +#line 554 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = false; } break; -case 52: -#line 554 "gram.y" +case 53: +#line 558 "gram.y" { yyval.member = yyvsp[0].member; yyval.member->negated = true; } break; -case 53: -#line 560 "gram.y" -{ - yyval.string = yyvsp[0].string; - } -break; case 54: -#line 565 "gram.y" +#line 564 "gram.y" { yyval.string = yyvsp[0].string; } @@ -1725,19 +1729,19 @@ case 55: } break; case 56: -#line 574 "gram.y" +#line 573 "gram.y" { yyval.string = yyvsp[0].string; } break; case 57: -#line 579 "gram.y" +#line 578 "gram.y" { yyval.string = yyvsp[0].string; } break; case 58: -#line 584 "gram.y" +#line 583 "gram.y" { yyval.string = yyvsp[0].string; } @@ -1749,19 +1753,25 @@ case 59: } break; case 60: -#line 593 "gram.y" +#line 592 "gram.y" +{ + yyval.string = yyvsp[0].string; + } +break; +case 61: +#line 597 "gram.y" { yyval.runas = NULL; } break; -case 61: -#line 596 "gram.y" +case 62: +#line 600 "gram.y" { yyval.runas = yyvsp[-1].runas; } break; -case 62: -#line 601 "gram.y" +case 63: +#line 605 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1778,8 +1788,8 @@ case 62: } } break; -case 63: -#line 616 "gram.y" +case 64: +#line 620 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1790,8 +1800,8 @@ case 63: /* $$->runasgroups = NULL; */ } break; -case 64: -#line 625 "gram.y" +case 65: +#line 629 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1802,8 +1812,8 @@ case 64: yyval.runas->runasgroups = yyvsp[0].member; } break; -case 65: -#line 634 "gram.y" +case 66: +#line 638 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas == NULL) { @@ -1814,8 +1824,8 @@ case 65: yyval.runas->runasgroups = yyvsp[0].member; } break; -case 66: -#line 643 "gram.y" +case 67: +#line 647 "gram.y" { yyval.runas = calloc(1, sizeof(struct runascontainer)); if (yyval.runas != NULL) { @@ -1832,14 +1842,14 @@ case 66: } } break; -case 67: -#line 660 "gram.y" +case 68: +#line 664 "gram.y" { init_options(&yyval.options); } break; -case 68: -#line 663 "gram.y" +case 69: +#line 667 "gram.y" { yyval.options.notbefore = parse_gentime(yyvsp[0].string); free(yyvsp[0].string); @@ -1849,8 +1859,8 @@ case 68: } } break; -case 69: -#line 671 "gram.y" +case 70: +#line 675 "gram.y" { yyval.options.notafter = parse_gentime(yyvsp[0].string); free(yyvsp[0].string); @@ -1860,8 +1870,8 @@ case 69: } } break; -case 70: -#line 679 "gram.y" +case 71: +#line 683 "gram.y" { yyval.options.timeout = parse_timeout(yyvsp[0].string); free(yyvsp[0].string); @@ -1874,8 +1884,8 @@ case 70: } } break; -case 71: -#line 690 "gram.y" +case 72: +#line 694 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.role); @@ -1883,8 +1893,8 @@ case 71: #endif } break; -case 72: -#line 696 "gram.y" +case 73: +#line 700 "gram.y" { #ifdef HAVE_SELINUX free(yyval.options.type); @@ -1892,8 +1902,8 @@ case 72: #endif } break; -case 73: -#line 702 "gram.y" +case 74: +#line 706 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.privs); @@ -1901,8 +1911,8 @@ case 73: #endif } break; -case 74: -#line 708 "gram.y" +case 75: +#line 712 "gram.y" { #ifdef HAVE_PRIV_SET free(yyval.options.limitprivs); @@ -1910,98 +1920,98 @@ case 74: #endif } break; -case 75: -#line 716 "gram.y" +case 76: +#line 720 "gram.y" { TAGS_INIT(yyval.tag); } break; -case 76: -#line 719 "gram.y" +case 77: +#line 723 "gram.y" { yyval.tag.nopasswd = true; } break; -case 77: -#line 722 "gram.y" +case 78: +#line 726 "gram.y" { yyval.tag.nopasswd = false; } break; -case 78: -#line 725 "gram.y" +case 79: +#line 729 "gram.y" { yyval.tag.noexec = true; } break; -case 79: -#line 728 "gram.y" +case 80: +#line 732 "gram.y" { yyval.tag.noexec = false; } break; -case 80: -#line 731 "gram.y" +case 81: +#line 735 "gram.y" { yyval.tag.setenv = true; } break; -case 81: -#line 734 "gram.y" +case 82: +#line 738 "gram.y" { yyval.tag.setenv = false; } break; -case 82: -#line 737 "gram.y" +case 83: +#line 741 "gram.y" { yyval.tag.log_input = true; } break; -case 83: -#line 740 "gram.y" +case 84: +#line 744 "gram.y" { yyval.tag.log_input = false; } break; -case 84: -#line 743 "gram.y" +case 85: +#line 747 "gram.y" { yyval.tag.log_output = true; } break; -case 85: -#line 746 "gram.y" +case 86: +#line 750 "gram.y" { yyval.tag.log_output = false; } break; -case 86: -#line 749 "gram.y" +case 87: +#line 753 "gram.y" { yyval.tag.follow = true; } break; -case 87: -#line 752 "gram.y" +case 88: +#line 756 "gram.y" { yyval.tag.follow = false; } break; -case 88: -#line 755 "gram.y" +case 89: +#line 759 "gram.y" { yyval.tag.send_mail = true; } break; -case 89: -#line 758 "gram.y" +case 90: +#line 762 "gram.y" { yyval.tag.send_mail = false; } break; -case 90: -#line 763 "gram.y" +case 91: +#line 767 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2010,8 +2020,8 @@ case 90: } } break; -case 91: -#line 770 "gram.y" +case 92: +#line 774 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2020,8 +2030,8 @@ case 91: } } break; -case 92: -#line 777 "gram.y" +case 93: +#line 781 "gram.y" { struct sudo_command *c; @@ -2037,8 +2047,8 @@ case 92: } } break; -case 95: -#line 797 "gram.y" +case 96: +#line 801 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, HOSTALIAS, @@ -2049,15 +2059,15 @@ case 95: } } break; -case 97: -#line 809 "gram.y" +case 98: +#line 813 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 100: -#line 819 "gram.y" +case 101: +#line 823 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, CMNDALIAS, @@ -2068,15 +2078,15 @@ case 100: } } break; -case 102: -#line 831 "gram.y" +case 103: +#line 835 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 105: -#line 841 "gram.y" +case 106: +#line 845 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, RUNASALIAS, @@ -2087,8 +2097,8 @@ case 105: } } break; -case 108: -#line 856 "gram.y" +case 109: +#line 860 "gram.y" { const char *s; s = alias_add(&parsed_policy, yyvsp[-2].string, USERALIAS, @@ -2099,29 +2109,29 @@ case 108: } } break; -case 110: -#line 868 "gram.y" +case 111: +#line 872 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 111: -#line 874 "gram.y" -{ - yyval.member = yyvsp[0].member; - yyval.member->negated = false; - } -break; case 112: #line 878 "gram.y" { yyval.member = yyvsp[0].member; - yyval.member->negated = true; + yyval.member->negated = false; } break; case 113: -#line 884 "gram.y" +#line 882 "gram.y" +{ + yyval.member = yyvsp[0].member; + yyval.member->negated = true; + } +break; +case 114: +#line 888 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2130,8 +2140,8 @@ case 113: } } break; -case 114: -#line 891 "gram.y" +case 115: +#line 895 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2140,8 +2150,8 @@ case 114: } } break; -case 115: -#line 898 "gram.y" +case 116: +#line 902 "gram.y" { yyval.member = new_member(yyvsp[0].string, NETGROUP); if (yyval.member == NULL) { @@ -2150,8 +2160,8 @@ case 115: } } break; -case 116: -#line 905 "gram.y" +case 117: +#line 909 "gram.y" { yyval.member = new_member(yyvsp[0].string, USERGROUP); if (yyval.member == NULL) { @@ -2160,8 +2170,8 @@ case 116: } } break; -case 117: -#line 912 "gram.y" +case 118: +#line 916 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2170,29 +2180,29 @@ case 117: } } break; -case 119: -#line 922 "gram.y" +case 120: +#line 926 "gram.y" { HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries); yyval.member = yyvsp[-2].member; } break; -case 120: -#line 928 "gram.y" -{ - yyval.member = yyvsp[0].member; - yyval.member->negated = false; - } -break; case 121: #line 932 "gram.y" { yyval.member = yyvsp[0].member; - yyval.member->negated = true; + yyval.member->negated = false; } break; case 122: -#line 938 "gram.y" +#line 936 "gram.y" +{ + yyval.member = yyvsp[0].member; + yyval.member->negated = true; + } +break; +case 123: +#line 942 "gram.y" { yyval.member = new_member(yyvsp[0].string, ALIAS); if (yyval.member == NULL) { @@ -2201,8 +2211,8 @@ case 122: } } break; -case 123: -#line 945 "gram.y" +case 124: +#line 949 "gram.y" { yyval.member = new_member(NULL, ALL); if (yyval.member == NULL) { @@ -2211,8 +2221,8 @@ case 123: } } break; -case 124: -#line 952 "gram.y" +case 125: +#line 956 "gram.y" { yyval.member = new_member(yyvsp[0].string, WORD); if (yyval.member == NULL) { @@ -2221,19 +2231,19 @@ case 124: } } break; -case 125: -#line 961 "gram.y" +case 126: +#line 965 "gram.y" { ; } break; -case 126: -#line 964 "gram.y" +case 127: +#line 968 "gram.y" { ; /* EOF */ } break; -#line 2223 "gram.c" +#line 2233 "gram.c" } yyssp -= yym; yystate = *yyssp; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index bf50bfcc0..6aabd4848 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -316,6 +316,10 @@ privileges : privilege HLTQ_CONCAT($1, $3, entries); $$ = $1; } + | privileges ':' error eol { + yyerrok; + $$ = $1; + } ; privilege : hostlist '=' cmndspeclist {