1/* 2 * Copyright (c) 1996, 1998-2000, 2004, 2007-2010 3 * Todd C. Miller <Todd.Miller@courtesan.com> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#ifndef _SUDO_PARSE_H 19#define _SUDO_PARSE_H 20 21#undef UNSPEC 22#define UNSPEC -1 23#undef DENY 24#define DENY 0 25#undef ALLOW 26#define ALLOW 1 27#undef IMPLIED 28#define IMPLIED 2 29 30/* 31 * A command with args. XXX - merge into struct member. 32 */ 33struct sudo_command { 34 char *cmnd; 35 char *args; 36}; 37 38/* 39 * Tags associated with a command. 40 * Possible valus: TRUE, FALSE, UNSPEC. 41 */ 42struct cmndtag { 43 __signed int nopasswd: 3; 44 __signed int noexec: 3; 45 __signed int setenv: 3; 46 __signed int log_input: 3; 47 __signed int log_output: 3; 48}; 49 50/* 51 * SELinux-specific container struct. 52 * Currently just contains a role and type. 53 */ 54struct selinux_info { 55 char *role; 56 char *type; 57}; 58 59/* 60 * The parses sudoers file is stored as a collection of linked lists, 61 * modelled after the yacc grammar. 62 * 63 * Other than the alias struct, which is stored in a red-black tree, 64 * the data structure used is basically a doubly-linked tail queue without 65 * a separate head struct--the first entry acts as the head where the prev 66 * pointer does double duty as the tail pointer. This makes it possible 67 * to trivally append sub-lists. In addition, the prev pointer is always 68 * valid (even if it points to itself). Unlike a circle queue, the next 69 * pointer of the last entry is NULL and does not point back to the head. 70 * 71 * Note that each list struct must contain a "prev" and "next" pointer as 72 * the first two members of the struct (in that order). 73 */ 74 75/* 76 * Tail queue list head structure. 77 */ 78TQ_DECLARE(defaults) 79TQ_DECLARE(userspec) 80TQ_DECLARE(member) 81TQ_DECLARE(privilege) 82TQ_DECLARE(cmndspec) 83 84/* 85 * Structure describing a user specification and list thereof. 86 */ 87struct userspec { 88 struct userspec *prev, *next; 89 struct member_list users; /* list of users */ 90 struct privilege_list privileges; /* list of privileges */ 91}; 92 93/* 94 * Structure describing a privilege specification. 95 */ 96struct privilege { 97 struct privilege *prev, *next; 98 struct member_list hostlist; /* list of hosts */ 99 struct cmndspec_list cmndlist; /* list of Cmnd_Specs */ 100}; 101 102/* 103 * Structure describing a linked list of Cmnd_Specs. 104 */ 105struct cmndspec { 106 struct cmndspec *prev, *next; 107 struct member_list runasuserlist; /* list of runas users */ 108 struct member_list runasgrouplist; /* list of runas groups */ 109 struct member *cmnd; /* command to allow/deny */ 110 struct cmndtag tags; /* tag specificaion */ 111#ifdef HAVE_SELINUX 112 char *role, *type; /* SELinux role and type */ 113#endif 114}; 115 116/* 117 * Generic structure to hold users, hosts, commands. 118 */ 119struct member { 120 struct member *prev, *next; 121 char *name; /* member name */ 122 short type; /* type (see gram.h) */ 123 short negated; /* negated via '!'? */ 124}; 125 126struct runascontainer { 127 struct member *runasusers; 128 struct member *runasgroups; 129}; 130 131/* 132 * Generic structure to hold {User,Host,Runas,Cmnd}_Alias 133 * Aliases are stored in a red-black tree, sorted by name and type. 134 */ 135struct alias { 136 char *name; /* alias name */ 137 unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */ 138 unsigned short seqno; /* sequence number */ 139 struct member_list members; /* list of alias members */ 140}; 141 142/* 143 * Structure describing a Defaults entry and a list thereof. 144 */ 145struct defaults { 146 struct defaults *prev, *next; 147 char *var; /* variable name */ 148 char *val; /* variable value */ 149 struct member_list binding; /* user/host/runas binding */ 150 int type; /* DEFAULTS{,_USER,_RUNAS,_HOST} */ 151 int op; /* TRUE, FALSE, '+', '-' */ 152}; 153 154/* 155 * Parsed sudoers info. 156 */ 157extern struct userspec_list userspecs; 158extern struct defaults_list defaults; 159 160/* 161 * Alias sequence number to avoid loops. 162 */ 163extern unsigned int alias_seqno; 164 165/* 166 * Prototypes 167 */ 168char *alias_add __P((char *, int, struct member *)); 169int addr_matches __P((char *)); 170int cmnd_matches __P((struct member *)); 171int cmndlist_matches __P((struct member_list *)); 172int command_matches __P((char *, char *)); 173int hostlist_matches __P((struct member_list *)); 174int hostname_matches __P((char *, char *, char *)); 175int netgr_matches __P((char *, char *, char *, char *)); 176int no_aliases __P((void)); 177int runaslist_matches __P((struct member_list *, struct member_list *)); 178int userlist_matches __P((struct passwd *, struct member_list *)); 179int usergr_matches __P((char *, char *, struct passwd *)); 180int userpw_matches __P((char *, char *, struct passwd *)); 181int group_matches __P((char *, struct group *)); 182struct alias *alias_find __P((char *, int)); 183struct alias *alias_remove __P((char *, int)); 184void alias_free __P((void *)); 185void alias_apply __P((int (*)(void *, void *), void *)); 186void init_aliases __P((void)); 187void init_lexer __P((void)); 188void init_parser __P((char *, int)); 189int alias_compare __P((const void *, const void *)); 190 191#endif /* _SUDO_PARSE_H */ 192