/* * Copyright (c) 1996, 1998-2000, 2004, 2007-2010 * Todd C. Miller <Todd.Miller@courtesan.com> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef _SUDO_PARSE_H #define _SUDO_PARSE_H #undef UNSPEC #define UNSPEC -1 #undef DENY #define DENY 0 #undef ALLOW #define ALLOW 1 #undef IMPLIED #define IMPLIED 2 /* * A command with args. XXX - merge into struct member. */ struct sudo_command { char *cmnd; char *args; }; /* * Tags associated with a command. * Possible valus: TRUE, FALSE, UNSPEC. */ struct cmndtag { __signed int nopasswd: 3; __signed int noexec: 3; __signed int setenv: 3; __signed int log_input: 3; __signed int log_output: 3; }; /* * SELinux-specific container struct. * Currently just contains a role and type. */ struct selinux_info { char *role; char *type; }; /* * The parses sudoers file is stored as a collection of linked lists, * modelled after the yacc grammar. * * Other than the alias struct, which is stored in a red-black tree, * the data structure used is basically a doubly-linked tail queue without * a separate head struct--the first entry acts as the head where the prev * pointer does double duty as the tail pointer. This makes it possible * to trivally append sub-lists. In addition, the prev pointer is always * valid (even if it points to itself). Unlike a circle queue, the next * pointer of the last entry is NULL and does not point back to the head. * * Note that each list struct must contain a "prev" and "next" pointer as * the first two members of the struct (in that order). */ /* * Tail queue list head structure. */ TQ_DECLARE(defaults) TQ_DECLARE(userspec) TQ_DECLARE(member) TQ_DECLARE(privilege) TQ_DECLARE(cmndspec) /* * Structure describing a user specification and list thereof. */ struct userspec { struct userspec *prev, *next; struct member_list users; /* list of users */ struct privilege_list privileges; /* list of privileges */ }; /* * Structure describing a privilege specification. */ struct privilege { struct privilege *prev, *next; struct member_list hostlist; /* list of hosts */ struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ }; /* * Structure describing a linked list of Cmnd_Specs. */ struct cmndspec { struct cmndspec *prev, *next; struct member_list runasuserlist; /* list of runas users */ struct member_list runasgrouplist; /* list of runas groups */ struct member *cmnd; /* command to allow/deny */ struct cmndtag tags; /* tag specificaion */ #ifdef HAVE_SELINUX char *role, *type; /* SELinux role and type */ #endif }; /* * Generic structure to hold users, hosts, commands. */ struct member { struct member *prev, *next; char *name; /* member name */ short type; /* type (see gram.h) */ short negated; /* negated via '!'? */ }; struct runascontainer { struct member *runasusers; struct member *runasgroups; }; /* * Generic structure to hold {User,Host,Runas,Cmnd}_Alias * Aliases are stored in a red-black tree, sorted by name and type. */ struct alias { char *name; /* alias name */ unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ unsigned short seqno; /* sequence number */ struct member_list members; /* list of alias members */ }; /* * Structure describing a Defaults entry and a list thereof. */ struct defaults { struct defaults *prev, *next; char *var; /* variable name */ char *val; /* variable value */ struct member_list binding; /* user/host/runas binding */ int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ int op; /* TRUE, FALSE, '+', '-' */ }; /* * Parsed sudoers info. */ extern struct userspec_list userspecs; extern struct defaults_list defaults; /* * Alias sequence number to avoid loops. */ extern unsigned int alias_seqno; /* * Prototypes */ char *alias_add __P((char *, int, struct member *)); int addr_matches __P((char *)); int cmnd_matches __P((struct member *)); int cmndlist_matches __P((struct member_list *)); int command_matches __P((char *, char *)); int hostlist_matches __P((struct member_list *)); int hostname_matches __P((char *, char *, char *)); int netgr_matches __P((char *, char *, char *, char *)); int no_aliases __P((void)); int runaslist_matches __P((struct member_list *, struct member_list *)); int userlist_matches __P((struct passwd *, struct member_list *)); int usergr_matches __P((char *, char *, struct passwd *)); int userpw_matches __P((char *, char *, struct passwd *)); int group_matches __P((char *, struct group *)); struct alias *alias_find __P((char *, int)); struct alias *alias_remove __P((char *, int)); void alias_free __P((void *)); void alias_apply __P((int (*)(void *, void *), void *)); void init_aliases __P((void)); void init_lexer __P((void)); void init_parser __P((char *, int)); int alias_compare __P((const void *, const void *)); #endif /* _SUDO_PARSE_H */