blob: 90595bfc3e8a87eb2a1b517ed01cdbffe2d7d899 [file] [log] [blame] [edit]
/*
* Copyright (c) 1996, 1998-2000, 2004, 2007-2010
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef _SUDO_PARSE_H
#define _SUDO_PARSE_H
#undef UNSPEC
#define UNSPEC -1
#undef DENY
#define DENY 0
#undef ALLOW
#define ALLOW 1
#undef IMPLIED
#define IMPLIED 2
/*
* A command with args. XXX - merge into struct member.
*/
struct sudo_command {
char *cmnd;
char *args;
};
/*
* Tags associated with a command.
* Possible valus: TRUE, FALSE, UNSPEC.
*/
struct cmndtag {
__signed int nopasswd: 3;
__signed int noexec: 3;
__signed int setenv: 3;
__signed int log_input: 3;
__signed int log_output: 3;
};
/*
* SELinux-specific container struct.
* Currently just contains a role and type.
*/
struct selinux_info {
char *role;
char *type;
};
/*
* The parses sudoers file is stored as a collection of linked lists,
* modelled after the yacc grammar.
*
* Other than the alias struct, which is stored in a red-black tree,
* the data structure used is basically a doubly-linked tail queue without
* a separate head struct--the first entry acts as the head where the prev
* pointer does double duty as the tail pointer. This makes it possible
* to trivally append sub-lists. In addition, the prev pointer is always
* valid (even if it points to itself). Unlike a circle queue, the next
* pointer of the last entry is NULL and does not point back to the head.
*
* Note that each list struct must contain a "prev" and "next" pointer as
* the first two members of the struct (in that order).
*/
/*
* Tail queue list head structure.
*/
TQ_DECLARE(defaults)
TQ_DECLARE(userspec)
TQ_DECLARE(member)
TQ_DECLARE(privilege)
TQ_DECLARE(cmndspec)
/*
* Structure describing a user specification and list thereof.
*/
struct userspec {
struct userspec *prev, *next;
struct member_list users; /* list of users */
struct privilege_list privileges; /* list of privileges */
};
/*
* Structure describing a privilege specification.
*/
struct privilege {
struct privilege *prev, *next;
struct member_list hostlist; /* list of hosts */
struct cmndspec_list cmndlist; /* list of Cmnd_Specs */
};
/*
* Structure describing a linked list of Cmnd_Specs.
*/
struct cmndspec {
struct cmndspec *prev, *next;
struct member_list runasuserlist; /* list of runas users */
struct member_list runasgrouplist; /* list of runas groups */
struct member *cmnd; /* command to allow/deny */
struct cmndtag tags; /* tag specificaion */
#ifdef HAVE_SELINUX
char *role, *type; /* SELinux role and type */
#endif
};
/*
* Generic structure to hold users, hosts, commands.
*/
struct member {
struct member *prev, *next;
char *name; /* member name */
short type; /* type (see gram.h) */
short negated; /* negated via '!'? */
};
struct runascontainer {
struct member *runasusers;
struct member *runasgroups;
};
/*
* Generic structure to hold {User,Host,Runas,Cmnd}_Alias
* Aliases are stored in a red-black tree, sorted by name and type.
*/
struct alias {
char *name; /* alias name */
unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
unsigned short seqno; /* sequence number */
struct member_list members; /* list of alias members */
};
/*
* Structure describing a Defaults entry and a list thereof.
*/
struct defaults {
struct defaults *prev, *next;
char *var; /* variable name */
char *val; /* variable value */
struct member_list binding; /* user/host/runas binding */
int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */
int op; /* TRUE, FALSE, '+', '-' */
};
/*
* Parsed sudoers info.
*/
extern struct userspec_list userspecs;
extern struct defaults_list defaults;
/*
* Alias sequence number to avoid loops.
*/
extern unsigned int alias_seqno;
/*
* Prototypes
*/
char *alias_add __P((char *, int, struct member *));
int addr_matches __P((char *));
int cmnd_matches __P((struct member *));
int cmndlist_matches __P((struct member_list *));
int command_matches __P((char *, char *));
int hostlist_matches __P((struct member_list *));
int hostname_matches __P((char *, char *, char *));
int netgr_matches __P((char *, char *, char *, char *));
int no_aliases __P((void));
int runaslist_matches __P((struct member_list *, struct member_list *));
int userlist_matches __P((struct passwd *, struct member_list *));
int usergr_matches __P((char *, char *, struct passwd *));
int userpw_matches __P((char *, char *, struct passwd *));
int group_matches __P((char *, struct group *));
struct alias *alias_find __P((char *, int));
struct alias *alias_remove __P((char *, int));
void alias_free __P((void *));
void alias_apply __P((int (*)(void *, void *), void *));
void init_aliases __P((void));
void init_lexer __P((void));
void init_parser __P((char *, int));
int alias_compare __P((const void *, const void *));
#endif /* _SUDO_PARSE_H */