← Back to branch summary

~ubuntu-branches/ubuntu/saucy/sudo/saucy

« back to all changes in this revision

Viewing changes to plugins/sudoers/gram.y

  • Committer: Package Import Robot
  • Author(s): Stéphane Graber
  • Date: 2012-11-16 09:31:32 UTC
  • mfrom: (1.4.13)
  • Revision ID: package-import@ubuntu.com-20121116093132-ptext55adlzbrq6y
Tags: 1.8.6p3-0ubuntu1
* New upstream release (1.8.6p3).
* Add patch to fix building with sssd when ldap is disabled.
* Drop sudo.manpages and sudo-ldap.manpages as the upstream build system
  now does the right thing here.
* Build the main sudo package with support for sssd, this doesn't add any
  additional build time or runtime dependency. sudo will dynamically load
  the sssd library if 'sss' is listed for the 'sudoers' nss service.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins/sudoers/gram.y
44
44
#ifdef HAVE_UNISTD_H
45
45
# include <unistd.h>
46
46
#endif /* HAVE_UNISTD_H */
 
47
#ifdef HAVE_INTTYPES_H
 
48
# include <inttypes.h>
 
49
#endif
47
50
#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
48
51
# include <alloca.h>
49
52
#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
104
107
        errorlineno = sudolineno;
105
108
        errorfile = estrdup(sudoers);
106
109
    }
107
 
    if (trace_print != NULL) {
 
110
    if (sudoers_warnings && s != NULL) {
108
111
        LEXTRACE("<*> ");
109
 
    } else if (sudoers_warnings && s != NULL) {
110
 
        warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
 
112
#ifndef TRACELEXER
 
113
        if (trace_print == NULL || trace_print == sudoers_trace_print)
 
114
            warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
 
115
#endif
111
116
    }
112
117
    parse_error = true;
113
118
    debug_return;
123
128
    struct sudo_command command;
124
129
    struct cmndtag tag;
125
130
    struct selinux_info seinfo;
 
131
    struct solaris_privs_info privinfo;
126
132
    char *string;
127
133
    int tok;
128
134
}
161
167
%token <tok>     ERROR
162
168
%token <tok>     TYPE                   /* SELinux type */
163
169
%token <tok>     ROLE                   /* SELinux role */
 
170
%token <tok>     PRIVS                  /* Solaris privileges */
 
171
%token <tok>     LIMITPRIVS             /* Solaris limit privileges */
 
172
%token <tok>     MYSELF                 /* run as myself, not another user */
164
173
 
165
174
%type <cmndspec>  cmndspec
166
175
%type <cmndspec>  cmndspeclist
186
195
%type <seinfo>    selinux
187
196
%type <string>    rolespec
188
197
%type <string>    typespec
 
198
%type <privinfo>  solarisprivs
 
199
%type <string>    privsspec
 
200
%type <string>    limitprivsspec
189
201
 
190
202
%%
191
203
 
313
325
                            if ($3->type == NULL)
314
326
                                $3->type = $3->prev->type;
315
327
#endif /* HAVE_SELINUX */
 
328
#ifdef HAVE_PRIV_SET
 
329
                            /* propagate privs & limitprivs */
 
330
                            if ($3->privs == NULL)
 
331
                                $3->privs = $3->prev->privs;
 
332
                            if ($3->limitprivs == NULL)
 
333
                                $3->limitprivs = $3->prev->limitprivs;
 
334
#endif /* HAVE_PRIV_SET */
316
335
                            /* propagate tags and runas list */
317
336
                            if ($3->tags.nopasswd == UNSPEC)
318
337
                                $3->tags.nopasswd = $3->prev->tags.nopasswd;
336
355
                        }
337
356
                ;
338
357
 
339
 
cmndspec        :       runasspec selinux cmndtag opcmnd {
 
358
cmndspec        :       runasspec selinux solarisprivs cmndtag opcmnd {
340
359
                            struct cmndspec *cs = ecalloc(1, sizeof(*cs));
341
360
                            if ($1 != NULL) {
342
361
                                list2tq(&cs->runasuserlist, $1->runasusers);
350
369
                            cs->role = $2.role;
351
370
                            cs->type = $2.type;
352
371
#endif
353
 
                            cs->tags = $3;
354
 
                            cs->cmnd = $4;
 
372
#ifdef HAVE_PRIV_SET
 
373
                            cs->privs = $3.privs;
 
374
                            cs->limitprivs = $3.limitprivs;
 
375
#endif
 
376
                            cs->tags = $4;
 
377
                            cs->cmnd = $5;
355
378
                            cs->prev = cs;
356
379
                            cs->next = NULL;
357
380
                            /* sudo "ALL" implies the SETENV tag */
404
427
                        }
405
428
                ;
406
429
 
 
430
privsspec       :       PRIVS '=' WORD {
 
431
                            $$ = $3;
 
432
                        }
 
433
                ;
 
434
limitprivsspec  :       LIMITPRIVS '=' WORD {
 
435
                            $$ = $3;
 
436
                        }
 
437
                ;
 
438
 
 
439
solarisprivs    :       /* empty */ {
 
440
                            $$.privs = NULL;
 
441
                            $$.limitprivs = NULL;
 
442
                        }
 
443
                |       privsspec {
 
444
                            $$.privs = $1;
 
445
                            $$.limitprivs = NULL;
 
446
                        }       
 
447
                |       limitprivsspec {
 
448
                            $$.privs = NULL;
 
449
                            $$.limitprivs = $1;
 
450
                        }       
 
451
                |       privsspec limitprivsspec {
 
452
                            $$.privs = $1;
 
453
                            $$.limitprivs = $2;
 
454
                        }       
 
455
                |       limitprivsspec privsspec {
 
456
                            $$.limitprivs = $1;
 
457
                            $$.privs = $2;
 
458
                        }       
 
459
 
407
460
runasspec       :       /* empty */ {
408
461
                            $$ = NULL;
409
462
                        }
412
465
                        }
413
466
                ;
414
467
 
415
 
runaslist       :       userlist {
 
468
runaslist       :       /* empty */ {
 
469
                            $$ = ecalloc(1, sizeof(struct runascontainer));
 
470
                            $$->runasusers = new_member(NULL, MYSELF);
 
471
                            /* $$->runasgroups = NULL; */
 
472
                        }
 
473
                |       userlist {
416
474
                            $$ = ecalloc(1, sizeof(struct runascontainer));
417
475
                            $$->runasusers = $1;
418
476
                            /* $$->runasgroups = NULL; */
427
485
                            /* $$->runasusers = NULL; */
428
486
                            $$->runasgroups = $2;
429
487
                        }
 
488
                |       ':' {
 
489
                            $$ = ecalloc(1, sizeof(struct runascontainer));
 
490
                            $$->runasusers = new_member(NULL, MYSELF);
 
491
                            /* $$->runasgroups = NULL; */
 
492
                        }
430
493
                ;
431
494
 
432
495
cmndtag         :       /* empty */ {
696
759
 * the current sudoers file to path.
697
760
 */
698
761
void
699
 
init_parser(const char *path, int quiet)
 
762
init_parser(const char *path, bool quiet)
700
763
{
701
764
    struct defaults *d;
702
765
    struct member *m, *binding;
716
779
#ifdef HAVE_SELINUX
717
780
            char *role = NULL, *type = NULL;
718
781
#endif /* HAVE_SELINUX */
 
782
#ifdef HAVE_PRIV_SET
 
783
            char *privs = NULL, *limitprivs = NULL;
 
784
#endif /* HAVE_PRIV_SET */
719
785
 
720
786
            while ((m = tq_pop(&priv->hostlist)) != NULL) {
721
787
                efree(m->name);
733
799
                    efree(cs->type);
734
800
                }
735
801
#endif /* HAVE_SELINUX */
 
802
#ifdef HAVE_PRIV_SET
 
803
                /* Only free the first instance of privs/limitprivs. */
 
804
                if (cs->privs != privs) {
 
805
                    privs = cs->privs;
 
806
                    efree(cs->privs);
 
807
                }
 
808
                if (cs->limitprivs != limitprivs) {
 
809
                    limitprivs = cs->limitprivs;
 
810
                    efree(cs->limitprivs);
 
811
                }
 
812
#endif /* HAVE_PRIV_SET */
736
813
                if (tq_last(&cs->runasuserlist) != runasuser) {
737
814
                    runasuser = tq_last(&cs->runasuserlist);
738
815
                    while ((m = tq_pop(&cs->runasuserlist)) != NULL) {