/src/sudo/plugins/sudoers/gram.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * This is an open source non-commercial project. Dear PVS-Studio, please check it. |
3 | | * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com |
4 | | */ |
5 | | |
6 | | #include <config.h> |
7 | | /* A Bison parser, made by GNU Bison 3.8.2. */ |
8 | | |
9 | | /* Bison implementation for Yacc-like parsers in C |
10 | | |
11 | | Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, |
12 | | Inc. |
13 | | |
14 | | This program is free software: you can redistribute it and/or modify |
15 | | it under the terms of the GNU General Public License as published by |
16 | | the Free Software Foundation, either version 3 of the License, or |
17 | | (at your option) any later version. |
18 | | |
19 | | This program is distributed in the hope that it will be useful, |
20 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
21 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
22 | | GNU General Public License for more details. |
23 | | |
24 | | You should have received a copy of the GNU General Public License |
25 | | along with this program. If not, see <https://www.gnu.org/licenses/>. */ |
26 | | |
27 | | /* As a special exception, you may create a larger work that contains |
28 | | part or all of the Bison parser skeleton and distribute that work |
29 | | under terms of your choice, so long as that work isn't itself a |
30 | | parser generator using the skeleton or a modified version thereof |
31 | | as a parser skeleton. Alternatively, if you modify or redistribute |
32 | | the parser skeleton itself, you may (at your option) remove this |
33 | | special exception, which will cause the skeleton and the resulting |
34 | | Bison output files to be licensed under the GNU General Public |
35 | | License without this special exception. |
36 | | |
37 | | This special exception was added by the Free Software Foundation in |
38 | | version 2.2 of Bison. */ |
39 | | |
40 | | /* C LALR(1) parser skeleton written by Richard Stallman, by |
41 | | simplifying the original so-called "semantic" parser. */ |
42 | | |
43 | | /* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, |
44 | | especially those whose name start with YY_ or yy_. They are |
45 | | private implementation details that can be changed or removed. */ |
46 | | |
47 | | /* All symbols defined below should begin with yy or YY, to avoid |
48 | | infringing on user name space. This should be done even for local |
49 | | variables, as they might otherwise be expanded by user macros. |
50 | | There are some unavoidable exceptions within include files to |
51 | | define necessary library symbols; they are noted "INFRINGES ON |
52 | | USER NAME SPACE" below. */ |
53 | | |
54 | | /* Identify Bison output, and Bison version. */ |
55 | | #define YYBISON 30802 |
56 | | |
57 | | /* Bison version string. */ |
58 | | #define YYBISON_VERSION "3.8.2" |
59 | | |
60 | | /* Skeleton name. */ |
61 | | #define YYSKELETON_NAME "yacc.c" |
62 | | |
63 | | /* Pure parsers. */ |
64 | | #define YYPURE 0 |
65 | | |
66 | | /* Push parsers. */ |
67 | | #define YYPUSH 0 |
68 | | |
69 | | /* Pull parsers. */ |
70 | | #define YYPULL 1 |
71 | | |
72 | | |
73 | | /* Substitute the variable and function names. */ |
74 | | #define yyparse sudoersparse |
75 | 138k | #define yylex sudoerslex |
76 | 25 | #define yyerror sudoerserror |
77 | | #define yydebug sudoersdebug |
78 | 25 | #define yynerrs sudoersnerrs |
79 | 277k | #define yylval sudoerslval |
80 | 972k | #define yychar sudoerschar |
81 | | |
82 | | /* First part of user prologue. */ |
83 | | #line 1 "gram.y" |
84 | | |
85 | | /* |
86 | | * SPDX-License-Identifier: ISC |
87 | | * |
88 | | * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2024 |
89 | | * Todd C. Miller <Todd.Miller@sudo.ws> |
90 | | * |
91 | | * Permission to use, copy, modify, and distribute this software for any |
92 | | * purpose with or without fee is hereby granted, provided that the above |
93 | | * copyright notice and this permission notice appear in all copies. |
94 | | * |
95 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
96 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
97 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
98 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
99 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
100 | | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
101 | | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
102 | | * |
103 | | * Sponsored in part by the Defense Advanced Research Projects |
104 | | * Agency (DARPA) and Air Force Research Laboratory, Air Force |
105 | | * Materiel Command, USAF, under agreement number F39502-99-1-0512. |
106 | | */ |
107 | | |
108 | | #include <config.h> |
109 | | |
110 | | #include <stdio.h> |
111 | | #include <stdlib.h> |
112 | | #include <stddef.h> |
113 | | #include <string.h> |
114 | | #include <unistd.h> |
115 | | #include <errno.h> |
116 | | |
117 | | #include <sudoers.h> |
118 | | #include <sudo_digest.h> |
119 | | #include <toke.h> |
120 | | |
121 | | #ifdef YYBISON |
122 | | # define YYERROR_VERBOSE |
123 | | #endif |
124 | | |
125 | | /* If we last saw a newline the entry is on the preceding line. */ |
126 | 0 | #define this_lineno (sudoerschar == '\n' ? sudolineno - 1 : sudolineno) |
127 | | |
128 | | // PVS Studio suppression |
129 | | // -V::560, 592, 1037, 1042 |
130 | | |
131 | | /* |
132 | | * Globals |
133 | | */ |
134 | | bool parse_error = false; |
135 | | |
136 | | static struct sudoers_parser_config parser_conf = |
137 | | SUDOERS_PARSER_CONFIG_INITIALIZER; |
138 | | |
139 | | /* Optional logging function for parse errors. */ |
140 | | sudoers_logger_t sudoers_error_hook; |
141 | | |
142 | | static int alias_line, alias_column; |
143 | | |
144 | | #ifdef NO_LEAKS |
145 | | static struct parser_leak_list parser_leak_list = |
146 | | SLIST_HEAD_INITIALIZER(parser_leak_list); |
147 | | #endif |
148 | | |
149 | | struct sudoers_parse_tree parsed_policy = { |
150 | | { NULL, NULL }, /* entries */ |
151 | | TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs), |
152 | | TAILQ_HEAD_INITIALIZER(parsed_policy.defaults), |
153 | | NULL, /* aliases */ |
154 | | NULL, /* lhost */ |
155 | | NULL, /* shost */ |
156 | | NULL, /* nss */ |
157 | | NULL /* ctx */ |
158 | | }; |
159 | | |
160 | | /* |
161 | | * Local prototypes |
162 | | */ |
163 | | static bool add_defaults(short, struct member *, struct defaults *); |
164 | | static bool add_userspec(struct member *, struct privilege *); |
165 | | static struct command_digest *new_digest(unsigned int, char *); |
166 | | static struct defaults *new_default(char *, char *, short); |
167 | | static struct member *new_member(char *, short); |
168 | | static struct sudo_command *new_command(char *, char *); |
169 | | static void alias_error(const char *name, short type, int errnum); |
170 | | static void init_options(struct command_options *opts); |
171 | | static void propagate_cmndspec(struct cmndspec *cs, const struct cmndspec *prev); |
172 | | |
173 | | #line 168 "gram.c" |
174 | | |
175 | | # ifndef YY_CAST |
176 | | # ifdef __cplusplus |
177 | | # define YY_CAST(Type, Val) static_cast<Type> (Val) |
178 | | # define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast<Type> (Val) |
179 | | # else |
180 | 555k | # define YY_CAST(Type, Val) ((Type) (Val)) |
181 | | # define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) |
182 | | # endif |
183 | | # endif |
184 | | # ifndef YY_NULLPTR |
185 | | # if defined __cplusplus |
186 | | # if 201103L <= __cplusplus |
187 | | # define YY_NULLPTR nullptr |
188 | | # else |
189 | | # define YY_NULLPTR 0 |
190 | | # endif |
191 | | # else |
192 | | # define YY_NULLPTR ((void*)0) |
193 | | # endif |
194 | | # endif |
195 | | |
196 | | /* Use api.header.include to #include this header |
197 | | instead of duplicating it here. */ |
198 | | #ifndef YY_SUDOERS_Y_TAB_H_INCLUDED |
199 | | # define YY_SUDOERS_Y_TAB_H_INCLUDED |
200 | | /* Debug traces. */ |
201 | | #ifndef YYDEBUG |
202 | | # define YYDEBUG 0 |
203 | | #endif |
204 | | #if YYDEBUG |
205 | | extern int sudoersdebug; |
206 | | #endif |
207 | | |
208 | | /* Token kinds. */ |
209 | | #ifndef YYTOKENTYPE |
210 | | # define YYTOKENTYPE |
211 | | enum yytokentype |
212 | | { |
213 | | YYEMPTY = -2, |
214 | | YYEOF = 0, /* "end of file" */ |
215 | | YYerror = 256, /* error */ |
216 | | YYUNDEF = 257, /* "invalid token" */ |
217 | | COMMAND = 258, /* COMMAND */ |
218 | | ALIAS = 259, /* ALIAS */ |
219 | | DEFVAR = 260, /* DEFVAR */ |
220 | | NTWKADDR = 261, /* NTWKADDR */ |
221 | | NETGROUP = 262, /* NETGROUP */ |
222 | | USERGROUP = 263, /* USERGROUP */ |
223 | | WORD = 264, /* WORD */ |
224 | | DIGEST = 265, /* DIGEST */ |
225 | | INCLUDE = 266, /* INCLUDE */ |
226 | | INCLUDEDIR = 267, /* INCLUDEDIR */ |
227 | | DEFAULTS = 268, /* DEFAULTS */ |
228 | | DEFAULTS_HOST = 269, /* DEFAULTS_HOST */ |
229 | | DEFAULTS_USER = 270, /* DEFAULTS_USER */ |
230 | | DEFAULTS_RUNAS = 271, /* DEFAULTS_RUNAS */ |
231 | | DEFAULTS_CMND = 272, /* DEFAULTS_CMND */ |
232 | | NOPASSWD = 273, /* NOPASSWD */ |
233 | | PASSWD = 274, /* PASSWD */ |
234 | | NOEXEC = 275, /* NOEXEC */ |
235 | | EXEC = 276, /* EXEC */ |
236 | | SETENV = 277, /* SETENV */ |
237 | | NOSETENV = 278, /* NOSETENV */ |
238 | | LOG_INPUT = 279, /* LOG_INPUT */ |
239 | | NOLOG_INPUT = 280, /* NOLOG_INPUT */ |
240 | | LOG_OUTPUT = 281, /* LOG_OUTPUT */ |
241 | | NOLOG_OUTPUT = 282, /* NOLOG_OUTPUT */ |
242 | | MAIL = 283, /* MAIL */ |
243 | | NOMAIL = 284, /* NOMAIL */ |
244 | | FOLLOWLNK = 285, /* FOLLOWLNK */ |
245 | | NOFOLLOWLNK = 286, /* NOFOLLOWLNK */ |
246 | | INTERCEPT = 287, /* INTERCEPT */ |
247 | | NOINTERCEPT = 288, /* NOINTERCEPT */ |
248 | | ALL = 289, /* ALL */ |
249 | | HOSTALIAS = 290, /* HOSTALIAS */ |
250 | | CMNDALIAS = 291, /* CMNDALIAS */ |
251 | | USERALIAS = 292, /* USERALIAS */ |
252 | | RUNASALIAS = 293, /* RUNASALIAS */ |
253 | | ERROR = 294, /* ERROR */ |
254 | | NOMATCH = 295, /* NOMATCH */ |
255 | | CHROOT = 296, /* CHROOT */ |
256 | | CWD = 297, /* CWD */ |
257 | | TYPE = 298, /* TYPE */ |
258 | | ROLE = 299, /* ROLE */ |
259 | | APPARMOR_PROFILE = 300, /* APPARMOR_PROFILE */ |
260 | | PRIVS = 301, /* PRIVS */ |
261 | | LIMITPRIVS = 302, /* LIMITPRIVS */ |
262 | | CMND_TIMEOUT = 303, /* CMND_TIMEOUT */ |
263 | | NOTBEFORE = 304, /* NOTBEFORE */ |
264 | | NOTAFTER = 305, /* NOTAFTER */ |
265 | | MYSELF = 306, /* MYSELF */ |
266 | | SHA224_TOK = 307, /* SHA224_TOK */ |
267 | | SHA256_TOK = 308, /* SHA256_TOK */ |
268 | | SHA384_TOK = 309, /* SHA384_TOK */ |
269 | | SHA512_TOK = 310 /* SHA512_TOK */ |
270 | | }; |
271 | | typedef enum yytokentype yytoken_kind_t; |
272 | | #endif |
273 | | /* Token kinds. */ |
274 | 416k | #define YYEMPTY -2 |
275 | 277k | #define YYEOF 0 |
276 | 138k | #define YYerror 256 |
277 | 0 | #define YYUNDEF 257 |
278 | 90 | #define COMMAND 258 |
279 | 0 | #define ALIAS 259 |
280 | | #define DEFVAR 260 |
281 | 0 | #define NTWKADDR 261 |
282 | 0 | #define NETGROUP 262 |
283 | 0 | #define USERGROUP 263 |
284 | 45 | #define WORD 264 |
285 | | #define DIGEST 265 |
286 | | #define INCLUDE 266 |
287 | | #define INCLUDEDIR 267 |
288 | 0 | #define DEFAULTS 268 |
289 | 0 | #define DEFAULTS_HOST 269 |
290 | 0 | #define DEFAULTS_USER 270 |
291 | 0 | #define DEFAULTS_RUNAS 271 |
292 | 0 | #define DEFAULTS_CMND 272 |
293 | | #define NOPASSWD 273 |
294 | | #define PASSWD 274 |
295 | | #define NOEXEC 275 |
296 | | #define EXEC 276 |
297 | | #define SETENV 277 |
298 | | #define NOSETENV 278 |
299 | | #define LOG_INPUT 279 |
300 | | #define NOLOG_INPUT 280 |
301 | | #define LOG_OUTPUT 281 |
302 | | #define NOLOG_OUTPUT 282 |
303 | | #define MAIL 283 |
304 | | #define NOMAIL 284 |
305 | | #define FOLLOWLNK 285 |
306 | | #define NOFOLLOWLNK 286 |
307 | | #define INTERCEPT 287 |
308 | | #define NOINTERCEPT 288 |
309 | 90 | #define ALL 289 |
310 | 0 | #define HOSTALIAS 290 |
311 | 0 | #define CMNDALIAS 291 |
312 | 0 | #define USERALIAS 292 |
313 | 0 | #define RUNASALIAS 293 |
314 | 25 | #define ERROR 294 |
315 | | #define NOMATCH 295 |
316 | | #define CHROOT 296 |
317 | | #define CWD 297 |
318 | | #define TYPE 298 |
319 | | #define ROLE 299 |
320 | | #define APPARMOR_PROFILE 300 |
321 | | #define PRIVS 301 |
322 | | #define LIMITPRIVS 302 |
323 | | #define CMND_TIMEOUT 303 |
324 | | #define NOTBEFORE 304 |
325 | | #define NOTAFTER 305 |
326 | 0 | #define MYSELF 306 |
327 | | #define SHA224_TOK 307 |
328 | | #define SHA256_TOK 308 |
329 | | #define SHA384_TOK 309 |
330 | | #define SHA512_TOK 310 |
331 | | |
332 | | /* Value type. */ |
333 | | #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED |
334 | | union YYSTYPE |
335 | | { |
336 | | #line 91 "gram.y" |
337 | | |
338 | | struct cmndspec *cmndspec; |
339 | | struct defaults *defaults; |
340 | | struct member *member; |
341 | | struct runascontainer *runas; |
342 | | struct privilege *privilege; |
343 | | struct command_digest *digest; |
344 | | struct sudo_command command; |
345 | | struct command_options options; |
346 | | struct cmndtag tag; |
347 | | char *string; |
348 | | const char *cstring; |
349 | | int tok; |
350 | | |
351 | | #line 346 "gram.c" |
352 | | |
353 | | }; |
354 | | typedef union YYSTYPE YYSTYPE; |
355 | | # define YYSTYPE_IS_TRIVIAL 1 |
356 | | # define YYSTYPE_IS_DECLARED 1 |
357 | | #endif |
358 | | |
359 | | |
360 | | extern YYSTYPE sudoerslval; |
361 | | |
362 | | |
363 | | int sudoersparse (void); |
364 | | |
365 | | |
366 | | #endif /* !YY_SUDOERS_Y_TAB_H_INCLUDED */ |
367 | | /* Symbol kind. */ |
368 | | enum yysymbol_kind_t |
369 | | { |
370 | | YYSYMBOL_YYEMPTY = -2, |
371 | | YYSYMBOL_YYEOF = 0, /* "end of file" */ |
372 | | YYSYMBOL_YYerror = 1, /* error */ |
373 | | YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ |
374 | | YYSYMBOL_COMMAND = 3, /* COMMAND */ |
375 | | YYSYMBOL_ALIAS = 4, /* ALIAS */ |
376 | | YYSYMBOL_DEFVAR = 5, /* DEFVAR */ |
377 | | YYSYMBOL_NTWKADDR = 6, /* NTWKADDR */ |
378 | | YYSYMBOL_NETGROUP = 7, /* NETGROUP */ |
379 | | YYSYMBOL_USERGROUP = 8, /* USERGROUP */ |
380 | | YYSYMBOL_WORD = 9, /* WORD */ |
381 | | YYSYMBOL_DIGEST = 10, /* DIGEST */ |
382 | | YYSYMBOL_INCLUDE = 11, /* INCLUDE */ |
383 | | YYSYMBOL_INCLUDEDIR = 12, /* INCLUDEDIR */ |
384 | | YYSYMBOL_DEFAULTS = 13, /* DEFAULTS */ |
385 | | YYSYMBOL_DEFAULTS_HOST = 14, /* DEFAULTS_HOST */ |
386 | | YYSYMBOL_DEFAULTS_USER = 15, /* DEFAULTS_USER */ |
387 | | YYSYMBOL_DEFAULTS_RUNAS = 16, /* DEFAULTS_RUNAS */ |
388 | | YYSYMBOL_DEFAULTS_CMND = 17, /* DEFAULTS_CMND */ |
389 | | YYSYMBOL_NOPASSWD = 18, /* NOPASSWD */ |
390 | | YYSYMBOL_PASSWD = 19, /* PASSWD */ |
391 | | YYSYMBOL_NOEXEC = 20, /* NOEXEC */ |
392 | | YYSYMBOL_EXEC = 21, /* EXEC */ |
393 | | YYSYMBOL_SETENV = 22, /* SETENV */ |
394 | | YYSYMBOL_NOSETENV = 23, /* NOSETENV */ |
395 | | YYSYMBOL_LOG_INPUT = 24, /* LOG_INPUT */ |
396 | | YYSYMBOL_NOLOG_INPUT = 25, /* NOLOG_INPUT */ |
397 | | YYSYMBOL_LOG_OUTPUT = 26, /* LOG_OUTPUT */ |
398 | | YYSYMBOL_NOLOG_OUTPUT = 27, /* NOLOG_OUTPUT */ |
399 | | YYSYMBOL_MAIL = 28, /* MAIL */ |
400 | | YYSYMBOL_NOMAIL = 29, /* NOMAIL */ |
401 | | YYSYMBOL_FOLLOWLNK = 30, /* FOLLOWLNK */ |
402 | | YYSYMBOL_NOFOLLOWLNK = 31, /* NOFOLLOWLNK */ |
403 | | YYSYMBOL_INTERCEPT = 32, /* INTERCEPT */ |
404 | | YYSYMBOL_NOINTERCEPT = 33, /* NOINTERCEPT */ |
405 | | YYSYMBOL_ALL = 34, /* ALL */ |
406 | | YYSYMBOL_HOSTALIAS = 35, /* HOSTALIAS */ |
407 | | YYSYMBOL_CMNDALIAS = 36, /* CMNDALIAS */ |
408 | | YYSYMBOL_USERALIAS = 37, /* USERALIAS */ |
409 | | YYSYMBOL_RUNASALIAS = 38, /* RUNASALIAS */ |
410 | | YYSYMBOL_39_ = 39, /* ':' */ |
411 | | YYSYMBOL_40_ = 40, /* '=' */ |
412 | | YYSYMBOL_41_ = 41, /* ',' */ |
413 | | YYSYMBOL_42_ = 42, /* '!' */ |
414 | | YYSYMBOL_43_ = 43, /* '+' */ |
415 | | YYSYMBOL_44_ = 44, /* '-' */ |
416 | | YYSYMBOL_45_ = 45, /* '(' */ |
417 | | YYSYMBOL_46_ = 46, /* ')' */ |
418 | | YYSYMBOL_47_n_ = 47, /* '\n' */ |
419 | | YYSYMBOL_ERROR = 48, /* ERROR */ |
420 | | YYSYMBOL_NOMATCH = 49, /* NOMATCH */ |
421 | | YYSYMBOL_CHROOT = 50, /* CHROOT */ |
422 | | YYSYMBOL_CWD = 51, /* CWD */ |
423 | | YYSYMBOL_TYPE = 52, /* TYPE */ |
424 | | YYSYMBOL_ROLE = 53, /* ROLE */ |
425 | | YYSYMBOL_APPARMOR_PROFILE = 54, /* APPARMOR_PROFILE */ |
426 | | YYSYMBOL_PRIVS = 55, /* PRIVS */ |
427 | | YYSYMBOL_LIMITPRIVS = 56, /* LIMITPRIVS */ |
428 | | YYSYMBOL_CMND_TIMEOUT = 57, /* CMND_TIMEOUT */ |
429 | | YYSYMBOL_NOTBEFORE = 58, /* NOTBEFORE */ |
430 | | YYSYMBOL_NOTAFTER = 59, /* NOTAFTER */ |
431 | | YYSYMBOL_MYSELF = 60, /* MYSELF */ |
432 | | YYSYMBOL_SHA224_TOK = 61, /* SHA224_TOK */ |
433 | | YYSYMBOL_SHA256_TOK = 62, /* SHA256_TOK */ |
434 | | YYSYMBOL_SHA384_TOK = 63, /* SHA384_TOK */ |
435 | | YYSYMBOL_SHA512_TOK = 64, /* SHA512_TOK */ |
436 | | YYSYMBOL_YYACCEPT = 65, /* $accept */ |
437 | | YYSYMBOL_file = 66, /* file */ |
438 | | YYSYMBOL_line = 67, /* line */ |
439 | | YYSYMBOL_entry = 68, /* entry */ |
440 | | YYSYMBOL_include = 69, /* include */ |
441 | | YYSYMBOL_includedir = 70, /* includedir */ |
442 | | YYSYMBOL_defaults_list = 71, /* defaults_list */ |
443 | | YYSYMBOL_defaults_entry = 72, /* defaults_entry */ |
444 | | YYSYMBOL_privileges = 73, /* privileges */ |
445 | | YYSYMBOL_privilege = 74, /* privilege */ |
446 | | YYSYMBOL_ophost = 75, /* ophost */ |
447 | | YYSYMBOL_host = 76, /* host */ |
448 | | YYSYMBOL_cmndspeclist = 77, /* cmndspeclist */ |
449 | | YYSYMBOL_cmndspec = 78, /* cmndspec */ |
450 | | YYSYMBOL_digestspec = 79, /* digestspec */ |
451 | | YYSYMBOL_digestlist = 80, /* digestlist */ |
452 | | YYSYMBOL_digcmnd = 81, /* digcmnd */ |
453 | | YYSYMBOL_opcmnd = 82, /* opcmnd */ |
454 | | YYSYMBOL_chdirspec = 83, /* chdirspec */ |
455 | | YYSYMBOL_chrootspec = 84, /* chrootspec */ |
456 | | YYSYMBOL_timeoutspec = 85, /* timeoutspec */ |
457 | | YYSYMBOL_notbeforespec = 86, /* notbeforespec */ |
458 | | YYSYMBOL_notafterspec = 87, /* notafterspec */ |
459 | | YYSYMBOL_rolespec = 88, /* rolespec */ |
460 | | YYSYMBOL_typespec = 89, /* typespec */ |
461 | | YYSYMBOL_apparmor_profilespec = 90, /* apparmor_profilespec */ |
462 | | YYSYMBOL_privsspec = 91, /* privsspec */ |
463 | | YYSYMBOL_limitprivsspec = 92, /* limitprivsspec */ |
464 | | YYSYMBOL_runasspec = 93, /* runasspec */ |
465 | | YYSYMBOL_runaslist = 94, /* runaslist */ |
466 | | YYSYMBOL_reserved_word = 95, /* reserved_word */ |
467 | | YYSYMBOL_reserved_alias = 96, /* reserved_alias */ |
468 | | YYSYMBOL_options = 97, /* options */ |
469 | | YYSYMBOL_cmndtag = 98, /* cmndtag */ |
470 | | YYSYMBOL_cmnd = 99, /* cmnd */ |
471 | | YYSYMBOL_hostaliases = 100, /* hostaliases */ |
472 | | YYSYMBOL_hostalias = 101, /* hostalias */ |
473 | | YYSYMBOL_102_1 = 102, /* $@1 */ |
474 | | YYSYMBOL_hostlist = 103, /* hostlist */ |
475 | | YYSYMBOL_cmndaliases = 104, /* cmndaliases */ |
476 | | YYSYMBOL_cmndalias = 105, /* cmndalias */ |
477 | | YYSYMBOL_106_2 = 106, /* $@2 */ |
478 | | YYSYMBOL_cmndlist = 107, /* cmndlist */ |
479 | | YYSYMBOL_runasaliases = 108, /* runasaliases */ |
480 | | YYSYMBOL_runasalias = 109, /* runasalias */ |
481 | | YYSYMBOL_110_3 = 110, /* $@3 */ |
482 | | YYSYMBOL_useraliases = 111, /* useraliases */ |
483 | | YYSYMBOL_useralias = 112, /* useralias */ |
484 | | YYSYMBOL_113_4 = 113, /* $@4 */ |
485 | | YYSYMBOL_userlist = 114, /* userlist */ |
486 | | YYSYMBOL_opuser = 115, /* opuser */ |
487 | | YYSYMBOL_user = 116, /* user */ |
488 | | YYSYMBOL_grouplist = 117, /* grouplist */ |
489 | | YYSYMBOL_opgroup = 118, /* opgroup */ |
490 | | YYSYMBOL_group = 119 /* group */ |
491 | | }; |
492 | | typedef enum yysymbol_kind_t yysymbol_kind_t; |
493 | | |
494 | | |
495 | | |
496 | | |
497 | | #ifdef short |
498 | | # undef short |
499 | | #endif |
500 | | |
501 | | /* On compilers that do not define __PTRDIFF_MAX__ etc., make sure |
502 | | <limits.h> and (if available) <stdint.h> are included |
503 | | so that the code can choose integer types of a good width. */ |
504 | | |
505 | | #ifndef __PTRDIFF_MAX__ |
506 | | # include <limits.h> /* INFRINGES ON USER NAME SPACE */ |
507 | | # if defined HAVE_STDINT_H |
508 | | # include <stdint.h> /* INFRINGES ON USER NAME SPACE */ |
509 | | # define YY_STDINT_H |
510 | | # endif |
511 | | #endif |
512 | | |
513 | | /* Narrow types that promote to a signed type and that can represent a |
514 | | signed or unsigned integer of at least N bits. In tables they can |
515 | | save space and decrease cache pressure. Promoting to a signed type |
516 | | helps avoid bugs in integer arithmetic. */ |
517 | | |
518 | | #ifdef __INT_LEAST8_MAX__ |
519 | | typedef __INT_LEAST8_TYPE__ yytype_int8; |
520 | | #elif defined YY_STDINT_H |
521 | | typedef int_least8_t yytype_int8; |
522 | | #else |
523 | | typedef signed char yytype_int8; |
524 | | #endif |
525 | | |
526 | | #ifdef __INT_LEAST16_MAX__ |
527 | | typedef __INT_LEAST16_TYPE__ yytype_int16; |
528 | | #elif defined YY_STDINT_H |
529 | | typedef int_least16_t yytype_int16; |
530 | | #else |
531 | | typedef short yytype_int16; |
532 | | #endif |
533 | | |
534 | | /* Work around bug in HP-UX 11.23, which defines these macros |
535 | | incorrectly for preprocessor constants. This workaround can likely |
536 | | be removed in 2023, as HPE has promised support for HP-UX 11.23 |
537 | | (aka HP-UX 11i v2) only through the end of 2022; see Table 2 of |
538 | | <https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-7673ENW.pdf>. */ |
539 | | #ifdef __hpux |
540 | | # undef UINT_LEAST8_MAX |
541 | | # undef UINT_LEAST16_MAX |
542 | | # define UINT_LEAST8_MAX 255 |
543 | | # define UINT_LEAST16_MAX 65535 |
544 | | #endif |
545 | | |
546 | | #if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ |
547 | | typedef __UINT_LEAST8_TYPE__ yytype_uint8; |
548 | | #elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ |
549 | | && UINT_LEAST8_MAX <= INT_MAX) |
550 | | typedef uint_least8_t yytype_uint8; |
551 | | #elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX |
552 | | typedef unsigned char yytype_uint8; |
553 | | #else |
554 | | typedef short yytype_uint8; |
555 | | #endif |
556 | | |
557 | | #if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ |
558 | | typedef __UINT_LEAST16_TYPE__ yytype_uint16; |
559 | | #elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ |
560 | | && UINT_LEAST16_MAX <= INT_MAX) |
561 | | typedef uint_least16_t yytype_uint16; |
562 | | #elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX |
563 | | typedef unsigned short yytype_uint16; |
564 | | #else |
565 | | typedef int yytype_uint16; |
566 | | #endif |
567 | | |
568 | | #ifndef YYPTRDIFF_T |
569 | | # if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ |
570 | 8 | # define YYPTRDIFF_T __PTRDIFF_TYPE__ |
571 | | # define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ |
572 | | # elif defined PTRDIFF_MAX |
573 | | # ifndef ptrdiff_t |
574 | | # include <stddef.h> /* INFRINGES ON USER NAME SPACE */ |
575 | | # endif |
576 | | # define YYPTRDIFF_T ptrdiff_t |
577 | | # define YYPTRDIFF_MAXIMUM PTRDIFF_MAX |
578 | | # else |
579 | | # define YYPTRDIFF_T long |
580 | | # define YYPTRDIFF_MAXIMUM LONG_MAX |
581 | | # endif |
582 | | #endif |
583 | | |
584 | | #ifndef YYSIZE_T |
585 | | # ifdef __SIZE_TYPE__ |
586 | | # define YYSIZE_T __SIZE_TYPE__ |
587 | | # elif defined size_t |
588 | | # define YYSIZE_T size_t |
589 | | # elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ |
590 | | # include <stddef.h> /* INFRINGES ON USER NAME SPACE */ |
591 | | # define YYSIZE_T size_t |
592 | | # else |
593 | | # define YYSIZE_T unsigned |
594 | | # endif |
595 | | #endif |
596 | | |
597 | | #define YYSIZE_MAXIMUM \ |
598 | | YY_CAST (YYPTRDIFF_T, \ |
599 | | (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ |
600 | | ? YYPTRDIFF_MAXIMUM \ |
601 | | : YY_CAST (YYSIZE_T, -1))) |
602 | | |
603 | 0 | #define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) |
604 | | |
605 | | |
606 | | /* Stored state numbers (used for stacks). */ |
607 | | typedef yytype_uint8 yy_state_t; |
608 | | |
609 | | /* State numbers in computations. */ |
610 | | typedef int yy_state_fast_t; |
611 | | |
612 | | #ifndef YY_ |
613 | | # if defined YYENABLE_NLS && YYENABLE_NLS |
614 | | # if ENABLE_NLS |
615 | | # include <libintl.h> /* INFRINGES ON USER NAME SPACE */ |
616 | | # define YY_(Msgid) dgettext ("bison-runtime", Msgid) |
617 | | # endif |
618 | | # endif |
619 | | # ifndef YY_ |
620 | 25 | # define YY_(Msgid) Msgid |
621 | | # endif |
622 | | #endif |
623 | | |
624 | | |
625 | | #ifndef YY_ATTRIBUTE_PURE |
626 | | # if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) |
627 | | # define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) |
628 | | # else |
629 | | # define YY_ATTRIBUTE_PURE |
630 | | # endif |
631 | | #endif |
632 | | |
633 | | #ifndef YY_ATTRIBUTE_UNUSED |
634 | | # if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) |
635 | | # define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) |
636 | | # else |
637 | | # define YY_ATTRIBUTE_UNUSED |
638 | | # endif |
639 | | #endif |
640 | | |
641 | | /* Suppress unused-variable warnings by "using" E. */ |
642 | | #if ! defined lint || defined __GNUC__ |
643 | 555k | # define YY_USE(E) ((void) (E)) |
644 | | #else |
645 | | # define YY_USE(E) /* empty */ |
646 | | #endif |
647 | | |
648 | | /* Suppress an incorrect diagnostic about yylval being uninitialized. */ |
649 | | #if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__ |
650 | | # if __GNUC__ * 100 + __GNUC_MINOR__ < 407 |
651 | | # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ |
652 | | _Pragma ("GCC diagnostic push") \ |
653 | | _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") |
654 | | # else |
655 | | # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ |
656 | | _Pragma ("GCC diagnostic push") \ |
657 | | _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ |
658 | | _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") |
659 | | # endif |
660 | | # define YY_IGNORE_MAYBE_UNINITIALIZED_END \ |
661 | | _Pragma ("GCC diagnostic pop") |
662 | | #else |
663 | | # define YY_INITIAL_VALUE(Value) Value |
664 | | #endif |
665 | | #ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN |
666 | | # define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN |
667 | | # define YY_IGNORE_MAYBE_UNINITIALIZED_END |
668 | | #endif |
669 | | #ifndef YY_INITIAL_VALUE |
670 | | # define YY_INITIAL_VALUE(Value) /* Nothing. */ |
671 | | #endif |
672 | | |
673 | | #if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ |
674 | | # define YY_IGNORE_USELESS_CAST_BEGIN \ |
675 | | _Pragma ("GCC diagnostic push") \ |
676 | | _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") |
677 | | # define YY_IGNORE_USELESS_CAST_END \ |
678 | | _Pragma ("GCC diagnostic pop") |
679 | | #endif |
680 | | #ifndef YY_IGNORE_USELESS_CAST_BEGIN |
681 | | # define YY_IGNORE_USELESS_CAST_BEGIN |
682 | | # define YY_IGNORE_USELESS_CAST_END |
683 | | #endif |
684 | | |
685 | | |
686 | 139k | #define YY_ASSERT(E) ((void) (0 && (E))) |
687 | | |
688 | | #if !defined yyoverflow |
689 | | |
690 | | /* The parser invokes alloca or malloc; define the necessary symbols. */ |
691 | | |
692 | | # ifdef YYSTACK_USE_ALLOCA |
693 | | # if YYSTACK_USE_ALLOCA |
694 | | # ifdef __GNUC__ |
695 | | # define YYSTACK_ALLOC __builtin_alloca |
696 | | # elif defined __BUILTIN_VA_ARG_INCR |
697 | | # include <alloca.h> /* INFRINGES ON USER NAME SPACE */ |
698 | | # elif defined _AIX |
699 | | # define YYSTACK_ALLOC __alloca |
700 | | # elif defined _MSC_VER |
701 | | # include <malloc.h> /* INFRINGES ON USER NAME SPACE */ |
702 | | # define alloca _alloca |
703 | | # else |
704 | | # define YYSTACK_ALLOC alloca |
705 | | # if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS |
706 | | # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ |
707 | | /* Use EXIT_SUCCESS as a witness for stdlib.h. */ |
708 | | # ifndef EXIT_SUCCESS |
709 | | # define EXIT_SUCCESS 0 |
710 | | # endif |
711 | | # endif |
712 | | # endif |
713 | | # endif |
714 | | # endif |
715 | | |
716 | | # ifdef YYSTACK_ALLOC |
717 | | /* Pacify GCC's 'empty if-body' warning. */ |
718 | | # define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) |
719 | | # ifndef YYSTACK_ALLOC_MAXIMUM |
720 | | /* The OS might guarantee only one guard page at the bottom of the stack, |
721 | | and a page size can be as small as 4096 bytes. So we cannot safely |
722 | | invoke alloca (N) if N exceeds 4096. Use a slightly smaller number |
723 | | to allow for a few compiler-allocated temporary stack slots. */ |
724 | | # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ |
725 | | # endif |
726 | | # else |
727 | | # define YYSTACK_ALLOC YYMALLOC |
728 | 0 | # define YYSTACK_FREE YYFREE |
729 | | # ifndef YYSTACK_ALLOC_MAXIMUM |
730 | | # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM |
731 | | # endif |
732 | | # if (defined __cplusplus && ! defined EXIT_SUCCESS \ |
733 | | && ! ((defined YYMALLOC || defined malloc) \ |
734 | | && (defined YYFREE || defined free))) |
735 | | # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ |
736 | | # ifndef EXIT_SUCCESS |
737 | | # define EXIT_SUCCESS 0 |
738 | | # endif |
739 | | # endif |
740 | | # ifndef YYMALLOC |
741 | | # define YYMALLOC malloc |
742 | | # if ! defined malloc && ! defined EXIT_SUCCESS |
743 | | void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ |
744 | | # endif |
745 | | # endif |
746 | | # ifndef YYFREE |
747 | 0 | # define YYFREE free |
748 | | # if ! defined free && ! defined EXIT_SUCCESS |
749 | | void free (void *); /* INFRINGES ON USER NAME SPACE */ |
750 | | # endif |
751 | | # endif |
752 | | # endif |
753 | | #endif /* !defined yyoverflow */ |
754 | | |
755 | | #if (! defined yyoverflow \ |
756 | | && (! defined __cplusplus \ |
757 | | || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) |
758 | | |
759 | | /* A type that is properly aligned for any stack member. */ |
760 | | union yyalloc |
761 | | { |
762 | | yy_state_t yyss_alloc; |
763 | | YYSTYPE yyvs_alloc; |
764 | | }; |
765 | | |
766 | | /* The size of the maximum gap between one aligned stack and the next. */ |
767 | 0 | # define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) |
768 | | |
769 | | /* The size of an array large to enough to hold all stacks, each with |
770 | | N elements. */ |
771 | | # define YYSTACK_BYTES(N) \ |
772 | | ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ |
773 | | + YYSTACK_GAP_MAXIMUM) |
774 | | |
775 | | # define YYCOPY_NEEDED 1 |
776 | | |
777 | | /* Relocate STACK from its old location to the new one. The |
778 | | local variables YYSIZE and YYSTACKSIZE give the old and new number of |
779 | | elements in the stack, and YYPTR gives the new location of the |
780 | | stack. Advance YYPTR to a properly aligned location for the next |
781 | | stack. */ |
782 | | # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ |
783 | 0 | do \ |
784 | 0 | { \ |
785 | 0 | YYPTRDIFF_T yynewbytes; \ |
786 | 0 | YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ |
787 | 0 | Stack = &yyptr->Stack_alloc; \ |
788 | 0 | yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ |
789 | 0 | yyptr += yynewbytes / YYSIZEOF (*yyptr); \ |
790 | 0 | } \ |
791 | 0 | while (0) |
792 | | |
793 | | #endif |
794 | | |
795 | | #if defined YYCOPY_NEEDED && YYCOPY_NEEDED |
796 | | /* Copy COUNT objects from SRC to DST. The source and destination do |
797 | | not overlap. */ |
798 | | # ifndef YYCOPY |
799 | | # if defined __GNUC__ && 1 < __GNUC__ |
800 | | # define YYCOPY(Dst, Src, Count) \ |
801 | 0 | __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) |
802 | | # else |
803 | | # define YYCOPY(Dst, Src, Count) \ |
804 | | do \ |
805 | | { \ |
806 | | YYPTRDIFF_T yyi; \ |
807 | | for (yyi = 0; yyi < (Count); yyi++) \ |
808 | | (Dst)[yyi] = (Src)[yyi]; \ |
809 | | } \ |
810 | | while (0) |
811 | | # endif |
812 | | # endif |
813 | | #endif /* !YYCOPY_NEEDED */ |
814 | | |
815 | | /* YYFINAL -- State number of the termination state. */ |
816 | 139k | #define YYFINAL 90 |
817 | | /* YYLAST -- Last index in YYTABLE. */ |
818 | 417k | #define YYLAST 332 |
819 | | |
820 | | /* YYNTOKENS -- Number of terminals. */ |
821 | 218 | #define YYNTOKENS 65 |
822 | | /* YYNNTS -- Number of nonterminals. */ |
823 | | #define YYNNTS 55 |
824 | | /* YYNRULES -- Number of rules. */ |
825 | | #define YYNRULES 155 |
826 | | /* YYNSTATES -- Number of states. */ |
827 | | #define YYNSTATES 256 |
828 | | |
829 | | /* YYMAXUTOK -- Last valid token kind. */ |
830 | 277k | #define YYMAXUTOK 310 |
831 | | |
832 | | |
833 | | /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM |
834 | | as returned by yylex, with out-of-bounds checking. */ |
835 | | #define YYTRANSLATE(YYX) \ |
836 | 416k | (0 <= (YYX) && (YYX) <= YYMAXUTOK \ |
837 | 416k | ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ |
838 | 416k | : YYSYMBOL_YYUNDEF) |
839 | | |
840 | | /* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM |
841 | | as returned by yylex. */ |
842 | | static const yytype_int8 yytranslate[] = |
843 | | { |
844 | | 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
845 | | 47, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
846 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
847 | | 2, 2, 2, 42, 2, 2, 2, 2, 2, 2, |
848 | | 45, 46, 2, 43, 41, 44, 2, 2, 2, 2, |
849 | | 2, 2, 2, 2, 2, 2, 2, 2, 39, 2, |
850 | | 2, 40, 2, 2, 2, 2, 2, 2, 2, 2, |
851 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
852 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
853 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
854 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
855 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
856 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
857 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
858 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
859 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
860 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
861 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
862 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
863 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
864 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
865 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
866 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
867 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
868 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
869 | | 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, |
870 | | 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, |
871 | | 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, |
872 | | 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, |
873 | | 35, 36, 37, 38, 48, 49, 50, 51, 52, 53, |
874 | | 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, |
875 | | 64 |
876 | | }; |
877 | | |
878 | | #if YYDEBUG |
879 | | /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ |
880 | | static const yytype_int16 yyrline[] = |
881 | | { |
882 | | 0, 205, 205, 208, 211, 212, 215, 218, 221, 229, |
883 | | 237, 243, 246, 249, 252, 255, 259, 263, 267, 271, |
884 | | 277, 280, 286, 289, 295, 296, 303, 312, 321, 331, |
885 | | 341, 353, 354, 359, 365, 382, 386, 392, 401, 409, |
886 | | 418, 427, 438, 439, 449, 513, 522, 531, 540, 551, |
887 | | 552, 559, 562, 576, 580, 586, 602, 624, 629, 633, |
888 | | 638, 643, 648, 653, 657, 662, 665, 670, 687, 699, |
889 | | 715, 733, 752, 753, 754, 755, 756, 757, 758, 759, |
890 | | 760, 761, 762, 765, 771, 774, 779, 784, 793, 802, |
891 | | 814, 819, 824, 829, 834, 841, 844, 847, 850, 853, |
892 | | 856, 859, 862, 865, 868, 871, 874, 877, 880, 883, |
893 | | 886, 889, 894, 908, 917, 938, 961, 962, 965, 965, |
894 | | 977, 980, 981, 988, 989, 992, 992, 1004, 1007, 1008, |
895 | | 1015, 1016, 1019, 1019, 1031, 1034, 1035, 1038, 1038, 1050, |
896 | | 1053, 1054, 1061, 1065, 1071, 1080, 1088, 1097, 1106, 1117, |
897 | | 1118, 1125, 1129, 1135, 1144, 1152 |
898 | | }; |
899 | | #endif |
900 | | |
901 | | /** Accessing symbol of state STATE. */ |
902 | 138k | #define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) |
903 | | |
904 | | #if YYDEBUG || 0 |
905 | | /* The user-facing name of the symbol whose (internal) number is |
906 | | YYSYMBOL. No bounds checking. */ |
907 | | static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; |
908 | | |
909 | | /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. |
910 | | First, the terminals, then, starting at YYNTOKENS, nonterminals. */ |
911 | | static const char *const yytname[] = |
912 | | { |
913 | | "\"end of file\"", "error", "\"invalid token\"", "COMMAND", "ALIAS", |
914 | | "DEFVAR", "NTWKADDR", "NETGROUP", "USERGROUP", "WORD", "DIGEST", |
915 | | "INCLUDE", "INCLUDEDIR", "DEFAULTS", "DEFAULTS_HOST", "DEFAULTS_USER", |
916 | | "DEFAULTS_RUNAS", "DEFAULTS_CMND", "NOPASSWD", "PASSWD", "NOEXEC", |
917 | | "EXEC", "SETENV", "NOSETENV", "LOG_INPUT", "NOLOG_INPUT", "LOG_OUTPUT", |
918 | | "NOLOG_OUTPUT", "MAIL", "NOMAIL", "FOLLOWLNK", "NOFOLLOWLNK", |
919 | | "INTERCEPT", "NOINTERCEPT", "ALL", "HOSTALIAS", "CMNDALIAS", "USERALIAS", |
920 | | "RUNASALIAS", "':'", "'='", "','", "'!'", "'+'", "'-'", "'('", "')'", |
921 | | "'\\n'", "ERROR", "NOMATCH", "CHROOT", "CWD", "TYPE", "ROLE", |
922 | | "APPARMOR_PROFILE", "PRIVS", "LIMITPRIVS", "CMND_TIMEOUT", "NOTBEFORE", |
923 | | "NOTAFTER", "MYSELF", "SHA224_TOK", "SHA256_TOK", "SHA384_TOK", |
924 | | "SHA512_TOK", "$accept", "file", "line", "entry", "include", |
925 | | "includedir", "defaults_list", "defaults_entry", "privileges", |
926 | | "privilege", "ophost", "host", "cmndspeclist", "cmndspec", "digestspec", |
927 | | "digestlist", "digcmnd", "opcmnd", "chdirspec", "chrootspec", |
928 | | "timeoutspec", "notbeforespec", "notafterspec", "rolespec", "typespec", |
929 | | "apparmor_profilespec", "privsspec", "limitprivsspec", "runasspec", |
930 | | "runaslist", "reserved_word", "reserved_alias", "options", "cmndtag", |
931 | | "cmnd", "hostaliases", "hostalias", "$@1", "hostlist", "cmndaliases", |
932 | | "cmndalias", "$@2", "cmndlist", "runasaliases", "runasalias", "$@3", |
933 | | "useraliases", "useralias", "$@4", "userlist", "opuser", "user", |
934 | | "grouplist", "opgroup", "group", YY_NULLPTR |
935 | | }; |
936 | | |
937 | | static const char * |
938 | | yysymbol_name (yysymbol_kind_t yysymbol) |
939 | | { |
940 | | return yytname[yysymbol]; |
941 | | } |
942 | | #endif |
943 | | |
944 | 416k | #define YYPACT_NINF (-116) |
945 | | |
946 | | #define yypact_value_is_default(Yyn) \ |
947 | 416k | ((Yyn) == YYPACT_NINF) |
948 | | |
949 | | #define YYTABLE_NINF (-4) |
950 | | |
951 | | #define yytable_value_is_error(Yyn) \ |
952 | 7 | 0 |
953 | | |
954 | | /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing |
955 | | STATE-NUM. */ |
956 | | static const yytype_int16 yypact[] = |
957 | | { |
958 | | 174, -29, -116, -116, -116, -116, 35, 38, 11, 239, |
959 | | 150, 150, 8, -116, 32, 76, 88, 114, 254, -116, |
960 | | 58, 218, -116, -116, -116, 70, -116, -116, -116, 12, |
961 | | 13, 136, 73, 14, -116, -116, -116, -116, -116, -116, |
962 | | 276, -116, -116, 4, 10, 10, -116, -116, -116, -116, |
963 | | 190, 42, 81, 85, 97, -116, 64, -116, -116, -116, |
964 | | 52, -116, -116, -116, -116, -116, -116, -116, -116, -116, |
965 | | -116, -116, -116, -116, 57, 2, -116, -116, 111, 9, |
966 | | -116, -116, 112, 56, -116, -116, 123, 61, -116, -116, |
967 | | -116, -116, 150, 62, -116, 75, 90, -116, 130, -116, |
968 | | 188, 204, 205, -116, 11, -116, -116, 239, 55, 66, |
969 | | 108, -116, 207, 210, 213, 228, 143, -116, 8, 155, |
970 | | 175, 239, 32, -116, 209, 8, 76, -116, 211, 150, |
971 | | 88, -116, 217, 150, 114, -116, -116, 194, -116, 202, |
972 | | -116, -116, -116, -116, -116, -116, -116, -116, -116, -116, |
973 | | -116, -116, -116, -116, -116, -116, -116, 239, 225, -116, |
974 | | 8, 227, -116, 150, 229, -116, 150, 229, -116, -116, |
975 | | -116, 233, 230, -116, -116, 225, 227, 229, 229, 235, |
976 | | 232, 121, 202, 240, -116, -116, -116, 255, 238, -116, |
977 | | -116, -116, 235, -116, 234, 236, 244, 246, 247, 260, |
978 | | 261, 262, 263, 264, -116, -116, -116, -116, -116, -116, |
979 | | -116, -116, -116, -116, 1, -116, 235, 238, 241, 296, |
980 | | 297, 298, 299, 300, 302, 303, 304, 305, -116, -116, |
981 | | -116, -116, -116, -116, -116, -116, -116, -116, -116, -116, |
982 | | -116, -116, -116, -116, -116, -116, -116, -116, -116, -116, |
983 | | -116, -116, -116, -116, -116, -116 |
984 | | }; |
985 | | |
986 | | /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. |
987 | | Performed when YYTABLE does not specify something else to do. Zero |
988 | | means the default is an error. */ |
989 | | static const yytype_uint8 yydefact[] = |
990 | | { |
991 | | 0, 0, 144, 146, 147, 148, 0, 0, 0, 0, |
992 | | 0, 0, 0, 145, 0, 0, 0, 0, 0, 6, |
993 | | 0, 0, 4, 8, 9, 0, 140, 142, 7, 0, |
994 | | 0, 26, 0, 0, 24, 37, 40, 39, 41, 38, |
995 | | 0, 121, 35, 0, 0, 0, 114, 113, 115, 112, |
996 | | 0, 0, 0, 0, 0, 49, 0, 128, 51, 53, |
997 | | 0, 118, 72, 73, 74, 79, 78, 82, 80, 81, |
998 | | 75, 76, 77, 83, 0, 0, 116, 125, 0, 0, |
999 | | 123, 137, 0, 0, 135, 132, 0, 0, 130, 143, |
1000 | | 1, 5, 0, 0, 31, 0, 0, 20, 0, 22, |
1001 | | 0, 0, 0, 27, 0, 15, 36, 0, 0, 0, |
1002 | | 0, 54, 0, 0, 0, 0, 0, 52, 0, 0, |
1003 | | 0, 0, 0, 12, 0, 0, 0, 13, 0, 0, |
1004 | | 0, 11, 0, 0, 0, 14, 141, 0, 10, 65, |
1005 | | 21, 23, 28, 29, 30, 25, 122, 18, 16, 17, |
1006 | | 45, 46, 47, 48, 50, 129, 19, 0, 120, 117, |
1007 | | 0, 127, 124, 0, 139, 136, 0, 134, 131, 33, |
1008 | | 32, 67, 34, 42, 84, 119, 126, 138, 133, 71, |
1009 | | 0, 68, 65, 95, 153, 155, 154, 0, 70, 149, |
1010 | | 151, 66, 0, 43, 0, 0, 0, 0, 0, 0, |
1011 | | 0, 0, 0, 0, 85, 86, 89, 87, 88, 90, |
1012 | | 91, 92, 93, 94, 0, 152, 0, 69, 0, 0, |
1013 | | 0, 0, 0, 0, 0, 0, 0, 0, 96, 97, |
1014 | | 98, 99, 102, 103, 104, 105, 106, 107, 110, 111, |
1015 | | 108, 109, 100, 101, 44, 150, 56, 55, 61, 60, |
1016 | | 62, 63, 64, 57, 58, 59 |
1017 | | }; |
1018 | | |
1019 | | /* YYPGOTO[NTERM-NUM]. */ |
1020 | | static const yytype_int16 yypgoto[] = |
1021 | | { |
1022 | | -116, -116, -116, 294, -116, -116, -6, 212, -116, 180, |
1023 | | 214, 278, -116, 137, 206, -116, -115, 267, -116, -116, |
1024 | | -116, -116, -116, -116, -116, -116, -116, -116, -116, -116, |
1025 | | -116, -9, -116, -116, 270, -116, 203, -116, -7, -116, |
1026 | | 198, -116, -85, -116, 192, -116, -116, 197, -116, -10, |
1027 | | 237, 310, 138, 115, 145 |
1028 | | }; |
1029 | | |
1030 | | /* YYDEFGOTO[NTERM-NUM]. */ |
1031 | | static const yytype_uint8 yydefgoto[] = |
1032 | | { |
1033 | | 0, 20, 21, 22, 23, 24, 33, 34, 93, 94, |
1034 | | 41, 42, 172, 173, 55, 56, 57, 58, 204, 205, |
1035 | | 206, 207, 208, 209, 210, 211, 212, 213, 174, 180, |
1036 | | 73, 74, 183, 214, 59, 75, 76, 120, 95, 79, |
1037 | | 80, 124, 60, 87, 88, 132, 83, 84, 128, 25, |
1038 | | 26, 27, 188, 189, 190 |
1039 | | }; |
1040 | | |
1041 | | /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If |
1042 | | positive, shift that token. If negative, reduce the rule whose |
1043 | | number is the opposite. If YYTABLE_NINF, syntax error. */ |
1044 | | static const yytype_int16 yytable[] = |
1045 | | { |
1046 | | 44, 45, 43, 155, 46, 47, 78, 82, 86, 31, |
1047 | | 48, 46, 47, 96, 98, 31, 31, 48, 28, 228, |
1048 | | 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, |
1049 | | 239, 240, 241, 242, 243, 49, 61, 108, 109, 110, |
1050 | | 161, 122, 49, 50, 29, 107, 32, 30, 126, 123, |
1051 | | 50, 92, 32, 32, 119, 104, 127, 31, 90, 97, |
1052 | | 99, 105, 51, 52, 53, 54, 62, 46, 47, 51, |
1053 | | 52, 53, 54, 48, 35, 176, 36, 37, 103, 38, |
1054 | | 77, 112, 63, 64, 65, 66, 67, 68, 69, 70, |
1055 | | 71, 72, 81, 118, 32, 130, 104, 121, 49, 244, |
1056 | | 134, 137, 147, 131, 39, 116, 50, 104, 135, 138, |
1057 | | 62, 92, 40, 148, 158, 139, 107, 78, 85, 164, |
1058 | | 113, 82, 62, 167, 114, 86, 63, 64, 65, 66, |
1059 | | 67, 68, 69, 70, 71, 72, 115, 140, 63, 64, |
1060 | | 65, 66, 67, 68, 69, 70, 71, 72, 62, 104, |
1061 | | 175, 125, 129, 177, 2, 149, 178, 3, 4, 5, |
1062 | | 192, 181, 92, 133, 63, 64, 65, 66, 67, 68, |
1063 | | 69, 70, 71, 72, -2, 1, 100, 141, 2, 101, |
1064 | | 102, 3, 4, 5, 13, 6, 7, 8, 9, 10, |
1065 | | 11, 12, 18, 46, 47, 169, 104, 142, 35, 48, |
1066 | | 36, 37, 156, 38, 51, 52, 53, 54, 13, 14, |
1067 | | 15, 16, 17, 143, 144, 157, 18, 150, -3, 1, |
1068 | | 151, 19, 2, 152, 49, 3, 4, 5, 39, 6, |
1069 | | 7, 8, 9, 10, 11, 12, 40, 2, 153, 184, |
1070 | | 3, 4, 5, 35, 185, 36, 37, 171, 38, 160, |
1071 | | 246, 163, 13, 14, 15, 16, 17, 166, 2, 184, |
1072 | | 18, 3, 4, 5, 185, 19, 107, 13, 118, 186, |
1073 | | 92, 182, 179, 39, 218, 18, 219, 187, 191, 216, |
1074 | | 35, 40, 36, 37, 220, 38, 221, 222, 13, 186, |
1075 | | 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, |
1076 | | 223, 224, 225, 226, 227, 247, 248, 249, 250, 251, |
1077 | | 39, 252, 253, 254, 255, 91, 145, 170, 106, 193, |
1078 | | 111, 146, 154, 117, 162, 159, 168, 165, 89, 136, |
1079 | | 217, 245, 215 |
1080 | | }; |
1081 | | |
1082 | | static const yytype_uint8 yycheck[] = |
1083 | | { |
1084 | | 10, 11, 9, 118, 3, 4, 15, 16, 17, 5, |
1085 | | 9, 3, 4, 1, 1, 5, 5, 9, 47, 18, |
1086 | | 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, |
1087 | | 29, 30, 31, 32, 33, 34, 4, 43, 44, 45, |
1088 | | 125, 39, 34, 42, 9, 41, 42, 9, 39, 47, |
1089 | | 42, 41, 42, 42, 60, 41, 47, 5, 0, 47, |
1090 | | 47, 47, 61, 62, 63, 64, 34, 3, 4, 61, |
1091 | | 62, 63, 64, 9, 4, 160, 6, 7, 5, 9, |
1092 | | 4, 39, 50, 51, 52, 53, 54, 55, 56, 57, |
1093 | | 58, 59, 4, 41, 42, 39, 41, 40, 34, 214, |
1094 | | 39, 39, 47, 47, 34, 41, 42, 41, 47, 47, |
1095 | | 34, 41, 42, 47, 121, 40, 41, 126, 4, 129, |
1096 | | 39, 130, 34, 133, 39, 134, 50, 51, 52, 53, |
1097 | | 54, 55, 56, 57, 58, 59, 39, 47, 50, 51, |
1098 | | 52, 53, 54, 55, 56, 57, 58, 59, 34, 41, |
1099 | | 157, 40, 40, 163, 4, 47, 166, 7, 8, 9, |
1100 | | 39, 171, 41, 40, 50, 51, 52, 53, 54, 55, |
1101 | | 56, 57, 58, 59, 0, 1, 40, 47, 4, 43, |
1102 | | 44, 7, 8, 9, 34, 11, 12, 13, 14, 15, |
1103 | | 16, 17, 42, 3, 4, 1, 41, 9, 4, 9, |
1104 | | 6, 7, 47, 9, 61, 62, 63, 64, 34, 35, |
1105 | | 36, 37, 38, 9, 9, 40, 42, 10, 0, 1, |
1106 | | 10, 47, 4, 10, 34, 7, 8, 9, 34, 11, |
1107 | | 12, 13, 14, 15, 16, 17, 42, 4, 10, 4, |
1108 | | 7, 8, 9, 4, 9, 6, 7, 45, 9, 40, |
1109 | | 9, 40, 34, 35, 36, 37, 38, 40, 4, 4, |
1110 | | 42, 7, 8, 9, 9, 47, 41, 34, 41, 34, |
1111 | | 41, 41, 39, 34, 40, 42, 40, 42, 46, 41, |
1112 | | 4, 42, 6, 7, 40, 9, 40, 40, 34, 34, |
1113 | | 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, |
1114 | | 40, 40, 40, 40, 40, 9, 9, 9, 9, 9, |
1115 | | 34, 9, 9, 9, 9, 21, 104, 137, 40, 182, |
1116 | | 50, 107, 116, 56, 126, 122, 134, 130, 18, 92, |
1117 | | 192, 216, 187 |
1118 | | }; |
1119 | | |
1120 | | /* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of |
1121 | | state STATE-NUM. */ |
1122 | | static const yytype_int8 yystos[] = |
1123 | | { |
1124 | | 0, 1, 4, 7, 8, 9, 11, 12, 13, 14, |
1125 | | 15, 16, 17, 34, 35, 36, 37, 38, 42, 47, |
1126 | | 66, 67, 68, 69, 70, 114, 115, 116, 47, 9, |
1127 | | 9, 5, 42, 71, 72, 4, 6, 7, 9, 34, |
1128 | | 42, 75, 76, 103, 114, 114, 3, 4, 9, 34, |
1129 | | 42, 61, 62, 63, 64, 79, 80, 81, 82, 99, |
1130 | | 107, 4, 34, 50, 51, 52, 53, 54, 55, 56, |
1131 | | 57, 58, 59, 95, 96, 100, 101, 4, 96, 104, |
1132 | | 105, 4, 96, 111, 112, 4, 96, 108, 109, 116, |
1133 | | 0, 68, 41, 73, 74, 103, 1, 47, 1, 47, |
1134 | | 40, 43, 44, 5, 41, 47, 76, 41, 71, 71, |
1135 | | 71, 99, 39, 39, 39, 39, 41, 82, 41, 71, |
1136 | | 102, 40, 39, 47, 106, 40, 39, 47, 113, 40, |
1137 | | 39, 47, 110, 40, 39, 47, 115, 39, 47, 40, |
1138 | | 47, 47, 9, 9, 9, 72, 75, 47, 47, 47, |
1139 | | 10, 10, 10, 10, 79, 81, 47, 40, 103, 101, |
1140 | | 40, 107, 105, 40, 114, 112, 40, 114, 109, 1, |
1141 | | 74, 45, 77, 78, 93, 103, 107, 114, 114, 39, |
1142 | | 94, 114, 41, 97, 4, 9, 34, 42, 117, 118, |
1143 | | 119, 46, 39, 78, 50, 51, 52, 53, 54, 55, |
1144 | | 56, 57, 58, 59, 83, 84, 85, 86, 87, 88, |
1145 | | 89, 90, 91, 92, 98, 119, 41, 117, 40, 40, |
1146 | | 40, 40, 40, 40, 40, 40, 40, 40, 18, 19, |
1147 | | 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, |
1148 | | 30, 31, 32, 33, 81, 118, 9, 9, 9, 9, |
1149 | | 9, 9, 9, 9, 9, 9 |
1150 | | }; |
1151 | | |
1152 | | /* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ |
1153 | | static const yytype_int8 yyr1[] = |
1154 | | { |
1155 | | 0, 65, 66, 66, 67, 67, 68, 68, 68, 68, |
1156 | | 68, 68, 68, 68, 68, 68, 68, 68, 68, 68, |
1157 | | 69, 69, 70, 70, 71, 71, 72, 72, 72, 72, |
1158 | | 72, 73, 73, 73, 74, 75, 75, 76, 76, 76, |
1159 | | 76, 76, 77, 77, 78, 79, 79, 79, 79, 80, |
1160 | | 80, 81, 81, 82, 82, 83, 84, 85, 86, 87, |
1161 | | 88, 89, 90, 91, 92, 93, 93, 94, 94, 94, |
1162 | | 94, 94, 95, 95, 95, 95, 95, 95, 95, 95, |
1163 | | 95, 95, 95, 96, 97, 97, 97, 97, 97, 97, |
1164 | | 97, 97, 97, 97, 97, 98, 98, 98, 98, 98, |
1165 | | 98, 98, 98, 98, 98, 98, 98, 98, 98, 98, |
1166 | | 98, 98, 99, 99, 99, 99, 100, 100, 102, 101, |
1167 | | 101, 103, 103, 104, 104, 106, 105, 105, 107, 107, |
1168 | | 108, 108, 110, 109, 109, 111, 111, 113, 112, 112, |
1169 | | 114, 114, 115, 115, 116, 116, 116, 116, 116, 117, |
1170 | | 117, 118, 118, 119, 119, 119 |
1171 | | }; |
1172 | | |
1173 | | /* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM. */ |
1174 | | static const yytype_int8 yyr2[] = |
1175 | | { |
1176 | | 0, 2, 0, 1, 1, 2, 1, 2, 1, 1, |
1177 | | 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, |
1178 | | 3, 4, 3, 4, 1, 3, 1, 2, 3, 3, |
1179 | | 3, 1, 3, 3, 3, 1, 2, 1, 1, 1, |
1180 | | 1, 1, 1, 3, 4, 3, 3, 3, 3, 1, |
1181 | | 3, 1, 2, 1, 2, 3, 3, 3, 3, 3, |
1182 | | 3, 3, 3, 3, 3, 0, 3, 0, 1, 3, |
1183 | | 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, |
1184 | | 1, 1, 1, 1, 0, 2, 2, 2, 2, 2, |
1185 | | 2, 2, 2, 2, 2, 0, 2, 2, 2, 2, |
1186 | | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, |
1187 | | 2, 2, 1, 1, 1, 1, 1, 3, 0, 4, |
1188 | | 3, 1, 3, 1, 3, 0, 4, 3, 1, 3, |
1189 | | 1, 3, 0, 4, 3, 1, 3, 0, 4, 3, |
1190 | | 1, 3, 1, 2, 1, 1, 1, 1, 1, 1, |
1191 | | 3, 1, 2, 1, 1, 1 |
1192 | | }; |
1193 | | |
1194 | | |
1195 | | enum { YYENOMEM = -2 }; |
1196 | | |
1197 | 24 | #define yyerrok (yyerrstatus = 0) |
1198 | | #define yyclearin (yychar = YYEMPTY) |
1199 | | |
1200 | 7 | #define YYACCEPT goto yyacceptlab |
1201 | 1 | #define YYABORT goto yyabortlab |
1202 | 0 | #define YYERROR goto yyerrorlab |
1203 | 0 | #define YYNOMEM goto yyexhaustedlab |
1204 | | |
1205 | | |
1206 | | #define YYRECOVERING() (!!yyerrstatus) |
1207 | | |
1208 | | #define YYBACKUP(Token, Value) \ |
1209 | | do \ |
1210 | | if (yychar == YYEMPTY) \ |
1211 | | { \ |
1212 | | yychar = (Token); \ |
1213 | | yylval = (Value); \ |
1214 | | YYPOPSTACK (yylen); \ |
1215 | | yystate = *yyssp; \ |
1216 | | goto yybackup; \ |
1217 | | } \ |
1218 | | else \ |
1219 | | { \ |
1220 | | yyerror (YY_("syntax error: cannot back up")); \ |
1221 | | YYERROR; \ |
1222 | | } \ |
1223 | | while (0) |
1224 | | |
1225 | | /* Backward compatibility with an undocumented macro. |
1226 | | Use YYerror or YYUNDEF. */ |
1227 | | #define YYERRCODE YYUNDEF |
1228 | | |
1229 | | |
1230 | | /* Enable debugging if requested. */ |
1231 | | #if YYDEBUG |
1232 | | |
1233 | | # ifndef YYFPRINTF |
1234 | | # include <stdio.h> /* INFRINGES ON USER NAME SPACE */ |
1235 | | # define YYFPRINTF fprintf |
1236 | | # endif |
1237 | | |
1238 | | # define YYDPRINTF(Args) \ |
1239 | | do { \ |
1240 | | if (yydebug) \ |
1241 | | YYFPRINTF Args; \ |
1242 | | } while (0) |
1243 | | |
1244 | | |
1245 | | |
1246 | | |
1247 | | # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ |
1248 | | do { \ |
1249 | | if (yydebug) \ |
1250 | | { \ |
1251 | | YYFPRINTF (stderr, "%s ", Title); \ |
1252 | | yy_symbol_print (stderr, \ |
1253 | | Kind, Value); \ |
1254 | | YYFPRINTF (stderr, "\n"); \ |
1255 | | } \ |
1256 | | } while (0) |
1257 | | |
1258 | | |
1259 | | /*-----------------------------------. |
1260 | | | Print this symbol's value on YYO. | |
1261 | | `-----------------------------------*/ |
1262 | | |
1263 | | static void |
1264 | | yy_symbol_value_print (FILE *yyo, |
1265 | | yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) |
1266 | | { |
1267 | | FILE *yyoutput = yyo; |
1268 | | YY_USE (yyoutput); |
1269 | | if (!yyvaluep) |
1270 | | return; |
1271 | | YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN |
1272 | | YY_USE (yykind); |
1273 | | YY_IGNORE_MAYBE_UNINITIALIZED_END |
1274 | | } |
1275 | | |
1276 | | |
1277 | | /*---------------------------. |
1278 | | | Print this symbol on YYO. | |
1279 | | `---------------------------*/ |
1280 | | |
1281 | | static void |
1282 | | yy_symbol_print (FILE *yyo, |
1283 | | yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) |
1284 | | { |
1285 | | YYFPRINTF (yyo, "%s %s (", |
1286 | | yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); |
1287 | | |
1288 | | yy_symbol_value_print (yyo, yykind, yyvaluep); |
1289 | | YYFPRINTF (yyo, ")"); |
1290 | | } |
1291 | | |
1292 | | /*------------------------------------------------------------------. |
1293 | | | yy_stack_print -- Print the state stack from its BOTTOM up to its | |
1294 | | | TOP (included). | |
1295 | | `------------------------------------------------------------------*/ |
1296 | | |
1297 | | static void |
1298 | | yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) |
1299 | | { |
1300 | | YYFPRINTF (stderr, "Stack now"); |
1301 | | for (; yybottom <= yytop; yybottom++) |
1302 | | { |
1303 | | int yybot = *yybottom; |
1304 | | YYFPRINTF (stderr, " %d", yybot); |
1305 | | } |
1306 | | YYFPRINTF (stderr, "\n"); |
1307 | | } |
1308 | | |
1309 | | # define YY_STACK_PRINT(Bottom, Top) \ |
1310 | | do { \ |
1311 | | if (yydebug) \ |
1312 | | yy_stack_print ((Bottom), (Top)); \ |
1313 | | } while (0) |
1314 | | |
1315 | | |
1316 | | /*------------------------------------------------. |
1317 | | | Report that the YYRULE is going to be reduced. | |
1318 | | `------------------------------------------------*/ |
1319 | | |
1320 | | static void |
1321 | | yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, |
1322 | | int yyrule) |
1323 | | { |
1324 | | int yylno = yyrline[yyrule]; |
1325 | | int yynrhs = yyr2[yyrule]; |
1326 | | int yyi; |
1327 | | YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", |
1328 | | yyrule - 1, yylno); |
1329 | | /* The symbols being reduced. */ |
1330 | | for (yyi = 0; yyi < yynrhs; yyi++) |
1331 | | { |
1332 | | YYFPRINTF (stderr, " $%d = ", yyi + 1); |
1333 | | yy_symbol_print (stderr, |
1334 | | YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), |
1335 | | &yyvsp[(yyi + 1) - (yynrhs)]); |
1336 | | YYFPRINTF (stderr, "\n"); |
1337 | | } |
1338 | | } |
1339 | | |
1340 | | # define YY_REDUCE_PRINT(Rule) \ |
1341 | | do { \ |
1342 | | if (yydebug) \ |
1343 | | yy_reduce_print (yyssp, yyvsp, Rule); \ |
1344 | | } while (0) |
1345 | | |
1346 | | /* Nonzero means print parse trace. It is left uninitialized so that |
1347 | | multiple parsers can coexist. */ |
1348 | | int yydebug; |
1349 | | #else /* !YYDEBUG */ |
1350 | 278k | # define YYDPRINTF(Args) ((void) 0) |
1351 | | # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) |
1352 | | # define YY_STACK_PRINT(Bottom, Top) |
1353 | | # define YY_REDUCE_PRINT(Rule) |
1354 | | #endif /* !YYDEBUG */ |
1355 | | |
1356 | | |
1357 | | /* YYINITDEPTH -- initial size of the parser's stacks. */ |
1358 | | #ifndef YYINITDEPTH |
1359 | 8 | # define YYINITDEPTH 200 |
1360 | | #endif |
1361 | | |
1362 | | /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only |
1363 | | if the built-in stack extension method is used). |
1364 | | |
1365 | | Do not make this value too large; the results are undefined if |
1366 | | YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) |
1367 | | evaluated with infinite-precision integer arithmetic. */ |
1368 | | |
1369 | | #ifndef YYMAXDEPTH |
1370 | 0 | # define YYMAXDEPTH 10000 |
1371 | | #endif |
1372 | | |
1373 | | |
1374 | | |
1375 | | |
1376 | | |
1377 | | |
1378 | | /*-----------------------------------------------. |
1379 | | | Release the memory associated to this symbol. | |
1380 | | `-----------------------------------------------*/ |
1381 | | |
1382 | | static void |
1383 | | yydestruct (const char *yymsg, |
1384 | | yysymbol_kind_t yykind, YYSTYPE *yyvaluep) |
1385 | 277k | { |
1386 | 277k | YY_USE (yyvaluep); |
1387 | 277k | if (!yymsg) |
1388 | 0 | yymsg = "Deleting"; |
1389 | 277k | YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); |
1390 | | |
1391 | 277k | YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN |
1392 | 277k | YY_USE (yykind); |
1393 | 277k | YY_IGNORE_MAYBE_UNINITIALIZED_END |
1394 | 277k | } |
1395 | | |
1396 | | |
1397 | | /* Lookahead token kind. */ |
1398 | | int yychar; |
1399 | | |
1400 | | /* The semantic value of the lookahead symbol. */ |
1401 | | YYSTYPE yylval; |
1402 | | /* Number of syntax errors so far. */ |
1403 | | int yynerrs; |
1404 | | |
1405 | | |
1406 | | |
1407 | | |
1408 | | /*----------. |
1409 | | | yyparse. | |
1410 | | `----------*/ |
1411 | | |
1412 | | int |
1413 | | yyparse (void) |
1414 | 8 | { |
1415 | 8 | yy_state_fast_t yystate = 0; |
1416 | | /* Number of tokens to shift before error messages enabled. */ |
1417 | 8 | int yyerrstatus = 0; |
1418 | | |
1419 | | /* Refer to the stacks through separate pointers, to allow yyoverflow |
1420 | | to reallocate them elsewhere. */ |
1421 | | |
1422 | | /* Their size. */ |
1423 | 8 | YYPTRDIFF_T yystacksize = YYINITDEPTH; |
1424 | | |
1425 | | /* The state stack: array, bottom, top. */ |
1426 | 8 | yy_state_t yyssa[YYINITDEPTH]; |
1427 | 8 | yy_state_t *yyss = yyssa; |
1428 | 8 | yy_state_t *yyssp = yyss; |
1429 | | |
1430 | | /* The semantic value stack: array, bottom, top. */ |
1431 | 8 | YYSTYPE yyvsa[YYINITDEPTH]; |
1432 | 8 | YYSTYPE *yyvs = yyvsa; |
1433 | 8 | YYSTYPE *yyvsp = yyvs; |
1434 | | |
1435 | 8 | int yyn; |
1436 | | /* The return value of yyparse. */ |
1437 | 8 | int yyresult; |
1438 | | /* Lookahead symbol kind. */ |
1439 | 8 | yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; |
1440 | | /* The variables used to return semantic value and location from the |
1441 | | action routines. */ |
1442 | 8 | YYSTYPE yyval; |
1443 | | |
1444 | | |
1445 | | |
1446 | 139k | #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) |
1447 | | |
1448 | | /* The number of symbols on the RHS of the reduced rule. |
1449 | | Keep to zero when no symbol should be popped. */ |
1450 | 8 | int yylen = 0; |
1451 | | |
1452 | 8 | YYDPRINTF ((stderr, "Starting parse\n")); |
1453 | | |
1454 | 8 | yychar = YYEMPTY; /* Cause a token to be read. */ |
1455 | | |
1456 | 8 | goto yysetstate; |
1457 | | |
1458 | | |
1459 | | /*------------------------------------------------------------. |
1460 | | | yynewstate -- push a new state, which is found in yystate. | |
1461 | | `------------------------------------------------------------*/ |
1462 | 139k | yynewstate: |
1463 | | /* In all cases, when you get here, the value and location stacks |
1464 | | have just been pushed. So pushing a state here evens the stacks. */ |
1465 | 139k | yyssp++; |
1466 | | |
1467 | | |
1468 | | /*--------------------------------------------------------------------. |
1469 | | | yysetstate -- set current state (the top of the stack) to yystate. | |
1470 | | `--------------------------------------------------------------------*/ |
1471 | 139k | yysetstate: |
1472 | 139k | YYDPRINTF ((stderr, "Entering state %d\n", yystate)); |
1473 | 139k | YY_ASSERT (0 <= yystate && yystate < YYNSTATES); |
1474 | 139k | YY_IGNORE_USELESS_CAST_BEGIN |
1475 | 139k | *yyssp = YY_CAST (yy_state_t, yystate); |
1476 | 139k | YY_IGNORE_USELESS_CAST_END |
1477 | 139k | YY_STACK_PRINT (yyss, yyssp); |
1478 | | |
1479 | 139k | if (yyss + yystacksize - 1 <= yyssp) |
1480 | | #if !defined yyoverflow && !defined YYSTACK_RELOCATE |
1481 | | YYNOMEM; |
1482 | | #else |
1483 | 0 | { |
1484 | | /* Get the current used size of the three stacks, in elements. */ |
1485 | 0 | YYPTRDIFF_T yysize = yyssp - yyss + 1; |
1486 | |
|
1487 | | # if defined yyoverflow |
1488 | | { |
1489 | | /* Give user a chance to reallocate the stack. Use copies of |
1490 | | these so that the &'s don't force the real ones into |
1491 | | memory. */ |
1492 | | yy_state_t *yyss1 = yyss; |
1493 | | YYSTYPE *yyvs1 = yyvs; |
1494 | | |
1495 | | /* Each stack pointer address is followed by the size of the |
1496 | | data in use in that stack, in bytes. This used to be a |
1497 | | conditional around just the two extra args, but that might |
1498 | | be undefined if yyoverflow is a macro. */ |
1499 | | yyoverflow (YY_("memory exhausted"), |
1500 | | &yyss1, yysize * YYSIZEOF (*yyssp), |
1501 | | &yyvs1, yysize * YYSIZEOF (*yyvsp), |
1502 | | &yystacksize); |
1503 | | yyss = yyss1; |
1504 | | yyvs = yyvs1; |
1505 | | } |
1506 | | # else /* defined YYSTACK_RELOCATE */ |
1507 | | /* Extend the stack our own way. */ |
1508 | 0 | if (YYMAXDEPTH <= yystacksize) |
1509 | 0 | YYNOMEM; |
1510 | 0 | yystacksize *= 2; |
1511 | 0 | if (YYMAXDEPTH < yystacksize) |
1512 | 0 | yystacksize = YYMAXDEPTH; |
1513 | |
|
1514 | 0 | { |
1515 | 0 | yy_state_t *yyss1 = yyss; |
1516 | 0 | union yyalloc *yyptr = |
1517 | 0 | YY_CAST (union yyalloc *, |
1518 | 0 | YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); |
1519 | 0 | if (! yyptr) |
1520 | 0 | YYNOMEM; |
1521 | 0 | YYSTACK_RELOCATE (yyss_alloc, yyss); |
1522 | 0 | YYSTACK_RELOCATE (yyvs_alloc, yyvs); |
1523 | 0 | # undef YYSTACK_RELOCATE |
1524 | 0 | if (yyss1 != yyssa) |
1525 | 0 | YYSTACK_FREE (yyss1); |
1526 | 0 | } |
1527 | 0 | # endif |
1528 | | |
1529 | 0 | yyssp = yyss + yysize - 1; |
1530 | 0 | yyvsp = yyvs + yysize - 1; |
1531 | |
|
1532 | 0 | YY_IGNORE_USELESS_CAST_BEGIN |
1533 | 0 | YYDPRINTF ((stderr, "Stack size increased to %ld\n", |
1534 | 0 | YY_CAST (long, yystacksize))); |
1535 | 0 | YY_IGNORE_USELESS_CAST_END |
1536 | |
|
1537 | 0 | if (yyss + yystacksize - 1 <= yyssp) |
1538 | 0 | YYABORT; |
1539 | 0 | } |
1540 | 139k | #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ |
1541 | | |
1542 | | |
1543 | 139k | if (yystate == YYFINAL) |
1544 | 7 | YYACCEPT; |
1545 | | |
1546 | 139k | goto yybackup; |
1547 | | |
1548 | | |
1549 | | /*-----------. |
1550 | | | yybackup. | |
1551 | | `-----------*/ |
1552 | 139k | yybackup: |
1553 | | /* Do appropriate processing given the current state. Read a |
1554 | | lookahead token if we need one and don't already have one. */ |
1555 | | |
1556 | | /* First try to decide what to do without reference to lookahead token. */ |
1557 | 139k | yyn = yypact[yystate]; |
1558 | 139k | if (yypact_value_is_default (yyn)) |
1559 | 207 | goto yydefault; |
1560 | | |
1561 | | /* Not known => get a lookahead token if don't already have one. */ |
1562 | | |
1563 | | /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ |
1564 | 138k | if (yychar == YYEMPTY) |
1565 | 138k | { |
1566 | 138k | YYDPRINTF ((stderr, "Reading a token\n")); |
1567 | 138k | yychar = yylex (); |
1568 | 138k | } |
1569 | | |
1570 | 138k | if (yychar <= YYEOF) |
1571 | 18 | { |
1572 | 18 | yychar = YYEOF; |
1573 | 18 | yytoken = YYSYMBOL_YYEOF; |
1574 | 18 | YYDPRINTF ((stderr, "Now at end of input.\n")); |
1575 | 18 | } |
1576 | 138k | else if (yychar == YYerror) |
1577 | 0 | { |
1578 | | /* The scanner already issued an error message, process directly |
1579 | | to error recovery. But do not keep the error token as |
1580 | | lookahead, it is too special and may lead us to an endless |
1581 | | loop in error recovery. */ |
1582 | 0 | yychar = YYUNDEF; |
1583 | 0 | yytoken = YYSYMBOL_YYerror; |
1584 | 0 | goto yyerrlab1; |
1585 | 0 | } |
1586 | 138k | else |
1587 | 138k | { |
1588 | 138k | yytoken = YYTRANSLATE (yychar); |
1589 | 138k | YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); |
1590 | 138k | } |
1591 | | |
1592 | | /* If the proper action on seeing token YYTOKEN is to reduce or to |
1593 | | detect an error, take that action. */ |
1594 | 138k | yyn += yytoken; |
1595 | 138k | if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) |
1596 | 138k | goto yydefault; |
1597 | 108 | yyn = yytable[yyn]; |
1598 | 108 | if (yyn <= 0) |
1599 | 7 | { |
1600 | 7 | if (yytable_value_is_error (yyn)) |
1601 | 0 | goto yyerrlab; |
1602 | 7 | yyn = -yyn; |
1603 | 7 | goto yyreduce; |
1604 | 7 | } |
1605 | | |
1606 | | /* Count tokens shifted since error; after three, turn off error |
1607 | | status. */ |
1608 | 101 | if (yyerrstatus) |
1609 | 24 | yyerrstatus--; |
1610 | | |
1611 | | /* Shift the lookahead token. */ |
1612 | 101 | YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); |
1613 | 101 | yystate = yyn; |
1614 | 101 | YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN |
1615 | 101 | *++yyvsp = yylval; |
1616 | 101 | YY_IGNORE_MAYBE_UNINITIALIZED_END |
1617 | | |
1618 | | /* Discard the shifted token. */ |
1619 | 101 | yychar = YYEMPTY; |
1620 | 101 | goto yynewstate; |
1621 | | |
1622 | | |
1623 | | /*-----------------------------------------------------------. |
1624 | | | yydefault -- do the default action for the current state. | |
1625 | | `-----------------------------------------------------------*/ |
1626 | 139k | yydefault: |
1627 | 139k | yyn = yydefact[yystate]; |
1628 | 139k | if (yyn == 0) |
1629 | 138k | goto yyerrlab; |
1630 | 211 | goto yyreduce; |
1631 | | |
1632 | | |
1633 | | /*-----------------------------. |
1634 | | | yyreduce -- do a reduction. | |
1635 | | `-----------------------------*/ |
1636 | 218 | yyreduce: |
1637 | | /* yyn is the number of a rule to reduce with. */ |
1638 | 218 | yylen = yyr2[yyn]; |
1639 | | |
1640 | | /* If YYLEN is nonzero, implement the default value of the action: |
1641 | | '$$ = $1'. |
1642 | | |
1643 | | Otherwise, the following line sets YYVAL to garbage. |
1644 | | This behavior is undocumented and Bison |
1645 | | users should not rely upon it. Assigning to YYVAL |
1646 | | unconditionally makes the parser a bit smaller, and it avoids a |
1647 | | GCC warning that YYVAL may be used uninitialized. */ |
1648 | 218 | yyval = yyvsp[1-yylen]; |
1649 | | |
1650 | | |
1651 | 218 | YY_REDUCE_PRINT (yyn); |
1652 | 218 | switch (yyn) |
1653 | 218 | { |
1654 | 0 | case 2: /* file: %empty */ |
1655 | 0 | #line 205 "gram.y" |
1656 | 0 | { |
1657 | 0 | ; /* empty file */ |
1658 | 0 | } |
1659 | 0 | #line 1654 "gram.c" |
1660 | 0 | break; |
1661 | | |
1662 | 11 | case 6: /* entry: '\n' */ |
1663 | 11 | #line 215 "gram.y" |
1664 | 11 | { |
1665 | 11 | ; /* blank line */ |
1666 | 11 | } |
1667 | 11 | #line 1662 "gram.c" |
1668 | 11 | break; |
1669 | | |
1670 | 24 | case 7: /* entry: error '\n' */ |
1671 | 24 | #line 218 "gram.y" |
1672 | 24 | { |
1673 | 24 | yyerrok; |
1674 | 24 | } |
1675 | 24 | #line 1670 "gram.c" |
1676 | 24 | break; |
1677 | | |
1678 | 0 | case 8: /* entry: include */ |
1679 | 0 | #line 221 "gram.y" |
1680 | 0 | { |
1681 | 0 | const bool success = push_include((yyvsp[0].string), |
1682 | 0 | parsed_policy.ctx->user.shost, &parser_conf); |
1683 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1684 | 0 | free((yyvsp[0].string)); |
1685 | 0 | if (!success && !parser_conf.recovery) |
1686 | 0 | YYERROR; |
1687 | 0 | } |
1688 | 0 | #line 1683 "gram.c" |
1689 | 0 | break; |
1690 | | |
1691 | 0 | case 9: /* entry: includedir */ |
1692 | 0 | #line 229 "gram.y" |
1693 | 0 | { |
1694 | 0 | const bool success = push_includedir((yyvsp[0].string), |
1695 | 0 | parsed_policy.ctx->user.shost, &parser_conf); |
1696 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1697 | 0 | free((yyvsp[0].string)); |
1698 | 0 | if (!success && !parser_conf.recovery) |
1699 | 0 | YYERROR; |
1700 | 0 | } |
1701 | 0 | #line 1696 "gram.c" |
1702 | 0 | break; |
1703 | | |
1704 | 0 | case 10: /* entry: userlist privileges '\n' */ |
1705 | 0 | #line 237 "gram.y" |
1706 | 0 | { |
1707 | 0 | if (!add_userspec((yyvsp[-2].member), (yyvsp[-1].privilege))) { |
1708 | 0 | sudoerserror(N_("unable to allocate memory")); |
1709 | 0 | YYERROR; |
1710 | 0 | } |
1711 | 0 | } |
1712 | 0 | #line 1707 "gram.c" |
1713 | 0 | break; |
1714 | | |
1715 | 0 | case 11: /* entry: USERALIAS useraliases '\n' */ |
1716 | 0 | #line 243 "gram.y" |
1717 | 0 | { |
1718 | 0 | ; |
1719 | 0 | } |
1720 | 0 | #line 1715 "gram.c" |
1721 | 0 | break; |
1722 | | |
1723 | 0 | case 12: /* entry: HOSTALIAS hostaliases '\n' */ |
1724 | 0 | #line 246 "gram.y" |
1725 | 0 | { |
1726 | 0 | ; |
1727 | 0 | } |
1728 | 0 | #line 1723 "gram.c" |
1729 | 0 | break; |
1730 | | |
1731 | 0 | case 13: /* entry: CMNDALIAS cmndaliases '\n' */ |
1732 | 0 | #line 249 "gram.y" |
1733 | 0 | { |
1734 | 0 | ; |
1735 | 0 | } |
1736 | 0 | #line 1731 "gram.c" |
1737 | 0 | break; |
1738 | | |
1739 | 0 | case 14: /* entry: RUNASALIAS runasaliases '\n' */ |
1740 | 0 | #line 252 "gram.y" |
1741 | 0 | { |
1742 | 0 | ; |
1743 | 0 | } |
1744 | 0 | #line 1739 "gram.c" |
1745 | 0 | break; |
1746 | | |
1747 | 0 | case 15: /* entry: DEFAULTS defaults_list '\n' */ |
1748 | 0 | #line 255 "gram.y" |
1749 | 0 | { |
1750 | 0 | if (!add_defaults(DEFAULTS, NULL, (yyvsp[-1].defaults))) |
1751 | 0 | YYERROR; |
1752 | 0 | } |
1753 | 0 | #line 1748 "gram.c" |
1754 | 0 | break; |
1755 | | |
1756 | 0 | case 16: /* entry: DEFAULTS_USER userlist defaults_list '\n' */ |
1757 | 0 | #line 259 "gram.y" |
1758 | 0 | { |
1759 | 0 | if (!add_defaults(DEFAULTS_USER, (yyvsp[-2].member), (yyvsp[-1].defaults))) |
1760 | 0 | YYERROR; |
1761 | 0 | } |
1762 | 0 | #line 1757 "gram.c" |
1763 | 0 | break; |
1764 | | |
1765 | 0 | case 17: /* entry: DEFAULTS_RUNAS userlist defaults_list '\n' */ |
1766 | 0 | #line 263 "gram.y" |
1767 | 0 | { |
1768 | 0 | if (!add_defaults(DEFAULTS_RUNAS, (yyvsp[-2].member), (yyvsp[-1].defaults))) |
1769 | 0 | YYERROR; |
1770 | 0 | } |
1771 | 0 | #line 1766 "gram.c" |
1772 | 0 | break; |
1773 | | |
1774 | 0 | case 18: /* entry: DEFAULTS_HOST hostlist defaults_list '\n' */ |
1775 | 0 | #line 267 "gram.y" |
1776 | 0 | { |
1777 | 0 | if (!add_defaults(DEFAULTS_HOST, (yyvsp[-2].member), (yyvsp[-1].defaults))) |
1778 | 0 | YYERROR; |
1779 | 0 | } |
1780 | 0 | #line 1775 "gram.c" |
1781 | 0 | break; |
1782 | | |
1783 | 0 | case 19: /* entry: DEFAULTS_CMND cmndlist defaults_list '\n' */ |
1784 | 0 | #line 271 "gram.y" |
1785 | 0 | { |
1786 | 0 | if (!add_defaults(DEFAULTS_CMND, (yyvsp[-2].member), (yyvsp[-1].defaults))) |
1787 | 0 | YYERROR; |
1788 | 0 | } |
1789 | 0 | #line 1784 "gram.c" |
1790 | 0 | break; |
1791 | | |
1792 | 0 | case 20: /* include: INCLUDE WORD '\n' */ |
1793 | 0 | #line 277 "gram.y" |
1794 | 0 | { |
1795 | 0 | (yyval.string) = (yyvsp[-1].string); |
1796 | 0 | } |
1797 | 0 | #line 1792 "gram.c" |
1798 | 0 | break; |
1799 | | |
1800 | 0 | case 21: /* include: INCLUDE WORD error '\n' */ |
1801 | 0 | #line 280 "gram.y" |
1802 | 0 | { |
1803 | 0 | yyerrok; |
1804 | 0 | (yyval.string) = (yyvsp[-2].string); |
1805 | 0 | } |
1806 | 0 | #line 1801 "gram.c" |
1807 | 0 | break; |
1808 | | |
1809 | 0 | case 22: /* includedir: INCLUDEDIR WORD '\n' */ |
1810 | 0 | #line 286 "gram.y" |
1811 | 0 | { |
1812 | 0 | (yyval.string) = (yyvsp[-1].string); |
1813 | 0 | } |
1814 | 0 | #line 1809 "gram.c" |
1815 | 0 | break; |
1816 | | |
1817 | 0 | case 23: /* includedir: INCLUDEDIR WORD error '\n' */ |
1818 | 0 | #line 289 "gram.y" |
1819 | 0 | { |
1820 | 0 | yyerrok; |
1821 | 0 | (yyval.string) = (yyvsp[-2].string); |
1822 | 0 | } |
1823 | 0 | #line 1818 "gram.c" |
1824 | 0 | break; |
1825 | | |
1826 | 0 | case 25: /* defaults_list: defaults_list ',' defaults_entry */ |
1827 | 0 | #line 296 "gram.y" |
1828 | 0 | { |
1829 | 0 | parser_leak_remove(LEAK_DEFAULTS, (yyvsp[0].defaults)); |
1830 | 0 | HLTQ_CONCAT((yyvsp[-2].defaults), (yyvsp[0].defaults), entries); |
1831 | 0 | (yyval.defaults) = (yyvsp[-2].defaults); |
1832 | 0 | } |
1833 | 0 | #line 1828 "gram.c" |
1834 | 0 | break; |
1835 | | |
1836 | 0 | case 26: /* defaults_entry: DEFVAR */ |
1837 | 0 | #line 303 "gram.y" |
1838 | 0 | { |
1839 | 0 | (yyval.defaults) = new_default((yyvsp[0].string), NULL, true); |
1840 | 0 | if ((yyval.defaults) == NULL) { |
1841 | 0 | sudoerserror(N_("unable to allocate memory")); |
1842 | 0 | YYERROR; |
1843 | 0 | } |
1844 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1845 | 0 | parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); |
1846 | 0 | } |
1847 | 0 | #line 1842 "gram.c" |
1848 | 0 | break; |
1849 | | |
1850 | 0 | case 27: /* defaults_entry: '!' DEFVAR */ |
1851 | 0 | #line 312 "gram.y" |
1852 | 0 | { |
1853 | 0 | (yyval.defaults) = new_default((yyvsp[0].string), NULL, false); |
1854 | 0 | if ((yyval.defaults) == NULL) { |
1855 | 0 | sudoerserror(N_("unable to allocate memory")); |
1856 | 0 | YYERROR; |
1857 | 0 | } |
1858 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1859 | 0 | parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); |
1860 | 0 | } |
1861 | 0 | #line 1856 "gram.c" |
1862 | 0 | break; |
1863 | | |
1864 | 0 | case 28: /* defaults_entry: DEFVAR '=' WORD */ |
1865 | 0 | #line 321 "gram.y" |
1866 | 0 | { |
1867 | 0 | (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), true); |
1868 | 0 | if ((yyval.defaults) == NULL) { |
1869 | 0 | sudoerserror(N_("unable to allocate memory")); |
1870 | 0 | YYERROR; |
1871 | 0 | } |
1872 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].string)); |
1873 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1874 | 0 | parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); |
1875 | 0 | } |
1876 | 0 | #line 1871 "gram.c" |
1877 | 0 | break; |
1878 | | |
1879 | 0 | case 29: /* defaults_entry: DEFVAR '+' WORD */ |
1880 | 0 | #line 331 "gram.y" |
1881 | 0 | { |
1882 | 0 | (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), '+'); |
1883 | 0 | if ((yyval.defaults) == NULL) { |
1884 | 0 | sudoerserror(N_("unable to allocate memory")); |
1885 | 0 | YYERROR; |
1886 | 0 | } |
1887 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].string)); |
1888 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1889 | 0 | parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); |
1890 | 0 | } |
1891 | 0 | #line 1886 "gram.c" |
1892 | 0 | break; |
1893 | | |
1894 | 0 | case 30: /* defaults_entry: DEFVAR '-' WORD */ |
1895 | 0 | #line 341 "gram.y" |
1896 | 0 | { |
1897 | 0 | (yyval.defaults) = new_default((yyvsp[-2].string), (yyvsp[0].string), '-'); |
1898 | 0 | if ((yyval.defaults) == NULL) { |
1899 | 0 | sudoerserror(N_("unable to allocate memory")); |
1900 | 0 | YYERROR; |
1901 | 0 | } |
1902 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].string)); |
1903 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1904 | 0 | parser_leak_add(LEAK_DEFAULTS, (yyval.defaults)); |
1905 | 0 | } |
1906 | 0 | #line 1901 "gram.c" |
1907 | 0 | break; |
1908 | | |
1909 | 0 | case 32: /* privileges: privileges ':' privilege */ |
1910 | 0 | #line 354 "gram.y" |
1911 | 0 | { |
1912 | 0 | parser_leak_remove(LEAK_PRIVILEGE, (yyvsp[0].privilege)); |
1913 | 0 | HLTQ_CONCAT((yyvsp[-2].privilege), (yyvsp[0].privilege), entries); |
1914 | 0 | (yyval.privilege) = (yyvsp[-2].privilege); |
1915 | 0 | } |
1916 | 0 | #line 1911 "gram.c" |
1917 | 0 | break; |
1918 | | |
1919 | 0 | case 33: /* privileges: privileges ':' error */ |
1920 | 0 | #line 359 "gram.y" |
1921 | 0 | { |
1922 | 0 | yyerrok; |
1923 | 0 | (yyval.privilege) = (yyvsp[-2].privilege); |
1924 | 0 | } |
1925 | 0 | #line 1920 "gram.c" |
1926 | 0 | break; |
1927 | | |
1928 | 0 | case 34: /* privilege: hostlist '=' cmndspeclist */ |
1929 | 0 | #line 365 "gram.y" |
1930 | 0 | { |
1931 | 0 | struct privilege *p = calloc(1, sizeof(*p)); |
1932 | 0 | if (p == NULL) { |
1933 | 0 | sudoerserror(N_("unable to allocate memory")); |
1934 | 0 | YYERROR; |
1935 | 0 | } |
1936 | 0 | parser_leak_add(LEAK_PRIVILEGE, p); |
1937 | 0 | TAILQ_INIT(&p->defaults); |
1938 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[-2].member)); |
1939 | 0 | HLTQ_TO_TAILQ(&p->hostlist, (yyvsp[-2].member), entries); |
1940 | 0 | parser_leak_remove(LEAK_CMNDSPEC, (yyvsp[0].cmndspec)); |
1941 | 0 | HLTQ_TO_TAILQ(&p->cmndlist, (yyvsp[0].cmndspec), entries); |
1942 | 0 | HLTQ_INIT(p, entries); |
1943 | 0 | (yyval.privilege) = p; |
1944 | 0 | } |
1945 | 0 | #line 1940 "gram.c" |
1946 | 0 | break; |
1947 | | |
1948 | 18 | case 35: /* ophost: host */ |
1949 | 18 | #line 382 "gram.y" |
1950 | 18 | { |
1951 | 18 | (yyval.member) = (yyvsp[0].member); |
1952 | 18 | (yyval.member)->negated = false; |
1953 | 18 | } |
1954 | 18 | #line 1949 "gram.c" |
1955 | 18 | break; |
1956 | | |
1957 | 0 | case 36: /* ophost: '!' host */ |
1958 | 0 | #line 386 "gram.y" |
1959 | 0 | { |
1960 | 0 | (yyval.member) = (yyvsp[0].member); |
1961 | 0 | (yyval.member)->negated = true; |
1962 | 0 | } |
1963 | 0 | #line 1958 "gram.c" |
1964 | 0 | break; |
1965 | | |
1966 | 0 | case 37: /* host: ALIAS */ |
1967 | 0 | #line 392 "gram.y" |
1968 | 0 | { |
1969 | 0 | (yyval.member) = new_member((yyvsp[0].string), ALIAS); |
1970 | 0 | if ((yyval.member) == NULL) { |
1971 | 0 | sudoerserror(N_("unable to allocate memory")); |
1972 | 0 | YYERROR; |
1973 | 0 | } |
1974 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
1975 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
1976 | 0 | } |
1977 | 0 | #line 1972 "gram.c" |
1978 | 0 | break; |
1979 | | |
1980 | 0 | case 38: /* host: ALL */ |
1981 | 0 | #line 401 "gram.y" |
1982 | 0 | { |
1983 | 0 | (yyval.member) = new_member(NULL, ALL); |
1984 | 0 | if ((yyval.member) == NULL) { |
1985 | 0 | sudoerserror(N_("unable to allocate memory")); |
1986 | 0 | YYERROR; |
1987 | 0 | } |
1988 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
1989 | 0 | } |
1990 | 0 | #line 1985 "gram.c" |
1991 | 0 | break; |
1992 | | |
1993 | 0 | case 39: /* host: NETGROUP */ |
1994 | 0 | #line 409 "gram.y" |
1995 | 0 | { |
1996 | 0 | (yyval.member) = new_member((yyvsp[0].string), NETGROUP); |
1997 | 0 | if ((yyval.member) == NULL) { |
1998 | 0 | sudoerserror(N_("unable to allocate memory")); |
1999 | 0 | YYERROR; |
2000 | 0 | } |
2001 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2002 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2003 | 0 | } |
2004 | 0 | #line 1999 "gram.c" |
2005 | 0 | break; |
2006 | | |
2007 | 0 | case 40: /* host: NTWKADDR */ |
2008 | 0 | #line 418 "gram.y" |
2009 | 0 | { |
2010 | 0 | (yyval.member) = new_member((yyvsp[0].string), NTWKADDR); |
2011 | 0 | if ((yyval.member) == NULL) { |
2012 | 0 | sudoerserror(N_("unable to allocate memory")); |
2013 | 0 | YYERROR; |
2014 | 0 | } |
2015 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2016 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2017 | 0 | } |
2018 | 0 | #line 2013 "gram.c" |
2019 | 0 | break; |
2020 | | |
2021 | 18 | case 41: /* host: WORD */ |
2022 | 18 | #line 427 "gram.y" |
2023 | 18 | { |
2024 | 18 | (yyval.member) = new_member((yyvsp[0].string), WORD); |
2025 | 18 | if ((yyval.member) == NULL) { |
2026 | 0 | sudoerserror(N_("unable to allocate memory")); |
2027 | 0 | YYERROR; |
2028 | 0 | } |
2029 | 18 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2030 | 18 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2031 | 18 | } |
2032 | 0 | #line 2027 "gram.c" |
2033 | 0 | break; |
2034 | | |
2035 | 0 | case 43: /* cmndspeclist: cmndspeclist ',' cmndspec */ |
2036 | 0 | #line 439 "gram.y" |
2037 | 0 | { |
2038 | 0 | const struct cmndspec *prev = |
2039 | 0 | HLTQ_LAST((yyvsp[-2].cmndspec), cmndspec, entries); |
2040 | 0 | propagate_cmndspec((yyvsp[0].cmndspec), prev); |
2041 | 0 | parser_leak_remove(LEAK_CMNDSPEC, (yyvsp[0].cmndspec)); |
2042 | 0 | HLTQ_CONCAT((yyvsp[-2].cmndspec), (yyvsp[0].cmndspec), entries); |
2043 | 0 | (yyval.cmndspec) = (yyvsp[-2].cmndspec); |
2044 | 0 | } |
2045 | 0 | #line 2040 "gram.c" |
2046 | 0 | break; |
2047 | | |
2048 | 0 | case 44: /* cmndspec: runasspec options cmndtag digcmnd */ |
2049 | 0 | #line 449 "gram.y" |
2050 | 0 | { |
2051 | 0 | struct cmndspec *cs = calloc(1, sizeof(*cs)); |
2052 | 0 | if (cs == NULL) { |
2053 | 0 | sudoerserror(N_("unable to allocate memory")); |
2054 | 0 | YYERROR; |
2055 | 0 | } |
2056 | 0 | parser_leak_add(LEAK_CMNDSPEC, cs); |
2057 | 0 | if ((yyvsp[-3].runas) != NULL) { |
2058 | 0 | if ((yyvsp[-3].runas)->runasusers != NULL) { |
2059 | 0 | cs->runasuserlist = |
2060 | 0 | malloc(sizeof(*cs->runasuserlist)); |
2061 | 0 | if (cs->runasuserlist == NULL) { |
2062 | 0 | free(cs); |
2063 | 0 | sudoerserror(N_("unable to allocate memory")); |
2064 | 0 | YYERROR; |
2065 | 0 | } |
2066 | | /* g/c done via runas container */ |
2067 | 0 | HLTQ_TO_TAILQ(cs->runasuserlist, |
2068 | 0 | (yyvsp[-3].runas)->runasusers, entries); |
2069 | 0 | } |
2070 | 0 | if ((yyvsp[-3].runas)->runasgroups != NULL) { |
2071 | 0 | cs->runasgrouplist = |
2072 | 0 | malloc(sizeof(*cs->runasgrouplist)); |
2073 | 0 | if (cs->runasgrouplist == NULL) { |
2074 | 0 | free(cs); |
2075 | 0 | sudoerserror(N_("unable to allocate memory")); |
2076 | 0 | YYERROR; |
2077 | 0 | } |
2078 | | /* g/c done via runas container */ |
2079 | 0 | HLTQ_TO_TAILQ(cs->runasgrouplist, |
2080 | 0 | (yyvsp[-3].runas)->runasgroups, entries); |
2081 | 0 | } |
2082 | 0 | parser_leak_remove(LEAK_RUNAS, (yyvsp[-3].runas)); |
2083 | 0 | free((yyvsp[-3].runas)); |
2084 | 0 | } |
2085 | 0 | cs->role = (yyvsp[-2].options).role; |
2086 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).role); |
2087 | 0 | cs->type = (yyvsp[-2].options).type; |
2088 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).type); |
2089 | 0 | cs->apparmor_profile = (yyvsp[-2].options).apparmor_profile; |
2090 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).apparmor_profile); |
2091 | 0 | cs->privs = (yyvsp[-2].options).privs; |
2092 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).privs); |
2093 | 0 | cs->limitprivs = (yyvsp[-2].options).limitprivs; |
2094 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).limitprivs); |
2095 | 0 | cs->notbefore = (yyvsp[-2].options).notbefore; |
2096 | 0 | cs->notafter = (yyvsp[-2].options).notafter; |
2097 | 0 | cs->timeout = (yyvsp[-2].options).timeout; |
2098 | 0 | cs->runcwd = (yyvsp[-2].options).runcwd; |
2099 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).runcwd); |
2100 | 0 | cs->runchroot = (yyvsp[-2].options).runchroot; |
2101 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).runchroot); |
2102 | 0 | cs->tags = (yyvsp[-1].tag); |
2103 | 0 | cs->cmnd = (yyvsp[0].member); |
2104 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2105 | 0 | HLTQ_INIT(cs, entries); |
2106 | | /* sudo "ALL" implies the SETENV tag */ |
2107 | 0 | if (cs->cmnd->type == ALL && !cs->cmnd->negated && |
2108 | 0 | cs->tags.setenv == UNSPEC) |
2109 | 0 | cs->tags.setenv = IMPLIED; |
2110 | 0 | (yyval.cmndspec) = cs; |
2111 | 0 | } |
2112 | 0 | #line 2107 "gram.c" |
2113 | 0 | break; |
2114 | | |
2115 | 0 | case 45: /* digestspec: SHA224_TOK ':' DIGEST */ |
2116 | 0 | #line 513 "gram.y" |
2117 | 0 | { |
2118 | 0 | (yyval.digest) = new_digest(SUDO_DIGEST_SHA224, (yyvsp[0].string)); |
2119 | 0 | if ((yyval.digest) == NULL) { |
2120 | 0 | sudoerserror(N_("unable to allocate memory")); |
2121 | 0 | YYERROR; |
2122 | 0 | } |
2123 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2124 | 0 | parser_leak_add(LEAK_DIGEST, (yyval.digest)); |
2125 | 0 | } |
2126 | 0 | #line 2121 "gram.c" |
2127 | 0 | break; |
2128 | | |
2129 | 0 | case 46: /* digestspec: SHA256_TOK ':' DIGEST */ |
2130 | 0 | #line 522 "gram.y" |
2131 | 0 | { |
2132 | 0 | (yyval.digest) = new_digest(SUDO_DIGEST_SHA256, (yyvsp[0].string)); |
2133 | 0 | if ((yyval.digest) == NULL) { |
2134 | 0 | sudoerserror(N_("unable to allocate memory")); |
2135 | 0 | YYERROR; |
2136 | 0 | } |
2137 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2138 | 0 | parser_leak_add(LEAK_DIGEST, (yyval.digest)); |
2139 | 0 | } |
2140 | 0 | #line 2135 "gram.c" |
2141 | 0 | break; |
2142 | | |
2143 | 0 | case 47: /* digestspec: SHA384_TOK ':' DIGEST */ |
2144 | 0 | #line 531 "gram.y" |
2145 | 0 | { |
2146 | 0 | (yyval.digest) = new_digest(SUDO_DIGEST_SHA384, (yyvsp[0].string)); |
2147 | 0 | if ((yyval.digest) == NULL) { |
2148 | 0 | sudoerserror(N_("unable to allocate memory")); |
2149 | 0 | YYERROR; |
2150 | 0 | } |
2151 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2152 | 0 | parser_leak_add(LEAK_DIGEST, (yyval.digest)); |
2153 | 0 | } |
2154 | 0 | #line 2149 "gram.c" |
2155 | 0 | break; |
2156 | | |
2157 | 0 | case 48: /* digestspec: SHA512_TOK ':' DIGEST */ |
2158 | 0 | #line 540 "gram.y" |
2159 | 0 | { |
2160 | 0 | (yyval.digest) = new_digest(SUDO_DIGEST_SHA512, (yyvsp[0].string)); |
2161 | 0 | if ((yyval.digest) == NULL) { |
2162 | 0 | sudoerserror(N_("unable to allocate memory")); |
2163 | 0 | YYERROR; |
2164 | 0 | } |
2165 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2166 | 0 | parser_leak_add(LEAK_DIGEST, (yyval.digest)); |
2167 | 0 | } |
2168 | 0 | #line 2163 "gram.c" |
2169 | 0 | break; |
2170 | | |
2171 | 0 | case 50: /* digestlist: digestlist ',' digestspec */ |
2172 | 0 | #line 552 "gram.y" |
2173 | 0 | { |
2174 | 0 | parser_leak_remove(LEAK_DIGEST, (yyvsp[0].digest)); |
2175 | 0 | HLTQ_CONCAT((yyvsp[-2].digest), (yyvsp[0].digest), entries); |
2176 | 0 | (yyval.digest) = (yyvsp[-2].digest); |
2177 | 0 | } |
2178 | 0 | #line 2173 "gram.c" |
2179 | 0 | break; |
2180 | | |
2181 | 0 | case 51: /* digcmnd: opcmnd */ |
2182 | 0 | #line 559 "gram.y" |
2183 | 0 | { |
2184 | 0 | (yyval.member) = (yyvsp[0].member); |
2185 | 0 | } |
2186 | 0 | #line 2181 "gram.c" |
2187 | 0 | break; |
2188 | | |
2189 | 0 | case 52: /* digcmnd: digestlist opcmnd */ |
2190 | 0 | #line 562 "gram.y" |
2191 | 0 | { |
2192 | 0 | struct sudo_command *c = |
2193 | 0 | (struct sudo_command *) (yyvsp[0].member)->name; |
2194 | |
|
2195 | 0 | if ((yyvsp[0].member)->type != COMMAND && (yyvsp[0].member)->type != ALL) { |
2196 | 0 | sudoerserror(N_("a digest requires a path name")); |
2197 | 0 | YYERROR; |
2198 | 0 | } |
2199 | 0 | parser_leak_remove(LEAK_DIGEST, (yyvsp[-1].digest)); |
2200 | 0 | HLTQ_TO_TAILQ(&c->digests, (yyvsp[-1].digest), entries); |
2201 | 0 | (yyval.member) = (yyvsp[0].member); |
2202 | 0 | } |
2203 | 0 | #line 2198 "gram.c" |
2204 | 0 | break; |
2205 | | |
2206 | 0 | case 53: /* opcmnd: cmnd */ |
2207 | 0 | #line 576 "gram.y" |
2208 | 0 | { |
2209 | 0 | (yyval.member) = (yyvsp[0].member); |
2210 | 0 | (yyval.member)->negated = false; |
2211 | 0 | } |
2212 | 0 | #line 2207 "gram.c" |
2213 | 0 | break; |
2214 | | |
2215 | 0 | case 54: /* opcmnd: '!' cmnd */ |
2216 | 0 | #line 580 "gram.y" |
2217 | 0 | { |
2218 | 0 | (yyval.member) = (yyvsp[0].member); |
2219 | 0 | (yyval.member)->negated = true; |
2220 | 0 | } |
2221 | 0 | #line 2216 "gram.c" |
2222 | 0 | break; |
2223 | | |
2224 | 0 | case 55: /* chdirspec: CWD '=' WORD */ |
2225 | 0 | #line 586 "gram.y" |
2226 | 0 | { |
2227 | 0 | if ((yyvsp[0].string)[0] != '/' && (yyvsp[0].string)[0] != '~') { |
2228 | 0 | if (strcmp((yyvsp[0].string), "*") != 0) { |
2229 | 0 | sudoerserror(N_("values for \"CWD\" must" |
2230 | 0 | " start with a '/', '~', or '*'")); |
2231 | 0 | YYERROR; |
2232 | 0 | } |
2233 | 0 | } |
2234 | 0 | if (strlen((yyvsp[0].string)) >= PATH_MAX) { |
2235 | 0 | sudoerserror(N_("\"CWD\" path too long")); |
2236 | 0 | YYERROR; |
2237 | 0 | } |
2238 | 0 | (yyval.string) = (yyvsp[0].string); |
2239 | 0 | } |
2240 | 0 | #line 2235 "gram.c" |
2241 | 0 | break; |
2242 | | |
2243 | 0 | case 56: /* chrootspec: CHROOT '=' WORD */ |
2244 | 0 | #line 602 "gram.y" |
2245 | 0 | { |
2246 | 0 | if ((yyvsp[0].string)[0] != '/' && (yyvsp[0].string)[0] != '~') { |
2247 | 0 | if (strcmp((yyvsp[0].string), "*") != 0) { |
2248 | 0 | sudoerserror(N_("values for \"CHROOT\" must" |
2249 | 0 | " start with a '/', '~', or '*'")); |
2250 | 0 | YYERROR; |
2251 | 0 | } |
2252 | 0 | } |
2253 | 0 | if (strlen((yyvsp[0].string)) >= PATH_MAX) { |
2254 | 0 | sudoerserror(N_("\"CHROOT\" path too long")); |
2255 | 0 | YYERROR; |
2256 | 0 | } |
2257 | 0 | if (parser_conf.strict > 2) { |
2258 | 0 | sudoerserror(N_("\"CHROOT\" is deprecated")); |
2259 | 0 | YYERROR; |
2260 | 0 | } else if (parser_conf.verbose > 0) { |
2261 | 0 | parser_warnx(parsed_policy.ctx, sudoers, this_lineno, sudolinebuf.toke_start + 1, false, false, N_("\"CHROOT\" is deprecated")); |
2262 | 0 | } |
2263 | 0 | (yyval.string) = (yyvsp[0].string); |
2264 | 0 | } |
2265 | 0 | #line 2260 "gram.c" |
2266 | 0 | break; |
2267 | | |
2268 | 0 | case 57: /* timeoutspec: CMND_TIMEOUT '=' WORD */ |
2269 | 0 | #line 624 "gram.y" |
2270 | 0 | { |
2271 | 0 | (yyval.string) = (yyvsp[0].string); |
2272 | 0 | } |
2273 | 0 | #line 2268 "gram.c" |
2274 | 0 | break; |
2275 | | |
2276 | 0 | case 58: /* notbeforespec: NOTBEFORE '=' WORD */ |
2277 | 0 | #line 629 "gram.y" |
2278 | 0 | { |
2279 | 0 | (yyval.string) = (yyvsp[0].string); |
2280 | 0 | } |
2281 | 0 | #line 2276 "gram.c" |
2282 | 0 | break; |
2283 | | |
2284 | 0 | case 59: /* notafterspec: NOTAFTER '=' WORD */ |
2285 | 0 | #line 633 "gram.y" |
2286 | 0 | { |
2287 | 0 | (yyval.string) = (yyvsp[0].string); |
2288 | 0 | } |
2289 | 0 | #line 2284 "gram.c" |
2290 | 0 | break; |
2291 | | |
2292 | 0 | case 60: /* rolespec: ROLE '=' WORD */ |
2293 | 0 | #line 638 "gram.y" |
2294 | 0 | { |
2295 | 0 | (yyval.string) = (yyvsp[0].string); |
2296 | 0 | } |
2297 | 0 | #line 2292 "gram.c" |
2298 | 0 | break; |
2299 | | |
2300 | 0 | case 61: /* typespec: TYPE '=' WORD */ |
2301 | 0 | #line 643 "gram.y" |
2302 | 0 | { |
2303 | 0 | (yyval.string) = (yyvsp[0].string); |
2304 | 0 | } |
2305 | 0 | #line 2300 "gram.c" |
2306 | 0 | break; |
2307 | | |
2308 | 0 | case 62: /* apparmor_profilespec: APPARMOR_PROFILE '=' WORD */ |
2309 | 0 | #line 648 "gram.y" |
2310 | 0 | { |
2311 | 0 | (yyval.string) = (yyvsp[0].string); |
2312 | 0 | } |
2313 | 0 | #line 2308 "gram.c" |
2314 | 0 | break; |
2315 | | |
2316 | 0 | case 63: /* privsspec: PRIVS '=' WORD */ |
2317 | 0 | #line 653 "gram.y" |
2318 | 0 | { |
2319 | 0 | (yyval.string) = (yyvsp[0].string); |
2320 | 0 | } |
2321 | 0 | #line 2316 "gram.c" |
2322 | 0 | break; |
2323 | | |
2324 | 0 | case 64: /* limitprivsspec: LIMITPRIVS '=' WORD */ |
2325 | 0 | #line 657 "gram.y" |
2326 | 0 | { |
2327 | 0 | (yyval.string) = (yyvsp[0].string); |
2328 | 0 | } |
2329 | 0 | #line 2324 "gram.c" |
2330 | 0 | break; |
2331 | | |
2332 | 2 | case 65: /* runasspec: %empty */ |
2333 | 2 | #line 662 "gram.y" |
2334 | 2 | { |
2335 | 2 | (yyval.runas) = NULL; |
2336 | 2 | } |
2337 | 2 | #line 2332 "gram.c" |
2338 | 2 | break; |
2339 | | |
2340 | 0 | case 66: /* runasspec: '(' runaslist ')' */ |
2341 | 0 | #line 665 "gram.y" |
2342 | 0 | { |
2343 | 0 | (yyval.runas) = (yyvsp[-1].runas); |
2344 | 0 | } |
2345 | 0 | #line 2340 "gram.c" |
2346 | 0 | break; |
2347 | | |
2348 | 0 | case 67: /* runaslist: %empty */ |
2349 | 0 | #line 670 "gram.y" |
2350 | 0 | { |
2351 | | /* User may run command as themselves. */ |
2352 | 0 | (yyval.runas) = calloc(1, sizeof(struct runascontainer)); |
2353 | 0 | if ((yyval.runas) != NULL) { |
2354 | 0 | (yyval.runas)->runasusers = new_member(NULL, MYSELF); |
2355 | | /* $$->runasgroups = NULL; */ |
2356 | 0 | if ((yyval.runas)->runasusers == NULL) { |
2357 | 0 | free((yyval.runas)); |
2358 | 0 | (yyval.runas) = NULL; |
2359 | 0 | } |
2360 | 0 | } |
2361 | 0 | if ((yyval.runas) == NULL) { |
2362 | 0 | sudoerserror(N_("unable to allocate memory")); |
2363 | 0 | YYERROR; |
2364 | 0 | } |
2365 | 0 | parser_leak_add(LEAK_RUNAS, (yyval.runas)); |
2366 | 0 | } |
2367 | 0 | #line 2362 "gram.c" |
2368 | 0 | break; |
2369 | | |
2370 | 0 | case 68: /* runaslist: userlist */ |
2371 | 0 | #line 687 "gram.y" |
2372 | 0 | { |
2373 | | /* User may run command as a user in userlist. */ |
2374 | 0 | (yyval.runas) = calloc(1, sizeof(struct runascontainer)); |
2375 | 0 | if ((yyval.runas) == NULL) { |
2376 | 0 | sudoerserror(N_("unable to allocate memory")); |
2377 | 0 | YYERROR; |
2378 | 0 | } |
2379 | 0 | parser_leak_add(LEAK_RUNAS, (yyval.runas)); |
2380 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2381 | 0 | (yyval.runas)->runasusers = (yyvsp[0].member); |
2382 | | /* $$->runasgroups = NULL; */ |
2383 | 0 | } |
2384 | 0 | #line 2379 "gram.c" |
2385 | 0 | break; |
2386 | | |
2387 | 0 | case 69: /* runaslist: userlist ':' grouplist */ |
2388 | 0 | #line 699 "gram.y" |
2389 | 0 | { |
2390 | | /* |
2391 | | * User may run command as a user in userlist |
2392 | | * and optionally as a group in grouplist. |
2393 | | */ |
2394 | 0 | (yyval.runas) = calloc(1, sizeof(struct runascontainer)); |
2395 | 0 | if ((yyval.runas) == NULL) { |
2396 | 0 | sudoerserror(N_("unable to allocate memory")); |
2397 | 0 | YYERROR; |
2398 | 0 | } |
2399 | 0 | parser_leak_add(LEAK_RUNAS, (yyval.runas)); |
2400 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[-2].member)); |
2401 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2402 | 0 | (yyval.runas)->runasusers = (yyvsp[-2].member); |
2403 | 0 | (yyval.runas)->runasgroups = (yyvsp[0].member); |
2404 | 0 | } |
2405 | 0 | #line 2400 "gram.c" |
2406 | 0 | break; |
2407 | | |
2408 | 0 | case 70: /* runaslist: ':' grouplist */ |
2409 | 0 | #line 715 "gram.y" |
2410 | 0 | { |
2411 | | /* User may run command as a group in grouplist. */ |
2412 | 0 | (yyval.runas) = calloc(1, sizeof(struct runascontainer)); |
2413 | 0 | if ((yyval.runas) != NULL) { |
2414 | 0 | (yyval.runas)->runasusers = new_member(NULL, MYSELF); |
2415 | 0 | if ((yyval.runas)->runasusers == NULL) { |
2416 | 0 | free((yyval.runas)); |
2417 | 0 | (yyval.runas) = NULL; |
2418 | 0 | } |
2419 | 0 | } |
2420 | 0 | if ((yyval.runas) == NULL) { |
2421 | 0 | sudoerserror(N_("unable to allocate memory")); |
2422 | 0 | YYERROR; |
2423 | 0 | } |
2424 | 0 | parser_leak_add(LEAK_RUNAS, (yyval.runas)); |
2425 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2426 | 0 | (yyval.runas)->runasgroups = (yyvsp[0].member); |
2427 | 0 | } |
2428 | 0 | #line 2423 "gram.c" |
2429 | 0 | break; |
2430 | | |
2431 | 0 | case 71: /* runaslist: ':' */ |
2432 | 0 | #line 733 "gram.y" |
2433 | 0 | { |
2434 | | /* User may run command as themselves. */ |
2435 | 0 | (yyval.runas) = calloc(1, sizeof(struct runascontainer)); |
2436 | 0 | if ((yyval.runas) != NULL) { |
2437 | 0 | (yyval.runas)->runasusers = new_member(NULL, MYSELF); |
2438 | | /* $$->runasgroups = NULL; */ |
2439 | 0 | if ((yyval.runas)->runasusers == NULL) { |
2440 | 0 | free((yyval.runas)); |
2441 | 0 | (yyval.runas) = NULL; |
2442 | 0 | } |
2443 | 0 | } |
2444 | 0 | if ((yyval.runas) == NULL) { |
2445 | 0 | sudoerserror(N_("unable to allocate memory")); |
2446 | 0 | YYERROR; |
2447 | 0 | } |
2448 | 0 | parser_leak_add(LEAK_RUNAS, (yyval.runas)); |
2449 | 0 | } |
2450 | 0 | #line 2445 "gram.c" |
2451 | 0 | break; |
2452 | | |
2453 | 0 | case 72: /* reserved_word: ALL */ |
2454 | 0 | #line 752 "gram.y" |
2455 | 0 | { (yyval.cstring) = "ALL"; } |
2456 | 0 | #line 2451 "gram.c" |
2457 | 0 | break; |
2458 | | |
2459 | 0 | case 73: /* reserved_word: CHROOT */ |
2460 | 0 | #line 753 "gram.y" |
2461 | 0 | { (yyval.cstring) = "CHROOT"; } |
2462 | 0 | #line 2457 "gram.c" |
2463 | 0 | break; |
2464 | | |
2465 | 0 | case 74: /* reserved_word: CWD */ |
2466 | 0 | #line 754 "gram.y" |
2467 | 0 | { (yyval.cstring) = "CWD"; } |
2468 | 0 | #line 2463 "gram.c" |
2469 | 0 | break; |
2470 | | |
2471 | 0 | case 75: /* reserved_word: CMND_TIMEOUT */ |
2472 | 0 | #line 755 "gram.y" |
2473 | 0 | { (yyval.cstring) = "CMND_TIMEOUT"; } |
2474 | 0 | #line 2469 "gram.c" |
2475 | 0 | break; |
2476 | | |
2477 | 0 | case 76: /* reserved_word: NOTBEFORE */ |
2478 | 0 | #line 756 "gram.y" |
2479 | 0 | { (yyval.cstring) = "NOTBEFORE"; } |
2480 | 0 | #line 2475 "gram.c" |
2481 | 0 | break; |
2482 | | |
2483 | 0 | case 77: /* reserved_word: NOTAFTER */ |
2484 | 0 | #line 757 "gram.y" |
2485 | 0 | { (yyval.cstring) = "NOTAFTER"; } |
2486 | 0 | #line 2481 "gram.c" |
2487 | 0 | break; |
2488 | | |
2489 | 0 | case 78: /* reserved_word: ROLE */ |
2490 | 0 | #line 758 "gram.y" |
2491 | 0 | { (yyval.cstring) = "ROLE"; } |
2492 | 0 | #line 2487 "gram.c" |
2493 | 0 | break; |
2494 | | |
2495 | 0 | case 79: /* reserved_word: TYPE */ |
2496 | 0 | #line 759 "gram.y" |
2497 | 0 | { (yyval.cstring) = "TYPE"; } |
2498 | 0 | #line 2493 "gram.c" |
2499 | 0 | break; |
2500 | | |
2501 | 0 | case 80: /* reserved_word: PRIVS */ |
2502 | 0 | #line 760 "gram.y" |
2503 | 0 | { (yyval.cstring) = "PRIVS"; } |
2504 | 0 | #line 2499 "gram.c" |
2505 | 0 | break; |
2506 | | |
2507 | 0 | case 81: /* reserved_word: LIMITPRIVS */ |
2508 | 0 | #line 761 "gram.y" |
2509 | 0 | { (yyval.cstring) = "LIMITPRIVS"; } |
2510 | 0 | #line 2505 "gram.c" |
2511 | 0 | break; |
2512 | | |
2513 | 0 | case 82: /* reserved_word: APPARMOR_PROFILE */ |
2514 | 0 | #line 762 "gram.y" |
2515 | 0 | { (yyval.cstring) = "APPARMOR_PROFILE"; } |
2516 | 0 | #line 2511 "gram.c" |
2517 | 0 | break; |
2518 | | |
2519 | 0 | case 83: /* reserved_alias: reserved_word */ |
2520 | 0 | #line 765 "gram.y" |
2521 | 0 | { |
2522 | 0 | sudoerserrorf(U_("syntax error, reserved word %s used as an alias name"), (yyvsp[0].cstring)); |
2523 | 0 | YYERROR; |
2524 | 0 | } |
2525 | 0 | #line 2520 "gram.c" |
2526 | 0 | break; |
2527 | | |
2528 | 2 | case 84: /* options: %empty */ |
2529 | 2 | #line 771 "gram.y" |
2530 | 2 | { |
2531 | 2 | init_options(&(yyval.options)); |
2532 | 2 | } |
2533 | 2 | #line 2528 "gram.c" |
2534 | 2 | break; |
2535 | | |
2536 | 0 | case 85: /* options: options chdirspec */ |
2537 | 0 | #line 774 "gram.y" |
2538 | 0 | { |
2539 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).runcwd); |
2540 | 0 | free((yyval.options).runcwd); |
2541 | 0 | (yyval.options).runcwd = (yyvsp[0].string); |
2542 | 0 | } |
2543 | 0 | #line 2538 "gram.c" |
2544 | 0 | break; |
2545 | | |
2546 | 0 | case 86: /* options: options chrootspec */ |
2547 | 0 | #line 779 "gram.y" |
2548 | 0 | { |
2549 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).runchroot); |
2550 | 0 | free((yyval.options).runchroot); |
2551 | 0 | (yyval.options).runchroot = (yyvsp[0].string); |
2552 | 0 | } |
2553 | 0 | #line 2548 "gram.c" |
2554 | 0 | break; |
2555 | | |
2556 | 0 | case 87: /* options: options notbeforespec */ |
2557 | 0 | #line 784 "gram.y" |
2558 | 0 | { |
2559 | 0 | (yyval.options).notbefore = parse_gentime((yyvsp[0].string)); |
2560 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2561 | 0 | free((yyvsp[0].string)); |
2562 | 0 | if ((yyval.options).notbefore == -1) { |
2563 | 0 | sudoerserror(N_("invalid notbefore value")); |
2564 | 0 | YYERROR; |
2565 | 0 | } |
2566 | 0 | } |
2567 | 0 | #line 2562 "gram.c" |
2568 | 0 | break; |
2569 | | |
2570 | 0 | case 88: /* options: options notafterspec */ |
2571 | 0 | #line 793 "gram.y" |
2572 | 0 | { |
2573 | 0 | (yyval.options).notafter = parse_gentime((yyvsp[0].string)); |
2574 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2575 | 0 | free((yyvsp[0].string)); |
2576 | 0 | if ((yyval.options).notafter == -1) { |
2577 | 0 | sudoerserror(N_("invalid notafter value")); |
2578 | 0 | YYERROR; |
2579 | 0 | } |
2580 | 0 | } |
2581 | 0 | #line 2576 "gram.c" |
2582 | 0 | break; |
2583 | | |
2584 | 0 | case 89: /* options: options timeoutspec */ |
2585 | 0 | #line 802 "gram.y" |
2586 | 0 | { |
2587 | 0 | (yyval.options).timeout = parse_timeout((yyvsp[0].string)); |
2588 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2589 | 0 | free((yyvsp[0].string)); |
2590 | 0 | if ((yyval.options).timeout == -1) { |
2591 | 0 | if (errno == ERANGE) |
2592 | 0 | sudoerserror(N_("timeout value too large")); |
2593 | 0 | else |
2594 | 0 | sudoerserror(N_("invalid timeout value")); |
2595 | 0 | YYERROR; |
2596 | 0 | } |
2597 | 0 | } |
2598 | 0 | #line 2593 "gram.c" |
2599 | 0 | break; |
2600 | | |
2601 | 0 | case 90: /* options: options rolespec */ |
2602 | 0 | #line 814 "gram.y" |
2603 | 0 | { |
2604 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).role); |
2605 | 0 | free((yyval.options).role); |
2606 | 0 | (yyval.options).role = (yyvsp[0].string); |
2607 | 0 | } |
2608 | 0 | #line 2603 "gram.c" |
2609 | 0 | break; |
2610 | | |
2611 | 0 | case 91: /* options: options typespec */ |
2612 | 0 | #line 819 "gram.y" |
2613 | 0 | { |
2614 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).type); |
2615 | 0 | free((yyval.options).type); |
2616 | 0 | (yyval.options).type = (yyvsp[0].string); |
2617 | 0 | } |
2618 | 0 | #line 2613 "gram.c" |
2619 | 0 | break; |
2620 | | |
2621 | 0 | case 92: /* options: options apparmor_profilespec */ |
2622 | 0 | #line 824 "gram.y" |
2623 | 0 | { |
2624 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile); |
2625 | 0 | free((yyval.options).apparmor_profile); |
2626 | 0 | (yyval.options).apparmor_profile = (yyvsp[0].string); |
2627 | 0 | } |
2628 | 0 | #line 2623 "gram.c" |
2629 | 0 | break; |
2630 | | |
2631 | 0 | case 93: /* options: options privsspec */ |
2632 | 0 | #line 829 "gram.y" |
2633 | 0 | { |
2634 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).privs); |
2635 | 0 | free((yyval.options).privs); |
2636 | 0 | (yyval.options).privs = (yyvsp[0].string); |
2637 | 0 | } |
2638 | 0 | #line 2633 "gram.c" |
2639 | 0 | break; |
2640 | | |
2641 | 0 | case 94: /* options: options limitprivsspec */ |
2642 | 0 | #line 834 "gram.y" |
2643 | 0 | { |
2644 | 0 | parser_leak_remove(LEAK_PTR, (yyval.options).limitprivs); |
2645 | 0 | free((yyval.options).limitprivs); |
2646 | 0 | (yyval.options).limitprivs = (yyvsp[0].string); |
2647 | 0 | } |
2648 | 0 | #line 2643 "gram.c" |
2649 | 0 | break; |
2650 | | |
2651 | 2 | case 95: /* cmndtag: %empty */ |
2652 | 2 | #line 841 "gram.y" |
2653 | 2 | { |
2654 | 2 | TAGS_INIT(&(yyval.tag)); |
2655 | 2 | } |
2656 | 2 | #line 2651 "gram.c" |
2657 | 2 | break; |
2658 | | |
2659 | 0 | case 96: /* cmndtag: cmndtag NOPASSWD */ |
2660 | 0 | #line 844 "gram.y" |
2661 | 0 | { |
2662 | 0 | (yyval.tag).nopasswd = true; |
2663 | 0 | } |
2664 | 0 | #line 2659 "gram.c" |
2665 | 0 | break; |
2666 | | |
2667 | 0 | case 97: /* cmndtag: cmndtag PASSWD */ |
2668 | 0 | #line 847 "gram.y" |
2669 | 0 | { |
2670 | 0 | (yyval.tag).nopasswd = false; |
2671 | 0 | } |
2672 | 0 | #line 2667 "gram.c" |
2673 | 0 | break; |
2674 | | |
2675 | 0 | case 98: /* cmndtag: cmndtag NOEXEC */ |
2676 | 0 | #line 850 "gram.y" |
2677 | 0 | { |
2678 | 0 | (yyval.tag).noexec = true; |
2679 | 0 | } |
2680 | 0 | #line 2675 "gram.c" |
2681 | 0 | break; |
2682 | | |
2683 | 0 | case 99: /* cmndtag: cmndtag EXEC */ |
2684 | 0 | #line 853 "gram.y" |
2685 | 0 | { |
2686 | 0 | (yyval.tag).noexec = false; |
2687 | 0 | } |
2688 | 0 | #line 2683 "gram.c" |
2689 | 0 | break; |
2690 | | |
2691 | 0 | case 100: /* cmndtag: cmndtag INTERCEPT */ |
2692 | 0 | #line 856 "gram.y" |
2693 | 0 | { |
2694 | 0 | (yyval.tag).intercept = true; |
2695 | 0 | } |
2696 | 0 | #line 2691 "gram.c" |
2697 | 0 | break; |
2698 | | |
2699 | 0 | case 101: /* cmndtag: cmndtag NOINTERCEPT */ |
2700 | 0 | #line 859 "gram.y" |
2701 | 0 | { |
2702 | 0 | (yyval.tag).intercept = false; |
2703 | 0 | } |
2704 | 0 | #line 2699 "gram.c" |
2705 | 0 | break; |
2706 | | |
2707 | 0 | case 102: /* cmndtag: cmndtag SETENV */ |
2708 | 0 | #line 862 "gram.y" |
2709 | 0 | { |
2710 | 0 | (yyval.tag).setenv = true; |
2711 | 0 | } |
2712 | 0 | #line 2707 "gram.c" |
2713 | 0 | break; |
2714 | | |
2715 | 0 | case 103: /* cmndtag: cmndtag NOSETENV */ |
2716 | 0 | #line 865 "gram.y" |
2717 | 0 | { |
2718 | 0 | (yyval.tag).setenv = false; |
2719 | 0 | } |
2720 | 0 | #line 2715 "gram.c" |
2721 | 0 | break; |
2722 | | |
2723 | 0 | case 104: /* cmndtag: cmndtag LOG_INPUT */ |
2724 | 0 | #line 868 "gram.y" |
2725 | 0 | { |
2726 | 0 | (yyval.tag).log_input = true; |
2727 | 0 | } |
2728 | 0 | #line 2723 "gram.c" |
2729 | 0 | break; |
2730 | | |
2731 | 0 | case 105: /* cmndtag: cmndtag NOLOG_INPUT */ |
2732 | 0 | #line 871 "gram.y" |
2733 | 0 | { |
2734 | 0 | (yyval.tag).log_input = false; |
2735 | 0 | } |
2736 | 0 | #line 2731 "gram.c" |
2737 | 0 | break; |
2738 | | |
2739 | 0 | case 106: /* cmndtag: cmndtag LOG_OUTPUT */ |
2740 | 0 | #line 874 "gram.y" |
2741 | 0 | { |
2742 | 0 | (yyval.tag).log_output = true; |
2743 | 0 | } |
2744 | 0 | #line 2739 "gram.c" |
2745 | 0 | break; |
2746 | | |
2747 | 0 | case 107: /* cmndtag: cmndtag NOLOG_OUTPUT */ |
2748 | 0 | #line 877 "gram.y" |
2749 | 0 | { |
2750 | 0 | (yyval.tag).log_output = false; |
2751 | 0 | } |
2752 | 0 | #line 2747 "gram.c" |
2753 | 0 | break; |
2754 | | |
2755 | 0 | case 108: /* cmndtag: cmndtag FOLLOWLNK */ |
2756 | 0 | #line 880 "gram.y" |
2757 | 0 | { |
2758 | 0 | (yyval.tag).follow = true; |
2759 | 0 | } |
2760 | 0 | #line 2755 "gram.c" |
2761 | 0 | break; |
2762 | | |
2763 | 0 | case 109: /* cmndtag: cmndtag NOFOLLOWLNK */ |
2764 | 0 | #line 883 "gram.y" |
2765 | 0 | { |
2766 | 0 | (yyval.tag).follow = false; |
2767 | 0 | } |
2768 | 0 | #line 2763 "gram.c" |
2769 | 0 | break; |
2770 | | |
2771 | 0 | case 110: /* cmndtag: cmndtag MAIL */ |
2772 | 0 | #line 886 "gram.y" |
2773 | 0 | { |
2774 | 0 | (yyval.tag).send_mail = true; |
2775 | 0 | } |
2776 | 0 | #line 2771 "gram.c" |
2777 | 0 | break; |
2778 | | |
2779 | 0 | case 111: /* cmndtag: cmndtag NOMAIL */ |
2780 | 0 | #line 889 "gram.y" |
2781 | 0 | { |
2782 | 0 | (yyval.tag).send_mail = false; |
2783 | 0 | } |
2784 | 0 | #line 2779 "gram.c" |
2785 | 0 | break; |
2786 | | |
2787 | 0 | case 112: /* cmnd: ALL */ |
2788 | 0 | #line 894 "gram.y" |
2789 | 0 | { |
2790 | 0 | struct sudo_command *c; |
2791 | |
|
2792 | 0 | if ((c = new_command(NULL, NULL)) == NULL) { |
2793 | 0 | sudoerserror(N_("unable to allocate memory")); |
2794 | 0 | YYERROR; |
2795 | 0 | } |
2796 | 0 | (yyval.member) = new_member((char *)c, ALL); |
2797 | 0 | if ((yyval.member) == NULL) { |
2798 | 0 | sudoerserror(N_("unable to allocate memory")); |
2799 | 0 | YYERROR; |
2800 | 0 | } |
2801 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2802 | 0 | } |
2803 | 0 | #line 2798 "gram.c" |
2804 | 0 | break; |
2805 | | |
2806 | 0 | case 113: /* cmnd: ALIAS */ |
2807 | 0 | #line 908 "gram.y" |
2808 | 0 | { |
2809 | 0 | (yyval.member) = new_member((yyvsp[0].string), ALIAS); |
2810 | 0 | if ((yyval.member) == NULL) { |
2811 | 0 | sudoerserror(N_("unable to allocate memory")); |
2812 | 0 | YYERROR; |
2813 | 0 | } |
2814 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2815 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2816 | 0 | } |
2817 | 0 | #line 2812 "gram.c" |
2818 | 0 | break; |
2819 | | |
2820 | 0 | case 114: /* cmnd: COMMAND */ |
2821 | 0 | #line 917 "gram.y" |
2822 | 0 | { |
2823 | 0 | struct sudo_command *c; |
2824 | |
|
2825 | 0 | if (strlen((yyvsp[0].command).cmnd) >= PATH_MAX) { |
2826 | 0 | sudoerserror(N_("command too long")); |
2827 | 0 | YYERROR; |
2828 | 0 | } |
2829 | 0 | if ((c = new_command((yyvsp[0].command).cmnd, (yyvsp[0].command).args)) == NULL) { |
2830 | 0 | sudoerserror(N_("unable to allocate memory")); |
2831 | 0 | YYERROR; |
2832 | 0 | } |
2833 | 0 | (yyval.member) = new_member((char *)c, COMMAND); |
2834 | 0 | if ((yyval.member) == NULL) { |
2835 | 0 | free(c); |
2836 | 0 | sudoerserror(N_("unable to allocate memory")); |
2837 | 0 | YYERROR; |
2838 | 0 | } |
2839 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].command).cmnd); |
2840 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].command).args); |
2841 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2842 | 0 | } |
2843 | 0 | #line 2838 "gram.c" |
2844 | 0 | break; |
2845 | | |
2846 | 0 | case 115: /* cmnd: WORD */ |
2847 | 0 | #line 938 "gram.y" |
2848 | 0 | { |
2849 | 0 | if (strcmp((yyvsp[0].string), "list") == 0) { |
2850 | 0 | struct sudo_command *c; |
2851 | |
|
2852 | 0 | if ((c = new_command((yyvsp[0].string), NULL)) == NULL) { |
2853 | 0 | sudoerserror(N_("unable to allocate memory")); |
2854 | 0 | YYERROR; |
2855 | 0 | } |
2856 | 0 | (yyval.member) = new_member((char *)c, COMMAND); |
2857 | 0 | if ((yyval.member) == NULL) { |
2858 | 0 | free(c); |
2859 | 0 | sudoerserror(N_("unable to allocate memory")); |
2860 | 0 | YYERROR; |
2861 | 0 | } |
2862 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
2863 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
2864 | 0 | } else { |
2865 | 0 | sudoerserror(N_("expected a fully-qualified path name")); |
2866 | 0 | YYERROR; |
2867 | 0 | } |
2868 | 0 | } |
2869 | 0 | #line 2864 "gram.c" |
2870 | 0 | break; |
2871 | | |
2872 | 0 | case 118: /* $@1: %empty */ |
2873 | 0 | #line 965 "gram.y" |
2874 | 0 | { |
2875 | 0 | alias_line = this_lineno; |
2876 | 0 | alias_column = (int)sudolinebuf.toke_start + 1; |
2877 | 0 | } |
2878 | 0 | #line 2873 "gram.c" |
2879 | 0 | break; |
2880 | | |
2881 | 0 | case 119: /* hostalias: ALIAS $@1 '=' hostlist */ |
2882 | 0 | #line 968 "gram.y" |
2883 | 0 | { |
2884 | 0 | if (!alias_add(&parsed_policy, (yyvsp[-3].string), HOSTALIAS, |
2885 | 0 | sudoers, alias_line, alias_column, (yyvsp[0].member))) { |
2886 | 0 | alias_error((yyvsp[-3].string), HOSTALIAS, errno); |
2887 | 0 | YYERROR; |
2888 | 0 | } |
2889 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); |
2890 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2891 | 0 | } |
2892 | 0 | #line 2887 "gram.c" |
2893 | 0 | break; |
2894 | | |
2895 | 8 | case 122: /* hostlist: hostlist ',' ophost */ |
2896 | 8 | #line 981 "gram.y" |
2897 | 8 | { |
2898 | 8 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2899 | 8 | HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); |
2900 | 8 | (yyval.member) = (yyvsp[-2].member); |
2901 | 8 | } |
2902 | 8 | #line 2897 "gram.c" |
2903 | 8 | break; |
2904 | | |
2905 | 0 | case 125: /* $@2: %empty */ |
2906 | 0 | #line 992 "gram.y" |
2907 | 0 | { |
2908 | 0 | alias_line = this_lineno; |
2909 | 0 | alias_column = (int)sudolinebuf.toke_start + 1; |
2910 | 0 | } |
2911 | 0 | #line 2906 "gram.c" |
2912 | 0 | break; |
2913 | | |
2914 | 0 | case 126: /* cmndalias: ALIAS $@2 '=' cmndlist */ |
2915 | 0 | #line 995 "gram.y" |
2916 | 0 | { |
2917 | 0 | if (!alias_add(&parsed_policy, (yyvsp[-3].string), CMNDALIAS, |
2918 | 0 | sudoers, alias_line, alias_column, (yyvsp[0].member))) { |
2919 | 0 | alias_error((yyvsp[-3].string), CMNDALIAS, errno); |
2920 | 0 | YYERROR; |
2921 | 0 | } |
2922 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); |
2923 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2924 | 0 | } |
2925 | 0 | #line 2920 "gram.c" |
2926 | 0 | break; |
2927 | | |
2928 | 0 | case 129: /* cmndlist: cmndlist ',' digcmnd */ |
2929 | 0 | #line 1008 "gram.y" |
2930 | 0 | { |
2931 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2932 | 0 | HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); |
2933 | 0 | (yyval.member) = (yyvsp[-2].member); |
2934 | 0 | } |
2935 | 0 | #line 2930 "gram.c" |
2936 | 0 | break; |
2937 | | |
2938 | 0 | case 132: /* $@3: %empty */ |
2939 | 0 | #line 1019 "gram.y" |
2940 | 0 | { |
2941 | 0 | alias_line = this_lineno; |
2942 | 0 | alias_column = (int)sudolinebuf.toke_start + 1; |
2943 | 0 | } |
2944 | 0 | #line 2939 "gram.c" |
2945 | 0 | break; |
2946 | | |
2947 | 0 | case 133: /* runasalias: ALIAS $@3 '=' userlist */ |
2948 | 0 | #line 1022 "gram.y" |
2949 | 0 | { |
2950 | 0 | if (!alias_add(&parsed_policy, (yyvsp[-3].string), RUNASALIAS, |
2951 | 0 | sudoers, alias_line, alias_column, (yyvsp[0].member))) { |
2952 | 0 | alias_error((yyvsp[-3].string), RUNASALIAS, errno); |
2953 | 0 | YYERROR; |
2954 | 0 | } |
2955 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); |
2956 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2957 | 0 | } |
2958 | 0 | #line 2953 "gram.c" |
2959 | 0 | break; |
2960 | | |
2961 | 0 | case 137: /* $@4: %empty */ |
2962 | 0 | #line 1038 "gram.y" |
2963 | 0 | { |
2964 | 0 | alias_line = this_lineno; |
2965 | 0 | alias_column = (int)sudolinebuf.toke_start + 1; |
2966 | 0 | } |
2967 | 0 | #line 2962 "gram.c" |
2968 | 0 | break; |
2969 | | |
2970 | 0 | case 138: /* useralias: ALIAS $@4 '=' userlist */ |
2971 | 0 | #line 1041 "gram.y" |
2972 | 0 | { |
2973 | 0 | if (!alias_add(&parsed_policy, (yyvsp[-3].string), USERALIAS, |
2974 | 0 | sudoers, alias_line, alias_column, (yyvsp[0].member))) { |
2975 | 0 | alias_error((yyvsp[-3].string), USERALIAS, errno); |
2976 | 0 | YYERROR; |
2977 | 0 | } |
2978 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[-3].string)); |
2979 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2980 | 0 | } |
2981 | 0 | #line 2976 "gram.c" |
2982 | 0 | break; |
2983 | | |
2984 | 4 | case 141: /* userlist: userlist ',' opuser */ |
2985 | 4 | #line 1054 "gram.y" |
2986 | 4 | { |
2987 | 4 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
2988 | 4 | HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); |
2989 | 4 | (yyval.member) = (yyvsp[-2].member); |
2990 | 4 | } |
2991 | 4 | #line 2986 "gram.c" |
2992 | 4 | break; |
2993 | | |
2994 | 27 | case 142: /* opuser: user */ |
2995 | 27 | #line 1061 "gram.y" |
2996 | 27 | { |
2997 | 27 | (yyval.member) = (yyvsp[0].member); |
2998 | 27 | (yyval.member)->negated = false; |
2999 | 27 | } |
3000 | 27 | #line 2995 "gram.c" |
3001 | 27 | break; |
3002 | | |
3003 | 0 | case 143: /* opuser: '!' user */ |
3004 | 0 | #line 1065 "gram.y" |
3005 | 0 | { |
3006 | 0 | (yyval.member) = (yyvsp[0].member); |
3007 | 0 | (yyval.member)->negated = true; |
3008 | 0 | } |
3009 | 0 | #line 3004 "gram.c" |
3010 | 0 | break; |
3011 | | |
3012 | 0 | case 144: /* user: ALIAS */ |
3013 | 0 | #line 1071 "gram.y" |
3014 | 0 | { |
3015 | 0 | (yyval.member) = new_member((yyvsp[0].string), ALIAS); |
3016 | 0 | if ((yyval.member) == NULL) { |
3017 | 0 | sudoerserror(N_("unable to allocate memory")); |
3018 | 0 | YYERROR; |
3019 | 0 | } |
3020 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
3021 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3022 | 0 | } |
3023 | 0 | #line 3018 "gram.c" |
3024 | 0 | break; |
3025 | | |
3026 | 0 | case 145: /* user: ALL */ |
3027 | 0 | #line 1080 "gram.y" |
3028 | 0 | { |
3029 | 0 | (yyval.member) = new_member(NULL, ALL); |
3030 | 0 | if ((yyval.member) == NULL) { |
3031 | 0 | sudoerserror(N_("unable to allocate memory")); |
3032 | 0 | YYERROR; |
3033 | 0 | } |
3034 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3035 | 0 | } |
3036 | 0 | #line 3031 "gram.c" |
3037 | 0 | break; |
3038 | | |
3039 | 0 | case 146: /* user: NETGROUP */ |
3040 | 0 | #line 1088 "gram.y" |
3041 | 0 | { |
3042 | 0 | (yyval.member) = new_member((yyvsp[0].string), NETGROUP); |
3043 | 0 | if ((yyval.member) == NULL) { |
3044 | 0 | sudoerserror(N_("unable to allocate memory")); |
3045 | 0 | YYERROR; |
3046 | 0 | } |
3047 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
3048 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3049 | 0 | } |
3050 | 0 | #line 3045 "gram.c" |
3051 | 0 | break; |
3052 | | |
3053 | 0 | case 147: /* user: USERGROUP */ |
3054 | 0 | #line 1097 "gram.y" |
3055 | 0 | { |
3056 | 0 | (yyval.member) = new_member((yyvsp[0].string), USERGROUP); |
3057 | 0 | if ((yyval.member) == NULL) { |
3058 | 0 | sudoerserror(N_("unable to allocate memory")); |
3059 | 0 | YYERROR; |
3060 | 0 | } |
3061 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
3062 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3063 | 0 | } |
3064 | 0 | #line 3059 "gram.c" |
3065 | 0 | break; |
3066 | | |
3067 | 27 | case 148: /* user: WORD */ |
3068 | 27 | #line 1106 "gram.y" |
3069 | 27 | { |
3070 | 27 | (yyval.member) = new_member((yyvsp[0].string), WORD); |
3071 | 27 | if ((yyval.member) == NULL) { |
3072 | 0 | sudoerserror(N_("unable to allocate memory")); |
3073 | 0 | YYERROR; |
3074 | 0 | } |
3075 | 27 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
3076 | 27 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3077 | 27 | } |
3078 | 0 | #line 3073 "gram.c" |
3079 | 0 | break; |
3080 | | |
3081 | 0 | case 150: /* grouplist: grouplist ',' opgroup */ |
3082 | 0 | #line 1118 "gram.y" |
3083 | 0 | { |
3084 | 0 | parser_leak_remove(LEAK_MEMBER, (yyvsp[0].member)); |
3085 | 0 | HLTQ_CONCAT((yyvsp[-2].member), (yyvsp[0].member), entries); |
3086 | 0 | (yyval.member) = (yyvsp[-2].member); |
3087 | 0 | } |
3088 | 0 | #line 3083 "gram.c" |
3089 | 0 | break; |
3090 | | |
3091 | 0 | case 151: /* opgroup: group */ |
3092 | 0 | #line 1125 "gram.y" |
3093 | 0 | { |
3094 | 0 | (yyval.member) = (yyvsp[0].member); |
3095 | 0 | (yyval.member)->negated = false; |
3096 | 0 | } |
3097 | 0 | #line 3092 "gram.c" |
3098 | 0 | break; |
3099 | | |
3100 | 0 | case 152: /* opgroup: '!' group */ |
3101 | 0 | #line 1129 "gram.y" |
3102 | 0 | { |
3103 | 0 | (yyval.member) = (yyvsp[0].member); |
3104 | 0 | (yyval.member)->negated = true; |
3105 | 0 | } |
3106 | 0 | #line 3101 "gram.c" |
3107 | 0 | break; |
3108 | | |
3109 | 0 | case 153: /* group: ALIAS */ |
3110 | 0 | #line 1135 "gram.y" |
3111 | 0 | { |
3112 | 0 | (yyval.member) = new_member((yyvsp[0].string), ALIAS); |
3113 | 0 | if ((yyval.member) == NULL) { |
3114 | 0 | sudoerserror(N_("unable to allocate memory")); |
3115 | 0 | YYERROR; |
3116 | 0 | } |
3117 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
3118 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3119 | 0 | } |
3120 | 0 | #line 3115 "gram.c" |
3121 | 0 | break; |
3122 | | |
3123 | 0 | case 154: /* group: ALL */ |
3124 | 0 | #line 1144 "gram.y" |
3125 | 0 | { |
3126 | 0 | (yyval.member) = new_member(NULL, ALL); |
3127 | 0 | if ((yyval.member) == NULL) { |
3128 | 0 | sudoerserror(N_("unable to allocate memory")); |
3129 | 0 | YYERROR; |
3130 | 0 | } |
3131 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3132 | 0 | } |
3133 | 0 | #line 3128 "gram.c" |
3134 | 0 | break; |
3135 | | |
3136 | 0 | case 155: /* group: WORD */ |
3137 | 0 | #line 1152 "gram.y" |
3138 | 0 | { |
3139 | 0 | (yyval.member) = new_member((yyvsp[0].string), WORD); |
3140 | 0 | if ((yyval.member) == NULL) { |
3141 | 0 | sudoerserror(N_("unable to allocate memory")); |
3142 | 0 | YYERROR; |
3143 | 0 | } |
3144 | 0 | parser_leak_remove(LEAK_PTR, (yyvsp[0].string)); |
3145 | 0 | parser_leak_add(LEAK_MEMBER, (yyval.member)); |
3146 | 0 | } |
3147 | 0 | #line 3142 "gram.c" |
3148 | 0 | break; |
3149 | | |
3150 | | |
3151 | 0 | #line 3146 "gram.c" |
3152 | | |
3153 | 75 | default: break; |
3154 | 218 | } |
3155 | | /* User semantic actions sometimes alter yychar, and that requires |
3156 | | that yytoken be updated with the new translation. We take the |
3157 | | approach of translating immediately before every use of yytoken. |
3158 | | One alternative is translating here after every semantic action, |
3159 | | but that translation would be missed if the semantic action invokes |
3160 | | YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or |
3161 | | if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an |
3162 | | incorrect destructor might then be invoked immediately. In the |
3163 | | case of YYERROR or YYBACKUP, subsequent parser actions might lead |
3164 | | to an incorrect destructor call or verbose syntax error message |
3165 | | before the lookahead is translated. */ |
3166 | 218 | YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); |
3167 | | |
3168 | 218 | YYPOPSTACK (yylen); |
3169 | 218 | yylen = 0; |
3170 | | |
3171 | 218 | *++yyvsp = yyval; |
3172 | | |
3173 | | /* Now 'shift' the result of the reduction. Determine what state |
3174 | | that goes to, based on the state we popped back to and the rule |
3175 | | number reduced by. */ |
3176 | 218 | { |
3177 | 218 | const int yylhs = yyr1[yyn] - YYNTOKENS; |
3178 | 218 | const int yyi = yypgoto[yylhs] + *yyssp; |
3179 | 218 | yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp |
3180 | 218 | ? yytable[yyi] |
3181 | 218 | : yydefgoto[yylhs]); |
3182 | 218 | } |
3183 | | |
3184 | 218 | goto yynewstate; |
3185 | | |
3186 | | |
3187 | | /*--------------------------------------. |
3188 | | | yyerrlab -- here on detecting error. | |
3189 | | `--------------------------------------*/ |
3190 | 138k | yyerrlab: |
3191 | | /* Make sure we have latest lookahead translation. See comments at |
3192 | | user semantic actions for why this is necessary. */ |
3193 | 138k | yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); |
3194 | | /* If not already recovering from an error, report this error. */ |
3195 | 138k | if (!yyerrstatus) |
3196 | 25 | { |
3197 | 25 | ++yynerrs; |
3198 | 25 | yyerror (YY_("syntax error")); |
3199 | 25 | } |
3200 | | |
3201 | 138k | if (yyerrstatus == 3) |
3202 | 138k | { |
3203 | | /* If just tried and failed to reuse lookahead token after an |
3204 | | error, discard it. */ |
3205 | | |
3206 | 138k | if (yychar <= YYEOF) |
3207 | 1 | { |
3208 | | /* Return failure if at end of input. */ |
3209 | 1 | if (yychar == YYEOF) |
3210 | 1 | YYABORT; |
3211 | 1 | } |
3212 | 138k | else |
3213 | 138k | { |
3214 | 138k | yydestruct ("Error: discarding", |
3215 | 138k | yytoken, &yylval); |
3216 | 138k | yychar = YYEMPTY; |
3217 | 138k | } |
3218 | 138k | } |
3219 | | |
3220 | | /* Else will try to reuse lookahead token after shifting the error |
3221 | | token. */ |
3222 | 138k | goto yyerrlab1; |
3223 | | |
3224 | | |
3225 | | /*---------------------------------------------------. |
3226 | | | yyerrorlab -- error raised explicitly by YYERROR. | |
3227 | | `---------------------------------------------------*/ |
3228 | 138k | yyerrorlab: |
3229 | | /* Pacify compilers when the user code never invokes YYERROR and the |
3230 | | label yyerrorlab therefore never appears in user code. */ |
3231 | 0 | if (0) |
3232 | 0 | YYERROR; |
3233 | 0 | ++yynerrs; |
3234 | | |
3235 | | /* Do not reclaim the symbols of the rule whose action triggered |
3236 | | this YYERROR. */ |
3237 | 0 | YYPOPSTACK (yylen); |
3238 | 0 | yylen = 0; |
3239 | 0 | YY_STACK_PRINT (yyss, yyssp); |
3240 | 0 | yystate = *yyssp; |
3241 | 0 | goto yyerrlab1; |
3242 | | |
3243 | | |
3244 | | /*-------------------------------------------------------------. |
3245 | | | yyerrlab1 -- common code for both syntax error and YYERROR. | |
3246 | | `-------------------------------------------------------------*/ |
3247 | 138k | yyerrlab1: |
3248 | 138k | yyerrstatus = 3; /* Each real token shifted decrements this. */ |
3249 | | |
3250 | | /* Pop stack until we find a state that shifts the error token. */ |
3251 | 138k | for (;;) |
3252 | 277k | { |
3253 | 277k | yyn = yypact[yystate]; |
3254 | 277k | if (!yypact_value_is_default (yyn)) |
3255 | 277k | { |
3256 | 277k | yyn += YYSYMBOL_YYerror; |
3257 | 277k | if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) |
3258 | 138k | { |
3259 | 138k | yyn = yytable[yyn]; |
3260 | 138k | if (0 < yyn) |
3261 | 138k | break; |
3262 | 138k | } |
3263 | 277k | } |
3264 | | |
3265 | | /* Pop the current state because it cannot handle the error token. */ |
3266 | 138k | if (yyssp == yyss) |
3267 | 0 | YYABORT; |
3268 | | |
3269 | | |
3270 | 138k | yydestruct ("Error: popping", |
3271 | 138k | YY_ACCESSING_SYMBOL (yystate), yyvsp); |
3272 | 138k | YYPOPSTACK (1); |
3273 | 138k | yystate = *yyssp; |
3274 | 138k | YY_STACK_PRINT (yyss, yyssp); |
3275 | 138k | } |
3276 | | |
3277 | 138k | YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN |
3278 | 138k | *++yyvsp = yylval; |
3279 | 138k | YY_IGNORE_MAYBE_UNINITIALIZED_END |
3280 | | |
3281 | | |
3282 | | /* Shift the error token. */ |
3283 | 138k | YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); |
3284 | | |
3285 | 138k | yystate = yyn; |
3286 | 138k | goto yynewstate; |
3287 | | |
3288 | | |
3289 | | /*-------------------------------------. |
3290 | | | yyacceptlab -- YYACCEPT comes here. | |
3291 | | `-------------------------------------*/ |
3292 | 7 | yyacceptlab: |
3293 | 7 | yyresult = 0; |
3294 | 7 | goto yyreturnlab; |
3295 | | |
3296 | | |
3297 | | /*-----------------------------------. |
3298 | | | yyabortlab -- YYABORT comes here. | |
3299 | | `-----------------------------------*/ |
3300 | 1 | yyabortlab: |
3301 | 1 | yyresult = 1; |
3302 | 1 | goto yyreturnlab; |
3303 | | |
3304 | | |
3305 | | /*-----------------------------------------------------------. |
3306 | | | yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here. | |
3307 | | `-----------------------------------------------------------*/ |
3308 | 0 | yyexhaustedlab: |
3309 | 0 | yyerror (YY_("memory exhausted")); |
3310 | 0 | yyresult = 2; |
3311 | 0 | goto yyreturnlab; |
3312 | | |
3313 | | |
3314 | | /*----------------------------------------------------------. |
3315 | | | yyreturnlab -- parsing is finished, clean up and return. | |
3316 | | `----------------------------------------------------------*/ |
3317 | 8 | yyreturnlab: |
3318 | 8 | if (yychar != YYEMPTY) |
3319 | 1 | { |
3320 | | /* Make sure we have latest lookahead translation. See comments at |
3321 | | user semantic actions for why this is necessary. */ |
3322 | 1 | yytoken = YYTRANSLATE (yychar); |
3323 | 1 | yydestruct ("Cleanup: discarding lookahead", |
3324 | 1 | yytoken, &yylval); |
3325 | 1 | } |
3326 | | /* Do not reclaim the symbols of the rule whose action triggered |
3327 | | this YYABORT or YYACCEPT. */ |
3328 | 8 | YYPOPSTACK (yylen); |
3329 | 8 | YY_STACK_PRINT (yyss, yyssp); |
3330 | 23 | while (yyssp != yyss) |
3331 | 15 | { |
3332 | 15 | yydestruct ("Cleanup: popping", |
3333 | 15 | YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); |
3334 | 15 | YYPOPSTACK (1); |
3335 | 15 | } |
3336 | 8 | #ifndef yyoverflow |
3337 | 8 | if (yyss != yyssa) |
3338 | 0 | YYSTACK_FREE (yyss); |
3339 | 8 | #endif |
3340 | | |
3341 | 8 | return yyresult; |
3342 | 138k | } |
3343 | | |
3344 | | #line 1162 "gram.y" |
3345 | | |
3346 | | /* Like yyerror() but takes a printf-style format string. */ |
3347 | | void |
3348 | | sudoerserrorf(const char * restrict fmt, ...) |
3349 | 25 | { |
3350 | 25 | const int column = (int)(sudolinebuf.toke_start + 1); |
3351 | 25 | va_list ap; |
3352 | 25 | debug_decl(sudoerserrorf, SUDOERS_DEBUG_PARSER); |
3353 | | |
3354 | 25 | if (sudoers_error_hook != NULL) { |
3355 | 0 | va_start(ap, fmt); |
3356 | 0 | sudoers_error_hook(parsed_policy.ctx, sudoers, this_lineno, column, |
3357 | 0 | fmt, ap); |
3358 | 0 | va_end(ap); |
3359 | 0 | } |
3360 | 25 | if (parser_conf.verbose > 0 && fmt != NULL) { |
3361 | 0 | LEXTRACE("<*> "); |
3362 | 0 | #ifndef TRACELEXER |
3363 | 0 | if (trace_print == NULL || trace_print == sudoers_trace_print) { |
3364 | 0 | char *tofree = NULL; |
3365 | 0 | const char *s; |
3366 | 0 | int oldlocale; |
3367 | | |
3368 | | /* Warnings are displayed in the user's locale. */ |
3369 | 0 | sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); |
3370 | |
|
3371 | 0 | va_start(ap, fmt); |
3372 | 0 | if (strcmp(fmt, "%s") == 0) { |
3373 | | /* Optimize common case, a single string. */ |
3374 | 0 | s = _(va_arg(ap, char *)); |
3375 | 0 | } else { |
3376 | 0 | if (vasprintf(&tofree, _(fmt), ap) != -1) { |
3377 | 0 | s = tofree; |
3378 | 0 | } else { |
3379 | 0 | s = _("syntax error"); |
3380 | 0 | tofree = NULL; |
3381 | 0 | } |
3382 | 0 | } |
3383 | 0 | sudo_printf(SUDO_CONV_ERROR_MSG, _("%s:%d:%zu: %s\n"), sudoers, |
3384 | 0 | this_lineno, sudolinebuf.toke_start + 1, s); |
3385 | 0 | free(tofree); |
3386 | 0 | va_end(ap); |
3387 | 0 | sudoers_setlocale(oldlocale, NULL); |
3388 | | |
3389 | | /* Display the offending line and token if possible. */ |
3390 | 0 | if (sudolinebuf.len != 0) { |
3391 | 0 | char tildes[128]; |
3392 | 0 | size_t tlen = 0; |
3393 | |
|
3394 | 0 | sudo_printf(SUDO_CONV_ERROR_MSG, "%s%s", sudolinebuf.buf, |
3395 | 0 | sudolinebuf.buf[sudolinebuf.len - 1] == '\n' ? "" : "\n"); |
3396 | 0 | if (sudolinebuf.toke_end > sudolinebuf.toke_start) { |
3397 | 0 | tlen = sudolinebuf.toke_end - sudolinebuf.toke_start - 1; |
3398 | 0 | if (tlen >= sizeof(tildes)) |
3399 | 0 | tlen = sizeof(tildes) - 1; |
3400 | 0 | memset(tildes, '~', tlen); |
3401 | 0 | } |
3402 | 0 | tildes[tlen] = '\0'; |
3403 | 0 | sudo_printf(SUDO_CONV_ERROR_MSG, "%*s^%s\n", |
3404 | 0 | (int)sudolinebuf.toke_start, "", tildes); |
3405 | 0 | } |
3406 | 0 | } |
3407 | 0 | #endif |
3408 | 0 | } |
3409 | 25 | parse_error = true; |
3410 | 25 | debug_return; |
3411 | 25 | } |
3412 | | |
3413 | | void |
3414 | | sudoerserror(const char *s) |
3415 | 25 | { |
3416 | 25 | if (sudoerschar == ERROR) { |
3417 | | /* Use error string from lexer. */ |
3418 | 2 | s = sudoers_errstr; |
3419 | 2 | sudoers_errstr = NULL; |
3420 | 2 | } |
3421 | | |
3422 | 25 | #pragma pvs(push) |
3423 | 25 | #pragma pvs(disable: 575, 618) |
3424 | | |
3425 | 25 | if (s == NULL) |
3426 | 0 | sudoerserrorf(NULL); |
3427 | 25 | else |
3428 | 25 | sudoerserrorf("%s", s); |
3429 | | |
3430 | 25 | #pragma pvs(pop) |
3431 | 25 | } |
3432 | | |
3433 | | static void |
3434 | | alias_error(const char *name, short type, int errnum) |
3435 | 0 | { |
3436 | 0 | if (errnum == EEXIST) { |
3437 | 0 | struct alias *a = alias_get(&parsed_policy, name, type); |
3438 | 0 | if (a != NULL) { |
3439 | 0 | sudoerserrorf( |
3440 | 0 | U_("duplicate %s \"%s\", previously defined at %s:%d:%d"), |
3441 | 0 | alias_type_to_string(type), name, a->file, a->line, a->column); |
3442 | 0 | alias_put(a); |
3443 | 0 | } else { |
3444 | 0 | if (errno == ELOOP) { |
3445 | 0 | sudoerserrorf(U_("cycle in %s \"%s\""), |
3446 | 0 | alias_type_to_string(type), name); |
3447 | 0 | } else { |
3448 | 0 | sudoerserrorf(U_("duplicate %s \"%s\""), |
3449 | 0 | alias_type_to_string(type), name); |
3450 | 0 | } |
3451 | 0 | } |
3452 | 0 | } else { |
3453 | 0 | sudoerserror(N_("unable to allocate memory")); |
3454 | 0 | } |
3455 | 0 | } |
3456 | | |
3457 | | static struct defaults * |
3458 | | new_default(char *var, char *val, short op) |
3459 | 0 | { |
3460 | 0 | struct defaults *d; |
3461 | 0 | debug_decl(new_default, SUDOERS_DEBUG_PARSER); |
3462 | |
|
3463 | 0 | if ((d = calloc(1, sizeof(struct defaults))) == NULL) { |
3464 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3465 | 0 | "unable to allocate memory"); |
3466 | 0 | debug_return_ptr(NULL); |
3467 | 0 | } |
3468 | | |
3469 | 0 | d->var = var; |
3470 | 0 | d->val = val; |
3471 | | /* d->type = 0; */ |
3472 | 0 | d->op = op; |
3473 | | /* d->binding = NULL; */ |
3474 | 0 | d->line = this_lineno; |
3475 | 0 | d->column = (int)(sudolinebuf.toke_start + 1); |
3476 | 0 | d->file = sudo_rcstr_addref(sudoers); |
3477 | 0 | HLTQ_INIT(d, entries); |
3478 | |
|
3479 | 0 | debug_return_ptr(d); |
3480 | 0 | } |
3481 | | |
3482 | | static struct member * |
3483 | | new_member(char *name, short type) |
3484 | 45 | { |
3485 | 45 | struct member *m; |
3486 | 45 | debug_decl(new_member, SUDOERS_DEBUG_PARSER); |
3487 | | |
3488 | 45 | if ((m = calloc(1, sizeof(struct member))) == NULL) { |
3489 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3490 | 0 | "unable to allocate memory"); |
3491 | 0 | debug_return_ptr(NULL); |
3492 | 0 | } |
3493 | | |
3494 | 45 | m->name = name; |
3495 | 45 | m->type = type; |
3496 | 45 | HLTQ_INIT(m, entries); |
3497 | | |
3498 | 45 | debug_return_ptr(m); |
3499 | 45 | } |
3500 | | |
3501 | | static struct sudo_command * |
3502 | | new_command(char *cmnd, char *args) |
3503 | 0 | { |
3504 | 0 | struct sudo_command *c; |
3505 | 0 | debug_decl(new_command, SUDOERS_DEBUG_PARSER); |
3506 | |
|
3507 | 0 | if ((c = calloc(1, sizeof(*c))) == NULL) { |
3508 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3509 | 0 | "unable to allocate memory"); |
3510 | 0 | debug_return_ptr(NULL); |
3511 | 0 | } |
3512 | | /* garbage collected as part of struct member */ |
3513 | | |
3514 | 0 | c->cmnd = cmnd; |
3515 | 0 | c->args = args; |
3516 | 0 | TAILQ_INIT(&c->digests); |
3517 | |
|
3518 | 0 | debug_return_ptr(c); |
3519 | 0 | } |
3520 | | |
3521 | | static struct command_digest * |
3522 | | new_digest(unsigned int digest_type, char *digest_str) |
3523 | 0 | { |
3524 | 0 | struct command_digest *digest; |
3525 | 0 | debug_decl(new_digest, SUDOERS_DEBUG_PARSER); |
3526 | |
|
3527 | 0 | if ((digest = malloc(sizeof(*digest))) == NULL) { |
3528 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3529 | 0 | "unable to allocate memory"); |
3530 | 0 | debug_return_ptr(NULL); |
3531 | 0 | } |
3532 | | |
3533 | 0 | HLTQ_INIT(digest, entries); |
3534 | 0 | digest->digest_type = digest_type; |
3535 | 0 | digest->digest_str = digest_str; |
3536 | 0 | if (digest->digest_str == NULL) { |
3537 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3538 | 0 | "unable to allocate memory"); |
3539 | 0 | free(digest); |
3540 | 0 | digest = NULL; |
3541 | 0 | } |
3542 | |
|
3543 | 0 | debug_return_ptr(digest); |
3544 | 0 | } |
3545 | | |
3546 | | static void |
3547 | | free_defaults_binding(struct defaults_binding *binding) |
3548 | 0 | { |
3549 | 0 | debug_decl(free_defaults_binding, SUDOERS_DEBUG_PARSER); |
3550 | | |
3551 | | /* Bindings may be shared among multiple Defaults entries. */ |
3552 | 0 | if (binding != NULL) { |
3553 | 0 | if (--binding->refcnt == 0) { |
3554 | 0 | free_members(&binding->members); |
3555 | 0 | free(binding); |
3556 | 0 | } |
3557 | 0 | } |
3558 | |
|
3559 | 0 | debug_return; |
3560 | 0 | } |
3561 | | |
3562 | | /* |
3563 | | * Add a list of defaults structures to the defaults list. |
3564 | | * The bmem argument, if non-NULL, specifies a list of hosts, users, |
3565 | | * or runas users the entries apply to (determined by the type). |
3566 | | */ |
3567 | | static bool |
3568 | | add_defaults(short type, struct member *bmem, struct defaults *defs) |
3569 | 0 | { |
3570 | 0 | struct defaults *d, *next; |
3571 | 0 | struct defaults_binding *binding; |
3572 | 0 | bool ret = true; |
3573 | 0 | debug_decl(add_defaults, SUDOERS_DEBUG_PARSER); |
3574 | |
|
3575 | 0 | if (defs == NULL) |
3576 | 0 | debug_return_bool(false); |
3577 | | |
3578 | | /* |
3579 | | * We use a single binding for each entry in defs. |
3580 | | */ |
3581 | 0 | if ((binding = malloc(sizeof(*binding))) == NULL) { |
3582 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3583 | 0 | "unable to allocate memory"); |
3584 | 0 | sudoerserror(N_("unable to allocate memory")); |
3585 | 0 | debug_return_bool(false); |
3586 | 0 | } |
3587 | 0 | if (bmem != NULL) { |
3588 | 0 | parser_leak_remove(LEAK_MEMBER, bmem); |
3589 | 0 | HLTQ_TO_TAILQ(&binding->members, bmem, entries); |
3590 | 0 | } else { |
3591 | 0 | TAILQ_INIT(&binding->members); |
3592 | 0 | } |
3593 | 0 | binding->refcnt = 0; |
3594 | | |
3595 | | /* |
3596 | | * Set type and binding (who it applies to) for new entries. |
3597 | | * Then add to the global defaults list. |
3598 | | */ |
3599 | 0 | parser_leak_remove(LEAK_DEFAULTS, defs); |
3600 | 0 | HLTQ_FOREACH_SAFE(d, defs, entries, next) { |
3601 | 0 | d->type = type; |
3602 | 0 | d->binding = binding; |
3603 | 0 | binding->refcnt++; |
3604 | 0 | TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries); |
3605 | 0 | } |
3606 | |
|
3607 | 0 | debug_return_bool(ret); |
3608 | 0 | } |
3609 | | |
3610 | | /* |
3611 | | * Allocate a new struct userspec, populate it, and insert it at the |
3612 | | * end of the userspecs list. |
3613 | | */ |
3614 | | static bool |
3615 | | add_userspec(struct member *members, struct privilege *privs) |
3616 | 0 | { |
3617 | 0 | struct userspec *u; |
3618 | 0 | debug_decl(add_userspec, SUDOERS_DEBUG_PARSER); |
3619 | |
|
3620 | 0 | if ((u = calloc(1, sizeof(*u))) == NULL) { |
3621 | 0 | sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, |
3622 | 0 | "unable to allocate memory"); |
3623 | 0 | debug_return_bool(false); |
3624 | 0 | } |
3625 | | /* We already parsed the newline so sudolineno is off by one. */ |
3626 | 0 | u->line = sudolineno - 1; |
3627 | 0 | u->column = (int)(sudolinebuf.toke_start + 1); |
3628 | 0 | u->file = sudo_rcstr_addref(sudoers); |
3629 | 0 | parser_leak_remove(LEAK_MEMBER, members); |
3630 | 0 | HLTQ_TO_TAILQ(&u->users, members, entries); |
3631 | 0 | parser_leak_remove(LEAK_PRIVILEGE, privs); |
3632 | 0 | HLTQ_TO_TAILQ(&u->privileges, privs, entries); |
3633 | 0 | STAILQ_INIT(&u->comments); |
3634 | 0 | TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries); |
3635 | |
|
3636 | 0 | debug_return_bool(true); |
3637 | 0 | } |
3638 | | |
3639 | | /* |
3640 | | * Free a member struct and its contents. |
3641 | | */ |
3642 | | void |
3643 | | free_member(struct member *m) |
3644 | 45 | { |
3645 | 45 | debug_decl(free_member, SUDOERS_DEBUG_PARSER); |
3646 | | |
3647 | 45 | if (m->type == COMMAND || (m->type == ALL && m->name != NULL)) { |
3648 | 0 | struct command_digest *digest; |
3649 | 0 | struct sudo_command *c = (struct sudo_command *)m->name; |
3650 | 0 | free(c->cmnd); |
3651 | 0 | free(c->args); |
3652 | 0 | while ((digest = TAILQ_FIRST(&c->digests)) != NULL) { |
3653 | 0 | TAILQ_REMOVE(&c->digests, digest, entries); |
3654 | 0 | free(digest->digest_str); |
3655 | 0 | free(digest); |
3656 | 0 | } |
3657 | 0 | } |
3658 | 45 | free(m->name); |
3659 | 45 | free(m); |
3660 | | |
3661 | 45 | debug_return; |
3662 | 45 | } |
3663 | | |
3664 | | /* |
3665 | | * Free a tailq of members but not the struct member_list container itself. |
3666 | | */ |
3667 | | void |
3668 | | free_members(struct member_list *members) |
3669 | 0 | { |
3670 | 0 | struct member *m; |
3671 | 0 | debug_decl(free_members, SUDOERS_DEBUG_PARSER); |
3672 | |
|
3673 | 0 | while ((m = TAILQ_FIRST(members)) != NULL) { |
3674 | 0 | TAILQ_REMOVE(members, m, entries); |
3675 | 0 | free_member(m); |
3676 | 0 | } |
3677 | |
|
3678 | 0 | debug_return; |
3679 | 0 | } |
3680 | | |
3681 | | void |
3682 | | free_defaults(struct defaults_list *defs) |
3683 | 24 | { |
3684 | 24 | struct defaults *def; |
3685 | 24 | debug_decl(free_defaults, SUDOERS_DEBUG_PARSER); |
3686 | | |
3687 | 24 | while ((def = TAILQ_FIRST(defs)) != NULL) { |
3688 | 0 | TAILQ_REMOVE(defs, def, entries); |
3689 | 0 | free_default(def); |
3690 | 0 | } |
3691 | | |
3692 | 24 | debug_return; |
3693 | 24 | } |
3694 | | |
3695 | | void |
3696 | | free_default(struct defaults *def) |
3697 | 0 | { |
3698 | 0 | debug_decl(free_default, SUDOERS_DEBUG_PARSER); |
3699 | |
|
3700 | 0 | free_defaults_binding(def->binding); |
3701 | 0 | sudo_rcstr_delref(def->file); |
3702 | 0 | free(def->var); |
3703 | 0 | free(def->val); |
3704 | 0 | free(def); |
3705 | |
|
3706 | 0 | debug_return; |
3707 | 0 | } |
3708 | | |
3709 | | void |
3710 | | free_cmndspec(struct cmndspec *cs, struct cmndspec_list *csl) |
3711 | 0 | { |
3712 | 0 | struct cmndspec *prev, *next; |
3713 | 0 | debug_decl(free_cmndspec, SUDOERS_DEBUG_PARSER); |
3714 | |
|
3715 | 0 | prev = TAILQ_PREV(cs, cmndspec_list, entries); |
3716 | 0 | next = TAILQ_NEXT(cs, entries); |
3717 | 0 | TAILQ_REMOVE(csl, cs, entries); |
3718 | | |
3719 | | /* Don't free runcwd/runchroot that are in use by other entries. */ |
3720 | 0 | if ((prev == NULL || cs->runcwd != prev->runcwd) && |
3721 | 0 | (next == NULL || cs->runcwd != next->runcwd)) { |
3722 | 0 | free(cs->runcwd); |
3723 | 0 | } |
3724 | 0 | if ((prev == NULL || cs->runchroot != prev->runchroot) && |
3725 | 0 | (next == NULL || cs->runchroot != next->runchroot)) { |
3726 | 0 | free(cs->runchroot); |
3727 | 0 | } |
3728 | | /* Don't free root/type that are in use by other entries. */ |
3729 | 0 | if ((prev == NULL || cs->role != prev->role) && |
3730 | 0 | (next == NULL || cs->role != next->role)) { |
3731 | 0 | free(cs->role); |
3732 | 0 | } |
3733 | 0 | if ((prev == NULL || cs->type != prev->type) && |
3734 | 0 | (next == NULL || cs->type != next->type)) { |
3735 | 0 | free(cs->type); |
3736 | 0 | } |
3737 | | /* Don't free apparmor_profile that is in use by other entries. */ |
3738 | 0 | if ((prev == NULL || cs->apparmor_profile != prev->apparmor_profile) && |
3739 | 0 | (next == NULL || cs->apparmor_profile != next->apparmor_profile)) { |
3740 | 0 | free(cs->apparmor_profile); |
3741 | 0 | } |
3742 | | /* Don't free privs/limitprivs that are in use by other entries. */ |
3743 | 0 | if ((prev == NULL || cs->privs != prev->privs) && |
3744 | 0 | (next == NULL || cs->privs != next->privs)) { |
3745 | 0 | free(cs->privs); |
3746 | 0 | } |
3747 | 0 | if ((prev == NULL || cs->limitprivs != prev->limitprivs) && |
3748 | 0 | (next == NULL || cs->limitprivs != next->limitprivs)) { |
3749 | 0 | free(cs->limitprivs); |
3750 | 0 | } |
3751 | | /* Don't free user/group lists that are in use by other entries. */ |
3752 | 0 | if (cs->runasuserlist != NULL) { |
3753 | 0 | if ((prev == NULL || cs->runasuserlist != prev->runasuserlist) && |
3754 | 0 | (next == NULL || cs->runasuserlist != next->runasuserlist)) { |
3755 | 0 | free_members(cs->runasuserlist); |
3756 | 0 | free(cs->runasuserlist); |
3757 | 0 | } |
3758 | 0 | } |
3759 | 0 | if (cs->runasgrouplist != NULL) { |
3760 | 0 | if ((prev == NULL || cs->runasgrouplist != prev->runasgrouplist) && |
3761 | 0 | (next == NULL || cs->runasgrouplist != next->runasgrouplist)) { |
3762 | 0 | free_members(cs->runasgrouplist); |
3763 | 0 | free(cs->runasgrouplist); |
3764 | 0 | } |
3765 | 0 | } |
3766 | 0 | free_member(cs->cmnd); |
3767 | 0 | free(cs); |
3768 | |
|
3769 | 0 | debug_return; |
3770 | 0 | } |
3771 | | |
3772 | | void |
3773 | | free_cmndspecs(struct cmndspec_list *csl) |
3774 | 0 | { |
3775 | 0 | struct member_list *runasuserlist = NULL, *runasgrouplist = NULL; |
3776 | 0 | char *runcwd = NULL, *runchroot = NULL; |
3777 | 0 | char *role = NULL, *type = NULL; |
3778 | 0 | char *apparmor_profile = NULL; |
3779 | 0 | char *privs = NULL, *limitprivs = NULL; |
3780 | 0 | struct cmndspec *cs; |
3781 | 0 | debug_decl(free_cmndspecs, SUDOERS_DEBUG_PARSER); |
3782 | |
|
3783 | 0 | while ((cs = TAILQ_FIRST(csl)) != NULL) { |
3784 | 0 | TAILQ_REMOVE(csl, cs, entries); |
3785 | | |
3786 | | /* Only free the first instance of runcwd/runchroot. */ |
3787 | 0 | if (cs->runcwd != runcwd) { |
3788 | 0 | runcwd = cs->runcwd; |
3789 | 0 | free(cs->runcwd); |
3790 | 0 | } |
3791 | 0 | if (cs->runchroot != runchroot) { |
3792 | 0 | runchroot = cs->runchroot; |
3793 | 0 | free(cs->runchroot); |
3794 | 0 | } |
3795 | | /* Only free the first instance of a role/type. */ |
3796 | 0 | if (cs->role != role) { |
3797 | 0 | role = cs->role; |
3798 | 0 | free(cs->role); |
3799 | 0 | } |
3800 | 0 | if (cs->type != type) { |
3801 | 0 | type = cs->type; |
3802 | 0 | free(cs->type); |
3803 | 0 | } |
3804 | | /* Only free the first instance of apparmor_profile. */ |
3805 | 0 | if (cs->apparmor_profile != apparmor_profile) { |
3806 | 0 | apparmor_profile = cs->apparmor_profile; |
3807 | 0 | free(cs->apparmor_profile); |
3808 | 0 | } |
3809 | | /* Only free the first instance of privs/limitprivs. */ |
3810 | 0 | if (cs->privs != privs) { |
3811 | 0 | privs = cs->privs; |
3812 | 0 | free(cs->privs); |
3813 | 0 | } |
3814 | 0 | if (cs->limitprivs != limitprivs) { |
3815 | 0 | limitprivs = cs->limitprivs; |
3816 | 0 | free(cs->limitprivs); |
3817 | 0 | } |
3818 | | /* Only free the first instance of runas user/group lists. */ |
3819 | 0 | if (cs->runasuserlist && cs->runasuserlist != runasuserlist) { |
3820 | 0 | runasuserlist = cs->runasuserlist; |
3821 | 0 | free_members(runasuserlist); |
3822 | 0 | free(runasuserlist); |
3823 | 0 | } |
3824 | 0 | if (cs->runasgrouplist && cs->runasgrouplist != runasgrouplist) { |
3825 | 0 | runasgrouplist = cs->runasgrouplist; |
3826 | 0 | free_members(runasgrouplist); |
3827 | 0 | free(runasgrouplist); |
3828 | 0 | } |
3829 | 0 | free_member(cs->cmnd); |
3830 | 0 | free(cs); |
3831 | 0 | } |
3832 | |
|
3833 | 0 | debug_return; |
3834 | 0 | } |
3835 | | |
3836 | | void |
3837 | | free_privilege(struct privilege *priv) |
3838 | 0 | { |
3839 | 0 | struct defaults *def; |
3840 | 0 | debug_decl(free_privilege, SUDOERS_DEBUG_PARSER); |
3841 | |
|
3842 | 0 | free(priv->ldap_role); |
3843 | 0 | free_members(&priv->hostlist); |
3844 | 0 | free_cmndspecs(&priv->cmndlist); |
3845 | 0 | while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) { |
3846 | 0 | TAILQ_REMOVE(&priv->defaults, def, entries); |
3847 | 0 | free_default(def); |
3848 | 0 | } |
3849 | 0 | free(priv); |
3850 | |
|
3851 | 0 | debug_return; |
3852 | 0 | } |
3853 | | |
3854 | | void |
3855 | | free_userspecs(struct userspec_list *usl) |
3856 | 24 | { |
3857 | 24 | struct userspec *us; |
3858 | 24 | debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER); |
3859 | | |
3860 | 24 | while ((us = TAILQ_FIRST(usl)) != NULL) { |
3861 | 0 | TAILQ_REMOVE(usl, us, entries); |
3862 | 0 | free_userspec(us); |
3863 | 0 | } |
3864 | | |
3865 | 24 | debug_return; |
3866 | 24 | } |
3867 | | |
3868 | | void |
3869 | | free_userspec(struct userspec *us) |
3870 | 0 | { |
3871 | 0 | struct privilege *priv; |
3872 | 0 | struct sudoers_comment *comment; |
3873 | 0 | debug_decl(free_userspec, SUDOERS_DEBUG_PARSER); |
3874 | |
|
3875 | 0 | free_members(&us->users); |
3876 | 0 | while ((priv = TAILQ_FIRST(&us->privileges)) != NULL) { |
3877 | 0 | TAILQ_REMOVE(&us->privileges, priv, entries); |
3878 | 0 | free_privilege(priv); |
3879 | 0 | } |
3880 | 0 | while ((comment = STAILQ_FIRST(&us->comments)) != NULL) { |
3881 | 0 | STAILQ_REMOVE_HEAD(&us->comments, entries); |
3882 | 0 | free(comment->str); |
3883 | 0 | free(comment); |
3884 | 0 | } |
3885 | 0 | sudo_rcstr_delref(us->file); |
3886 | 0 | free(us); |
3887 | |
|
3888 | 0 | debug_return; |
3889 | 0 | } |
3890 | | |
3891 | | /* |
3892 | | * Initialized a sudoers parse tree. |
3893 | | * Takes ownership of lhost and shost. |
3894 | | */ |
3895 | | void |
3896 | | init_parse_tree(struct sudoers_parse_tree *parse_tree, char *lhost, char *shost, |
3897 | | struct sudoers_context *ctx, struct sudo_nss *nss) |
3898 | 8 | { |
3899 | 8 | TAILQ_INIT(&parse_tree->userspecs); |
3900 | 8 | TAILQ_INIT(&parse_tree->defaults); |
3901 | 8 | parse_tree->aliases = NULL; |
3902 | 8 | parse_tree->shost = shost; |
3903 | 8 | parse_tree->lhost = lhost; |
3904 | 8 | parse_tree->ctx = ctx; |
3905 | 8 | parse_tree->nss = nss; |
3906 | 8 | } |
3907 | | |
3908 | | /* |
3909 | | * Move the contents of parsed_policy to new_tree. |
3910 | | */ |
3911 | | void |
3912 | | reparent_parse_tree(struct sudoers_parse_tree *new_tree) |
3913 | 8 | { |
3914 | 8 | TAILQ_CONCAT(&new_tree->userspecs, &parsed_policy.userspecs, entries); |
3915 | 8 | TAILQ_CONCAT(&new_tree->defaults, &parsed_policy.defaults, entries); |
3916 | 8 | new_tree->aliases = parsed_policy.aliases; |
3917 | 8 | parsed_policy.aliases = NULL; |
3918 | 8 | } |
3919 | | |
3920 | | /* |
3921 | | * Free the contents of a sudoers parse tree and initialize it. |
3922 | | */ |
3923 | | void |
3924 | | free_parse_tree(struct sudoers_parse_tree *parse_tree) |
3925 | 24 | { |
3926 | 24 | free_userspecs(&parse_tree->userspecs); |
3927 | 24 | free_defaults(&parse_tree->defaults); |
3928 | 24 | free_aliases(parse_tree->aliases); |
3929 | 24 | parse_tree->aliases = NULL; |
3930 | 24 | free(parse_tree->lhost); |
3931 | 24 | if (parse_tree->shost != parse_tree->lhost) |
3932 | 0 | free(parse_tree->shost); |
3933 | 24 | parse_tree->lhost = parse_tree->shost = NULL; |
3934 | 24 | parse_tree->nss = NULL; |
3935 | 24 | parse_tree->ctx = NULL; |
3936 | 24 | } |
3937 | | |
3938 | | /* |
3939 | | * Free up space used by data structures from a previous parser run and sets |
3940 | | * the current sudoers file to path. |
3941 | | */ |
3942 | | bool |
3943 | | init_parser(struct sudoers_context *ctx, const char *file) |
3944 | 16 | { |
3945 | 16 | bool ret = true; |
3946 | 16 | debug_decl(init_parser, SUDOERS_DEBUG_PARSER); |
3947 | | |
3948 | 16 | free_parse_tree(&parsed_policy); |
3949 | 16 | parsed_policy.ctx = ctx; |
3950 | 16 | parser_leak_init(); |
3951 | 16 | init_lexer(); |
3952 | 16 | parse_error = false; |
3953 | | |
3954 | 16 | if (ctx != NULL) { |
3955 | 8 | parser_conf = ctx->parser_conf; |
3956 | 8 | } else { |
3957 | 8 | const struct sudoers_parser_config def_conf = |
3958 | 8 | SUDOERS_PARSER_CONFIG_INITIALIZER; |
3959 | 8 | parser_conf = def_conf; |
3960 | 8 | } |
3961 | | |
3962 | 16 | sudo_rcstr_delref(sudoers); |
3963 | 16 | if (file != NULL) { |
3964 | 8 | if ((sudoers = sudo_rcstr_dup(file)) == NULL) { |
3965 | 0 | sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); |
3966 | 0 | ret = false; |
3967 | 0 | } |
3968 | 8 | } else { |
3969 | 8 | sudoers = NULL; |
3970 | 8 | } |
3971 | | |
3972 | 16 | sudo_rcstr_delref(sudoers_search_path); |
3973 | 16 | if (parser_conf.sudoers_path != NULL) { |
3974 | 0 | sudoers_search_path = sudo_rcstr_dup(parser_conf.sudoers_path); |
3975 | 0 | if (sudoers_search_path == NULL) { |
3976 | 0 | sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); |
3977 | 0 | ret = false; |
3978 | 0 | } |
3979 | 16 | } else { |
3980 | 16 | sudoers_search_path = NULL; |
3981 | 16 | } |
3982 | | |
3983 | 16 | debug_return_bool(ret); |
3984 | 16 | } |
3985 | | |
3986 | | bool |
3987 | | reset_parser(void) |
3988 | 8 | { |
3989 | 8 | return init_parser(NULL, NULL); |
3990 | 8 | } |
3991 | | |
3992 | | /* |
3993 | | * Initialize all options in a cmndspec. |
3994 | | */ |
3995 | | static void |
3996 | | init_options(struct command_options *opts) |
3997 | 2 | { |
3998 | 2 | opts->notbefore = UNSPEC; |
3999 | 2 | opts->notafter = UNSPEC; |
4000 | 2 | opts->timeout = UNSPEC; |
4001 | 2 | opts->runchroot = NULL; |
4002 | 2 | opts->runcwd = NULL; |
4003 | 2 | opts->role = NULL; |
4004 | 2 | opts->type = NULL; |
4005 | 2 | opts->apparmor_profile = NULL; |
4006 | 2 | opts->privs = NULL; |
4007 | 2 | opts->limitprivs = NULL; |
4008 | 2 | } |
4009 | | |
4010 | | /* |
4011 | | * Propagate inheritable settings and tags from prev to cs. |
4012 | | */ |
4013 | | static void |
4014 | | propagate_cmndspec(struct cmndspec *cs, const struct cmndspec *prev) |
4015 | 0 | { |
4016 | | /* propagate runcwd and runchroot */ |
4017 | 0 | if (cs->runcwd == NULL) |
4018 | 0 | cs->runcwd = prev->runcwd; |
4019 | 0 | if (cs->runchroot == NULL) |
4020 | 0 | cs->runchroot = prev->runchroot; |
4021 | | /* propagate role and type */ |
4022 | 0 | if (cs->role == NULL && cs->type == NULL) { |
4023 | 0 | cs->role = prev->role; |
4024 | 0 | cs->type = prev->type; |
4025 | 0 | } |
4026 | | /* propagate apparmor_profile */ |
4027 | 0 | if (cs->apparmor_profile == NULL) |
4028 | 0 | cs->apparmor_profile = prev->apparmor_profile; |
4029 | | /* propagate privs & limitprivs */ |
4030 | 0 | if (cs->privs == NULL && cs->limitprivs == NULL) { |
4031 | 0 | cs->privs = prev->privs; |
4032 | 0 | cs->limitprivs = prev->limitprivs; |
4033 | 0 | } |
4034 | | /* propagate command time restrictions */ |
4035 | 0 | if (cs->notbefore == UNSPEC) |
4036 | 0 | cs->notbefore = prev->notbefore; |
4037 | 0 | if (cs->notafter == UNSPEC) |
4038 | 0 | cs->notafter = prev->notafter; |
4039 | | /* propagate command timeout */ |
4040 | 0 | if (cs->timeout == UNSPEC) |
4041 | 0 | cs->timeout = prev->timeout; |
4042 | | /* propagate tags and runas list */ |
4043 | 0 | if (cs->tags.nopasswd == UNSPEC) |
4044 | 0 | cs->tags.nopasswd = prev->tags.nopasswd; |
4045 | 0 | if (cs->tags.noexec == UNSPEC) |
4046 | 0 | cs->tags.noexec = prev->tags.noexec; |
4047 | 0 | if (cs->tags.intercept == UNSPEC) |
4048 | 0 | cs->tags.intercept = prev->tags.intercept; |
4049 | | /* Need to handle IMPLIED setting for SETENV tag specially. */ |
4050 | 0 | if (!TAG_SET(cs->tags.setenv) && TAG_SET(prev->tags.setenv)) |
4051 | 0 | cs->tags.setenv = prev->tags.setenv; |
4052 | 0 | if (cs->tags.log_input == UNSPEC) |
4053 | 0 | cs->tags.log_input = prev->tags.log_input; |
4054 | 0 | if (cs->tags.log_output == UNSPEC) |
4055 | 0 | cs->tags.log_output = prev->tags.log_output; |
4056 | 0 | if (cs->tags.send_mail == UNSPEC) |
4057 | 0 | cs->tags.send_mail = prev->tags.send_mail; |
4058 | 0 | if (cs->tags.follow == UNSPEC) |
4059 | 0 | cs->tags.follow = prev->tags.follow; |
4060 | 0 | if ((cs->runasuserlist == NULL && |
4061 | 0 | cs->runasgrouplist == NULL) && |
4062 | 0 | (prev->runasuserlist != NULL || |
4063 | 0 | prev->runasgrouplist != NULL)) { |
4064 | 0 | cs->runasuserlist = prev->runasuserlist; |
4065 | 0 | cs->runasgrouplist = prev->runasgrouplist; |
4066 | 0 | } |
4067 | 0 | } |
4068 | | |
4069 | | uid_t |
4070 | | sudoers_file_uid(void) |
4071 | 0 | { |
4072 | 0 | return parser_conf.sudoers_uid; |
4073 | 0 | } |
4074 | | |
4075 | | gid_t |
4076 | | sudoers_file_gid(void) |
4077 | 0 | { |
4078 | 0 | return parser_conf.sudoers_gid; |
4079 | 0 | } |
4080 | | |
4081 | | mode_t |
4082 | | sudoers_file_mode(void) |
4083 | 0 | { |
4084 | 0 | return parser_conf.sudoers_mode; |
4085 | 0 | } |
4086 | | |
4087 | | bool |
4088 | | sudoers_error_recovery(void) |
4089 | 0 | { |
4090 | 0 | return parser_conf.recovery; |
4091 | 0 | } |
4092 | | |
4093 | | bool |
4094 | | sudoers_strict(void) |
4095 | 2 | { |
4096 | 2 | return parser_conf.strict; |
4097 | 2 | } |
4098 | | |
4099 | | bool |
4100 | | parser_leak_add(enum parser_leak_types type, void *v) |
4101 | 140k | { |
4102 | 140k | #ifdef NO_LEAKS |
4103 | 140k | struct parser_leak_entry *entry; |
4104 | 140k | debug_decl(parser_leak_add, SUDOERS_DEBUG_PARSER); |
4105 | | |
4106 | 140k | if (v == NULL) |
4107 | 0 | debug_return_bool(false); |
4108 | | |
4109 | 140k | entry = calloc(1, sizeof(*entry)); |
4110 | 140k | if (entry == NULL) { |
4111 | 0 | sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); |
4112 | 0 | debug_return_bool(false); |
4113 | 0 | } |
4114 | 140k | switch (type) { |
4115 | 0 | case LEAK_PRIVILEGE: |
4116 | 0 | entry->u.p = v; |
4117 | 0 | break; |
4118 | 0 | case LEAK_CMNDSPEC: |
4119 | 0 | entry->u.cs = v; |
4120 | 0 | break; |
4121 | 0 | case LEAK_DEFAULTS: |
4122 | 0 | entry->u.d = v; |
4123 | 0 | break; |
4124 | 45 | case LEAK_MEMBER: |
4125 | 45 | entry->u.m = v; |
4126 | 45 | break; |
4127 | 0 | case LEAK_DIGEST: |
4128 | 0 | entry->u.dig = v; |
4129 | 0 | break; |
4130 | 0 | case LEAK_RUNAS: |
4131 | 0 | entry->u.rc = v; |
4132 | 0 | break; |
4133 | 140k | case LEAK_PTR: |
4134 | 140k | entry->u.ptr = v; |
4135 | 140k | break; |
4136 | 0 | default: |
4137 | 0 | free(entry); |
4138 | 0 | sudo_warnx("unexpected leak type %d", type); |
4139 | 0 | debug_return_bool(false); |
4140 | 140k | } |
4141 | 140k | entry->type = type; |
4142 | 140k | SLIST_INSERT_HEAD(&parser_leak_list, entry, entries); |
4143 | 140k | debug_return_bool(true); |
4144 | | #else |
4145 | | return true; |
4146 | | #endif /* NO_LEAKS */ |
4147 | 140k | } |
4148 | | |
4149 | | bool |
4150 | | parser_leak_remove(enum parser_leak_types type, void *v) |
4151 | 2.09k | { |
4152 | 2.09k | #ifdef NO_LEAKS |
4153 | 2.09k | struct parser_leak_entry *entry, *prev = NULL; |
4154 | 2.09k | debug_decl(parser_leak_remove, SUDOERS_DEBUG_PARSER); |
4155 | | |
4156 | 2.09k | if (v == NULL) |
4157 | 2 | debug_return_bool(false); |
4158 | | |
4159 | 2.09k | SLIST_FOREACH(entry, &parser_leak_list, entries) { |
4160 | 2.09k | switch (entry->type) { |
4161 | 0 | case LEAK_PRIVILEGE: |
4162 | 0 | if (entry->u.p == v) |
4163 | 0 | goto found; |
4164 | 0 | break; |
4165 | 0 | case LEAK_CMNDSPEC: |
4166 | 0 | if (entry->u.cs == v) |
4167 | 0 | goto found; |
4168 | 0 | break; |
4169 | 0 | case LEAK_DEFAULTS: |
4170 | 0 | if (entry->u.d == v) |
4171 | 0 | goto found; |
4172 | 0 | break; |
4173 | 12 | case LEAK_MEMBER: |
4174 | 12 | if (entry->u.m == v) |
4175 | 12 | goto found; |
4176 | 0 | break; |
4177 | 0 | case LEAK_DIGEST: |
4178 | 0 | if (entry->u.dig == v) |
4179 | 0 | goto found; |
4180 | 0 | break; |
4181 | 0 | case LEAK_RUNAS: |
4182 | 0 | if (entry->u.rc == v) |
4183 | 0 | goto found; |
4184 | 0 | break; |
4185 | 2.07k | case LEAK_PTR: |
4186 | 2.07k | if (entry->u.ptr == v) |
4187 | 2.07k | goto found; |
4188 | 0 | break; |
4189 | 0 | default: |
4190 | 0 | sudo_warnx("unexpected leak type %d in %p", entry->type, entry); |
4191 | 2.09k | } |
4192 | 0 | prev = entry; |
4193 | 0 | } |
4194 | | /* If this happens, there is a bug in the leak tracking code. */ |
4195 | 0 | sudo_warnx("%s: unable to find %p, type %d", __func__, v, type); |
4196 | 0 | debug_return_bool(false); |
4197 | 2.09k | found: |
4198 | 2.09k | if (prev == NULL) |
4199 | 2.09k | SLIST_REMOVE_HEAD(&parser_leak_list, entries); |
4200 | 0 | else |
4201 | 0 | SLIST_REMOVE_AFTER(prev, entries); |
4202 | 2.09k | free(entry); |
4203 | 2.09k | debug_return_bool(true); |
4204 | | #else |
4205 | | return true; |
4206 | | #endif /* NO_LEAKS */ |
4207 | 2.09k | } |
4208 | | |
4209 | | #ifdef NO_LEAKS |
4210 | | static void |
4211 | | parser_leak_free(void) |
4212 | 16 | { |
4213 | 16 | struct parser_leak_entry *entry; |
4214 | 16 | void *next; |
4215 | 16 | debug_decl(parser_leak_run, SUDOERS_DEBUG_PARSER); |
4216 | | |
4217 | | /* Free the leaks. */ |
4218 | 138k | while ((entry = SLIST_FIRST(&parser_leak_list))) { |
4219 | 138k | SLIST_REMOVE_HEAD(&parser_leak_list, entries); |
4220 | 138k | switch (entry->type) { |
4221 | 0 | case LEAK_PRIVILEGE: |
4222 | 0 | { |
4223 | 0 | struct privilege *priv; |
4224 | |
|
4225 | 0 | HLTQ_FOREACH_SAFE(priv, entry->u.p, entries, next) |
4226 | 0 | free_privilege(priv); |
4227 | 0 | free(entry); |
4228 | 0 | } |
4229 | 0 | break; |
4230 | 0 | case LEAK_CMNDSPEC: |
4231 | 0 | { |
4232 | 0 | struct cmndspec_list specs; |
4233 | |
|
4234 | 0 | HLTQ_TO_TAILQ(&specs, entry->u.cs, entries); |
4235 | 0 | free_cmndspecs(&specs); |
4236 | 0 | free(entry); |
4237 | 0 | } |
4238 | 0 | break; |
4239 | 0 | case LEAK_DEFAULTS: |
4240 | 0 | { |
4241 | 0 | struct defaults_list defs; |
4242 | |
|
4243 | 0 | HLTQ_TO_TAILQ(&defs, entry->u.d, entries); |
4244 | 0 | free_defaults(&defs); |
4245 | 0 | free(entry); |
4246 | 0 | } |
4247 | 0 | break; |
4248 | 33 | case LEAK_MEMBER: |
4249 | 33 | { |
4250 | 33 | struct member *m; |
4251 | | |
4252 | 33 | HLTQ_FOREACH_SAFE(m, entry->u.m, entries, next) |
4253 | 45 | free_member(m); |
4254 | 33 | free(entry); |
4255 | 33 | } |
4256 | 33 | break; |
4257 | 0 | case LEAK_DIGEST: |
4258 | 0 | { |
4259 | 0 | struct command_digest *dig; |
4260 | |
|
4261 | 0 | HLTQ_FOREACH_SAFE(dig, entry->u.dig, entries, next) { |
4262 | 0 | free(dig->digest_str); |
4263 | 0 | free(dig); |
4264 | 0 | } |
4265 | 0 | free(entry); |
4266 | 0 | } |
4267 | 0 | break; |
4268 | 0 | case LEAK_RUNAS: |
4269 | 0 | { |
4270 | 0 | struct member *m; |
4271 | |
|
4272 | 0 | if (entry->u.rc->runasusers != NULL) { |
4273 | 0 | HLTQ_FOREACH_SAFE(m, entry->u.rc->runasusers, entries, next) |
4274 | 0 | free_member(m); |
4275 | 0 | } |
4276 | 0 | if (entry->u.rc->runasgroups != NULL) { |
4277 | 0 | HLTQ_FOREACH_SAFE(m, entry->u.rc->runasgroups, entries, next) |
4278 | 0 | free_member(m); |
4279 | 0 | } |
4280 | 0 | free(entry->u.rc); |
4281 | 0 | free(entry); |
4282 | 0 | break; |
4283 | 0 | } |
4284 | 138k | case LEAK_PTR: |
4285 | 138k | free(entry->u.ptr); |
4286 | 138k | free(entry); |
4287 | 138k | break; |
4288 | 0 | default: |
4289 | 0 | sudo_warnx("unexpected garbage type %d", entry->type); |
4290 | 138k | } |
4291 | 138k | } |
4292 | | |
4293 | 16 | debug_return; |
4294 | 16 | } |
4295 | | #endif /* NO_LEAKS */ |
4296 | | |
4297 | | void |
4298 | | parser_leak_init(void) |
4299 | 16 | { |
4300 | 16 | #ifdef NO_LEAKS |
4301 | 16 | static bool initialized; |
4302 | 16 | debug_decl(parser_leak_init, SUDOERS_DEBUG_PARSER); |
4303 | | |
4304 | 16 | if (!initialized) { |
4305 | 1 | atexit(parser_leak_free); |
4306 | 1 | initialized = true; |
4307 | 1 | debug_return; |
4308 | 1 | } |
4309 | | |
4310 | | /* Already initialized, free existing leaks. */ |
4311 | 15 | parser_leak_free(); |
4312 | 15 | debug_return; |
4313 | 15 | #endif /* NO_LEAKS */ |
4314 | 15 | } |