| /* |
| * Copyright (c) 1996, 1998-2000, 2004, 2007-2010 |
| * Todd C. Miller <Todd.Miller@courtesan.com> |
| * |
| * Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
| * copyright notice and this permission notice appear in all copies. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| */ |
| |
| #ifndef _SUDO_PARSE_H |
| #define _SUDO_PARSE_H |
| |
| #undef UNSPEC |
| #define UNSPEC -1 |
| #undef DENY |
| #define DENY 0 |
| #undef ALLOW |
| #define ALLOW 1 |
| #undef IMPLIED |
| #define IMPLIED 2 |
| |
| /* |
| * A command with args. XXX - merge into struct member. |
| */ |
| struct sudo_command { |
| char *cmnd; |
| char *args; |
| }; |
| |
| /* |
| * Tags associated with a command. |
| * Possible valus: TRUE, FALSE, UNSPEC. |
| */ |
| struct cmndtag { |
| __signed int nopasswd: 3; |
| __signed int noexec: 3; |
| __signed int setenv: 3; |
| __signed int log_input: 3; |
| __signed int log_output: 3; |
| }; |
| |
| /* |
| * SELinux-specific container struct. |
| * Currently just contains a role and type. |
| */ |
| struct selinux_info { |
| char *role; |
| char *type; |
| }; |
| |
| /* |
| * The parses sudoers file is stored as a collection of linked lists, |
| * modelled after the yacc grammar. |
| * |
| * Other than the alias struct, which is stored in a red-black tree, |
| * the data structure used is basically a doubly-linked tail queue without |
| * a separate head struct--the first entry acts as the head where the prev |
| * pointer does double duty as the tail pointer. This makes it possible |
| * to trivally append sub-lists. In addition, the prev pointer is always |
| * valid (even if it points to itself). Unlike a circle queue, the next |
| * pointer of the last entry is NULL and does not point back to the head. |
| * |
| * Note that each list struct must contain a "prev" and "next" pointer as |
| * the first two members of the struct (in that order). |
| */ |
| |
| /* |
| * Tail queue list head structure. |
| */ |
| TQ_DECLARE(defaults) |
| TQ_DECLARE(userspec) |
| TQ_DECLARE(member) |
| TQ_DECLARE(privilege) |
| TQ_DECLARE(cmndspec) |
| |
| /* |
| * Structure describing a user specification and list thereof. |
| */ |
| struct userspec { |
| struct userspec *prev, *next; |
| struct member_list users; /* list of users */ |
| struct privilege_list privileges; /* list of privileges */ |
| }; |
| |
| /* |
| * Structure describing a privilege specification. |
| */ |
| struct privilege { |
| struct privilege *prev, *next; |
| struct member_list hostlist; /* list of hosts */ |
| struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ |
| }; |
| |
| /* |
| * Structure describing a linked list of Cmnd_Specs. |
| */ |
| struct cmndspec { |
| struct cmndspec *prev, *next; |
| struct member_list runasuserlist; /* list of runas users */ |
| struct member_list runasgrouplist; /* list of runas groups */ |
| struct member *cmnd; /* command to allow/deny */ |
| struct cmndtag tags; /* tag specificaion */ |
| #ifdef HAVE_SELINUX |
| char *role, *type; /* SELinux role and type */ |
| #endif |
| }; |
| |
| /* |
| * Generic structure to hold users, hosts, commands. |
| */ |
| struct member { |
| struct member *prev, *next; |
| char *name; /* member name */ |
| short type; /* type (see gram.h) */ |
| short negated; /* negated via '!'? */ |
| }; |
| |
| struct runascontainer { |
| struct member *runasusers; |
| struct member *runasgroups; |
| }; |
| |
| /* |
| * Generic structure to hold {User,Host,Runas,Cmnd}_Alias |
| * Aliases are stored in a red-black tree, sorted by name and type. |
| */ |
| struct alias { |
| char *name; /* alias name */ |
| unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ |
| unsigned short seqno; /* sequence number */ |
| struct member_list members; /* list of alias members */ |
| }; |
| |
| /* |
| * Structure describing a Defaults entry and a list thereof. |
| */ |
| struct defaults { |
| struct defaults *prev, *next; |
| char *var; /* variable name */ |
| char *val; /* variable value */ |
| struct member_list binding; /* user/host/runas binding */ |
| int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ |
| int op; /* TRUE, FALSE, '+', '-' */ |
| }; |
| |
| /* |
| * Parsed sudoers info. |
| */ |
| extern struct userspec_list userspecs; |
| extern struct defaults_list defaults; |
| |
| /* |
| * Alias sequence number to avoid loops. |
| */ |
| extern unsigned int alias_seqno; |
| |
| /* |
| * Prototypes |
| */ |
| char *alias_add __P((char *, int, struct member *)); |
| int addr_matches __P((char *)); |
| int cmnd_matches __P((struct member *)); |
| int cmndlist_matches __P((struct member_list *)); |
| int command_matches __P((char *, char *)); |
| int hostlist_matches __P((struct member_list *)); |
| int hostname_matches __P((char *, char *, char *)); |
| int netgr_matches __P((char *, char *, char *, char *)); |
| int no_aliases __P((void)); |
| int runaslist_matches __P((struct member_list *, struct member_list *)); |
| int userlist_matches __P((struct passwd *, struct member_list *)); |
| int usergr_matches __P((char *, char *, struct passwd *)); |
| int userpw_matches __P((char *, char *, struct passwd *)); |
| int group_matches __P((char *, struct group *)); |
| struct alias *alias_find __P((char *, int)); |
| struct alias *alias_remove __P((char *, int)); |
| void alias_free __P((void *)); |
| void alias_apply __P((int (*)(void *, void *), void *)); |
| void init_aliases __P((void)); |
| void init_lexer __P((void)); |
| void init_parser __P((char *, int)); |
| int alias_compare __P((const void *, const void *)); |
| |
| #endif /* _SUDO_PARSE_H */ |