1" Vim syntax file 2" Language: sudoers(5) configuration files 3" Maintainer: Eisuke Kawashima ( e.kawaschima+vim AT gmail.com ) 4" Previous Maintainer: Nikolai Weibull <[email protected]> 5" Latest Revision: 2021 Mar 15 6" Recent Changes: Support for #include and #includedir. 7" Added many new options (Samuel D. Leslie) 8 9if exists("b:current_syntax") 10 finish 11endif 12 13let s:cpo_save = &cpo 14set cpo&vim 15 16" TODO: instead of 'skipnl', we would like to match a specific group that would 17" match \\$ and then continue with the nextgroup, actually, the skipnl doesn't 18" work... 19" TODO: treat 'ALL' like a special (yay, a bundle of new rules!!!) 20 21syn match sudoersUserSpec '^' nextgroup=@sudoersUserInSpec skipwhite 22 23syn match sudoersSpecEquals contained '=' nextgroup=@sudoersCmndSpecList skipwhite 24 25syn cluster sudoersCmndSpecList contains=sudoersUserRunasBegin,sudoersPASSWD,@sudoersCmndInSpec 26 27syn keyword sudoersTodo contained TODO FIXME XXX NOTE 28 29syn region sudoersComment display oneline start='#' end='$' contains=sudoersTodo 30syn region sudoersInclude display oneline start='[#@]\%(include\|includedir\)\>' end='$' 31 32syn keyword sudoersAlias User_Alias Runas_Alias nextgroup=sudoersUserAlias skipwhite skipnl 33syn keyword sudoersAlias Host_Alias nextgroup=sudoersHostAlias skipwhite skipnl 34syn keyword sudoersAlias Cmnd_Alias nextgroup=sudoersCmndAlias skipwhite skipnl 35 36syn match sudoersUserAlias contained '\<\u[A-Z0-9_]*\>' nextgroup=sudoersUserAliasEquals skipwhite skipnl 37syn match sudoersUserNameInList contained '\<\l\+\>' nextgroup=@sudoersUserList skipwhite skipnl 38syn match sudoersUIDInList contained '#\d\+\>' nextgroup=@sudoersUserList skipwhite skipnl 39syn match sudoersGroupInList contained '%\l\+\>' nextgroup=@sudoersUserList skipwhite skipnl 40syn match sudoersUserNetgroupInList contained '+\l\+\>' nextgroup=@sudoersUserList skipwhite skipnl 41syn match sudoersUserAliasInList contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersUserList skipwhite skipnl 42 43syn match sudoersUserName contained '\<\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 44syn match sudoersUID contained '#\d\+\>' nextgroup=@sudoersParameter skipwhite skipnl 45syn match sudoersGroup contained '%\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 46syn match sudoersUserNetgroup contained '+\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 47syn match sudoersUserAliasRef contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersParameter skipwhite skipnl 48 49syn match sudoersUserNameInSpec contained '\<\l\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 50syn match sudoersUIDInSpec contained '#\d\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 51syn match sudoersGroupInSpec contained '%\l\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 52syn match sudoersUserNetgroupInSpec contained '+\l\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 53syn match sudoersUserAliasInSpec contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersUserSpec skipwhite skipnl 54 55syn match sudoersUserNameInRunas contained '\<\l\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 56syn match sudoersUIDInRunas contained '#\d\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 57syn match sudoersGroupInRunas contained '%\l\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 58syn match sudoersUserNetgroupInRunas contained '+\l\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 59syn match sudoersUserAliasInRunas contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersUserRunas skipwhite skipnl 60 61syn match sudoersHostAlias contained '\<\u[A-Z0-9_]*\>' nextgroup=sudoersHostAliasEquals skipwhite skipnl 62syn match sudoersHostNameInList contained '\<\l\+\>' nextgroup=@sudoersHostList skipwhite skipnl 63syn match sudoersIPAddrInList contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}' nextgroup=@sudoersHostList skipwhite skipnl 64syn match sudoersNetworkInList contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}\%(/\%(\%(\d\{1,3}\.\)\{3}\d\{1,3}\|\d\+\)\)\=' nextgroup=@sudoersHostList skipwhite skipnl 65syn match sudoersHostNetgroupInList contained '+\l\+\>' nextgroup=@sudoersHostList skipwhite skipnl 66syn match sudoersHostAliasInList contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersHostList skipwhite skipnl 67 68syn match sudoersHostName contained '\<\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 69syn match sudoersIPAddr contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}' nextgroup=@sudoersParameter skipwhite skipnl 70syn match sudoersNetwork contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}\%(/\%(\%(\d\{1,3}\.\)\{3}\d\{1,3}\|\d\+\)\)\=' nextgroup=@sudoersParameter skipwhite skipnl 71syn match sudoersHostNetgroup contained '+\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 72syn match sudoersHostAliasRef contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersParameter skipwhite skipnl 73 74syn match sudoersHostNameInSpec contained '\<\l\+\>' nextgroup=@sudoersHostSpec skipwhite skipnl 75syn match sudoersIPAddrInSpec contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}' nextgroup=@sudoersHostSpec skipwhite skipnl 76syn match sudoersNetworkInSpec contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}\%(/\%(\%(\d\{1,3}\.\)\{3}\d\{1,3}\|\d\+\)\)\=' nextgroup=@sudoersHostSpec skipwhite skipnl 77syn match sudoersHostNetgroupInSpec contained '+\l\+\>' nextgroup=@sudoersHostSpec skipwhite skipnl 78syn match sudoersHostAliasInSpec contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersHostSpec skipwhite skipnl 79 80syn match sudoersCmndAlias contained '\<\u[A-Z0-9_]*\>' nextgroup=sudoersCmndAliasEquals skipwhite skipnl 81syn match sudoersCmndNameInList contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=@sudoersCmndList,sudoersCommandEmpty,sudoersCommandArgs skipwhite 82syn match sudoersCmndAliasInList contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersCmndList skipwhite skipnl 83 84syn match sudoersCmndNameInSpec contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=@sudoersCmndSpec,sudoersCommandEmptyInSpec,sudoersCommandArgsInSpec skipwhite 85syn match sudoersCmndAliasInSpec contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersCmndSpec skipwhite skipnl 86 87syn match sudoersUserAliasEquals contained '=' nextgroup=@sudoersUserInList skipwhite skipnl 88syn match sudoersUserListComma contained ',' nextgroup=@sudoersUserInList skipwhite skipnl 89syn match sudoersUserListColon contained ':' nextgroup=sudoersUserAlias skipwhite skipnl 90syn cluster sudoersUserList contains=sudoersUserListComma,sudoersUserListColon 91 92syn match sudoersUserSpecComma contained ',' nextgroup=@sudoersUserInSpec skipwhite skipnl 93syn cluster sudoersUserSpec contains=sudoersUserSpecComma,@sudoersHostInSpec 94 95syn match sudoersUserRunasBegin contained '(' nextgroup=@sudoersUserInRunas skipwhite skipnl 96syn match sudoersUserRunasComma contained ',' nextgroup=@sudoersUserInRunas skipwhite skipnl 97syn match sudoersUserRunasEnd contained ')' nextgroup=sudoersPASSWD,@sudoersCmndInSpec skipwhite skipnl 98syn cluster sudoersUserRunas contains=sudoersUserRunasComma,@sudoersUserInRunas,sudoersUserRunasEnd 99 100 101syn match sudoersHostAliasEquals contained '=' nextgroup=@sudoersHostInList skipwhite skipnl 102syn match sudoersHostListComma contained ',' nextgroup=@sudoersHostInList skipwhite skipnl 103syn match sudoersHostListColon contained ':' nextgroup=sudoersHostAlias skipwhite skipnl 104syn cluster sudoersHostList contains=sudoersHostListComma,sudoersHostListColon 105 106syn match sudoersHostSpecComma contained ',' nextgroup=@sudoersHostInSpec skipwhite skipnl 107syn cluster sudoersHostSpec contains=sudoersHostSpecComma,sudoersSpecEquals 108 109 110syn match sudoersCmndAliasEquals contained '=' nextgroup=@sudoersCmndInList skipwhite skipnl 111syn match sudoersCmndListComma contained ',' nextgroup=@sudoersCmndInList skipwhite skipnl 112syn match sudoersCmndListColon contained ':' nextgroup=sudoersCmndAlias skipwhite skipnl 113syn cluster sudoersCmndList contains=sudoersCmndListComma,sudoersCmndListColon 114 115syn match sudoersCmndSpecComma contained ',' nextgroup=@sudoersCmndSpecList skipwhite skipnl 116syn match sudoersCmndSpecColon contained ':' nextgroup=@sudoersUserInSpec skipwhite skipnl 117syn cluster sudoersCmndSpec contains=sudoersCmndSpecComma,sudoersCmndSpecColon 118 119syn cluster sudoersUserInList contains=sudoersUserNegationInList,sudoersUserNameInList,sudoersUIDInList,sudoersGroupInList,sudoersUserNetgroupInList,sudoersUserAliasInList 120syn cluster sudoersHostInList contains=sudoersHostNegationInList,sudoersHostNameInList,sudoersIPAddrInList,sudoersNetworkInList,sudoersHostNetgroupInList,sudoersHostAliasInList 121syn cluster sudoersCmndInList contains=sudoersCmndNegationInList,sudoersCmndNameInList,sudoersCmndAliasInList 122 123syn cluster sudoersUser contains=sudoersUserNegation,sudoersUserName,sudoersUID,sudoersGroup,sudoersUserNetgroup,sudoersUserAliasRef 124syn cluster sudoersHost contains=sudoersHostNegation,sudoersHostName,sudoersIPAddr,sudoersNetwork,sudoersHostNetgroup,sudoersHostAliasRef 125 126syn cluster sudoersUserInSpec contains=sudoersUserNegationInSpec,sudoersUserNameInSpec,sudoersUIDInSpec,sudoersGroupInSpec,sudoersUserNetgroupInSpec,sudoersUserAliasInSpec 127syn cluster sudoersHostInSpec contains=sudoersHostNegationInSpec,sudoersHostNameInSpec,sudoersIPAddrInSpec,sudoersNetworkInSpec,sudoersHostNetgroupInSpec,sudoersHostAliasInSpec 128syn cluster sudoersUserInRunas contains=sudoersUserNegationInRunas,sudoersUserNameInRunas,sudoersUIDInRunas,sudoersGroupInRunas,sudoersUserNetgroupInRunas,sudoersUserAliasInRunas 129syn cluster sudoersCmndInSpec contains=sudoersCmndNegationInSpec,sudoersCmndNameInSpec,sudoersCmndAliasInSpec 130 131syn match sudoersUserNegationInList contained '!\+' nextgroup=@sudoersUserInList skipwhite skipnl 132syn match sudoersHostNegationInList contained '!\+' nextgroup=@sudoersHostInList skipwhite skipnl 133syn match sudoersCmndNegationInList contained '!\+' nextgroup=@sudoersCmndInList skipwhite skipnl 134 135syn match sudoersUserNegation contained '!\+' nextgroup=@sudoersUser skipwhite skipnl 136syn match sudoersHostNegation contained '!\+' nextgroup=@sudoersHost skipwhite skipnl 137 138syn match sudoersUserNegationInSpec contained '!\+' nextgroup=@sudoersUserInSpec skipwhite skipnl 139syn match sudoersHostNegationInSpec contained '!\+' nextgroup=@sudoersHostInSpec skipwhite skipnl 140syn match sudoersUserNegationInRunas contained '!\+' nextgroup=@sudoersUserInRunas skipwhite skipnl 141syn match sudoersCmndNegationInSpec contained '!\+' nextgroup=@sudoersCmndInSpec skipwhite skipnl 142 143syn match sudoersCommandArgs contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersCommandArgs,@sudoersCmndList skipwhite 144syn match sudoersCommandEmpty contained '""' nextgroup=@sudoersCmndList skipwhite skipnl 145 146syn match sudoersCommandArgsInSpec contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersCommandArgsInSpec,@sudoersCmndSpec skipwhite 147syn match sudoersCommandEmptyInSpec contained '""' nextgroup=@sudoersCmndSpec skipwhite skipnl 148 149syn keyword sudoersDefaultEntry Defaults nextgroup=sudoersDefaultTypeAt,sudoersDefaultTypeColon,sudoersDefaultTypeGreaterThan,@sudoersParameter skipwhite skipnl 150syn match sudoersDefaultTypeAt contained '@' nextgroup=@sudoersHost skipwhite skipnl 151syn match sudoersDefaultTypeColon contained ':' nextgroup=@sudoersUser skipwhite skipnl 152syn match sudoersDefaultTypeGreaterThan contained '>' nextgroup=@sudoersUser skipwhite skipnl 153 154" TODO: could also deal with special characters here 155syn match sudoersBooleanParameter contained '!' nextgroup=sudoersBooleanParameter skipwhite skipnl 156syn keyword sudoersBooleanParameter contained skipwhite skipnl 157 \ always_query_group_plugin 158 \ always_set_home 159 \ authenticate 160 \ closefrom_override 161 \ compress_io 162 \ env_editor 163 \ env_reset 164 \ exec_background 165 \ fast_glob 166 \ fqdn 167 \ ignore_audit_errors 168 \ ignore_dot 169 \ ignore_iolog_errors 170 \ ignore_local_sudoers 171 \ ignore_logfile_errors 172 \ ignore_unknown_defaults 173 \ insults 174 \ log_host 175 \ log_input 176 \ log_output 177 \ log_year 178 \ long_otp_prompt 179 \ mail_all_cmnds 180 \ mail_always 181 \ mail_badpass 182 \ mail_no_host 183 \ mail_no_perms 184 \ mail_no_user 185 \ match_group_by_gid 186 \ netgroup_tuple 187 \ noexec 188 \ pam_session 189 \ pam_setcred 190 \ passprompt_override 191 \ path_info 192 \ preserve_groups 193 \ pwfeedback 194 \ requiretty 195 \ root_sudo 196 \ rootpw 197 \ runaspw 198 \ set_home 199 \ set_logname 200 \ set_utmp 201 \ setenv 202 \ shell_noargs 203 \ stay_setuid 204 \ sudoedit_checkdir 205 \ sudoedit_follow 206 \ syslog_pid 207 \ targetpw 208 \ tty_tickets 209 \ umask_override 210 \ use_netgroups 211 \ use_pty 212 \ user_command_timeouts 213 \ utmp_runas 214 \ visiblepw 215 216syn keyword sudoersIntegerParameter contained 217 \ nextgroup=sudoersIntegerParameterEquals 218 \ skipwhite skipnl 219 \ closefrom 220 \ command_timeout 221 \ loglinelen 222 \ maxseq 223 \ passwd_timeout 224 \ passwd_tries 225 \ syslog_maxlen 226 \ timestamp_timeout 227 \ umask 228 229syn keyword sudoersStringParameter contained 230 \ nextgroup=sudoersStringParameterEquals 231 \ skipwhite skipnl 232 \ askpass 233 \ badpass_message 234 \ editor 235 \ env_file 236 \ exempt_group 237 \ fdexec 238 \ group_plugin 239 \ iolog_dir 240 \ iolog_file 241 \ iolog_flush 242 \ iolog_group 243 \ iolog_mode 244 \ iolog_user 245 \ lecture 246 \ lecture_file 247 \ lecture_status_dir 248 \ listpw 249 \ logfile 250 \ mailerflags 251 \ mailerpath 252 \ mailfrom 253 \ mailsub 254 \ mailto 255 \ noexec_file 256 \ pam_login_service 257 \ pam_service 258 \ passprompt 259 \ restricted_env_file 260 \ role 261 \ runas_default 262 \ secure_path 263 \ sudoers_locale 264 \ syslog 265 \ syslog_badpri 266 \ syslog_goodpri 267 \ timestamp_type 268 \ timestampdir 269 \ timestampowner 270 \ type 271 \ verifypw 272 273syn keyword sudoersListParameter contained 274 \ nextgroup=sudoersListParameterEquals 275 \ skipwhite skipnl 276 \ env_check 277 \ env_delete 278 \ env_keep 279 280syn match sudoersParameterListComma contained ',' nextgroup=@sudoersParameter skipwhite skipnl 281 282syn cluster sudoersParameter contains=sudoersBooleanParameter,sudoersIntegerParameter,sudoersStringParameter,sudoersListParameter 283 284syn match sudoersIntegerParameterEquals contained '[+-]\==' nextgroup=sudoersIntegerValue skipwhite skipnl 285syn match sudoersStringParameterEquals contained '[+-]\==' nextgroup=sudoersStringValue skipwhite skipnl 286syn match sudoersListParameterEquals contained '[+-]\==' nextgroup=sudoersListValue skipwhite skipnl 287 288syn match sudoersIntegerValue contained '\d\+' nextgroup=sudoersParameterListComma skipwhite skipnl 289syn match sudoersStringValue contained '[^[:space:],:=\\]*\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersParameterListComma skipwhite skipnl 290syn region sudoersStringValue contained start=+"+ skip=+\\"+ end=+"+ nextgroup=sudoersParameterListComma skipwhite skipnl 291syn match sudoersListValue contained '[^[:space:],:=\\]*\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersParameterListComma skipwhite skipnl 292syn region sudoersListValue contained start=+"+ skip=+\\"+ end=+"+ nextgroup=sudoersParameterListComma skipwhite skipnl 293 294syn match sudoersPASSWD contained '\%(NO\)\=PASSWD:' nextgroup=@sudoersCmndInSpec skipwhite 295 296hi def link sudoersSpecEquals Operator 297hi def link sudoersTodo Todo 298hi def link sudoersComment Comment 299hi def link sudoersAlias Keyword 300hi def link sudoersUserAlias Identifier 301hi def link sudoersUserNameInList String 302hi def link sudoersUIDInList Number 303hi def link sudoersGroupInList PreProc 304hi def link sudoersUserNetgroupInList PreProc 305hi def link sudoersUserAliasInList PreProc 306hi def link sudoersUserName String 307hi def link sudoersUID Number 308hi def link sudoersGroup PreProc 309hi def link sudoersUserNetgroup PreProc 310hi def link sudoersUserAliasRef PreProc 311hi def link sudoersUserNameInSpec String 312hi def link sudoersUIDInSpec Number 313hi def link sudoersGroupInSpec PreProc 314hi def link sudoersUserNetgroupInSpec PreProc 315hi def link sudoersUserAliasInSpec PreProc 316hi def link sudoersUserNameInRunas String 317hi def link sudoersUIDInRunas Number 318hi def link sudoersGroupInRunas PreProc 319hi def link sudoersUserNetgroupInRunas PreProc 320hi def link sudoersUserAliasInRunas PreProc 321hi def link sudoersHostAlias Identifier 322hi def link sudoersHostNameInList String 323hi def link sudoersIPAddrInList Number 324hi def link sudoersNetworkInList Number 325hi def link sudoersHostNetgroupInList PreProc 326hi def link sudoersHostAliasInList PreProc 327hi def link sudoersHostName String 328hi def link sudoersIPAddr Number 329hi def link sudoersNetwork Number 330hi def link sudoersHostNetgroup PreProc 331hi def link sudoersHostAliasRef PreProc 332hi def link sudoersHostNameInSpec String 333hi def link sudoersIPAddrInSpec Number 334hi def link sudoersNetworkInSpec Number 335hi def link sudoersHostNetgroupInSpec PreProc 336hi def link sudoersHostAliasInSpec PreProc 337hi def link sudoersCmndAlias Identifier 338hi def link sudoersCmndNameInList String 339hi def link sudoersCmndAliasInList PreProc 340hi def link sudoersCmndNameInSpec String 341hi def link sudoersCmndAliasInSpec PreProc 342hi def link sudoersUserAliasEquals Operator 343hi def link sudoersUserListComma Delimiter 344hi def link sudoersUserListColon Delimiter 345hi def link sudoersUserSpecComma Delimiter 346hi def link sudoersUserRunasBegin Delimiter 347hi def link sudoersUserRunasComma Delimiter 348hi def link sudoersUserRunasEnd Delimiter 349hi def link sudoersHostAliasEquals Operator 350hi def link sudoersHostListComma Delimiter 351hi def link sudoersHostListColon Delimiter 352hi def link sudoersHostSpecComma Delimiter 353hi def link sudoersCmndAliasEquals Operator 354hi def link sudoersCmndListComma Delimiter 355hi def link sudoersCmndListColon Delimiter 356hi def link sudoersCmndSpecComma Delimiter 357hi def link sudoersCmndSpecColon Delimiter 358hi def link sudoersUserNegationInList Operator 359hi def link sudoersHostNegationInList Operator 360hi def link sudoersCmndNegationInList Operator 361hi def link sudoersUserNegation Operator 362hi def link sudoersHostNegation Operator 363hi def link sudoersUserNegationInSpec Operator 364hi def link sudoersHostNegationInSpec Operator 365hi def link sudoersUserNegationInRunas Operator 366hi def link sudoersCmndNegationInSpec Operator 367hi def link sudoersCommandArgs String 368hi def link sudoersCommandEmpty Special 369hi def link sudoersDefaultEntry Keyword 370hi def link sudoersDefaultTypeAt Special 371hi def link sudoersDefaultTypeColon Special 372hi def link sudoersDefaultTypeGreaterThan Special 373hi def link sudoersBooleanParameter Identifier 374hi def link sudoersIntegerParameter Identifier 375hi def link sudoersStringParameter Identifier 376hi def link sudoersListParameter Identifier 377hi def link sudoersParameterListComma Delimiter 378hi def link sudoersIntegerParameterEquals Operator 379hi def link sudoersStringParameterEquals Operator 380hi def link sudoersListParameterEquals Operator 381hi def link sudoersIntegerValue Number 382hi def link sudoersStringValue String 383hi def link sudoersListValue String 384hi def link sudoersPASSWD Special 385hi def link sudoersInclude Statement 386 387let b:current_syntax = "sudoers" 388 389let &cpo = s:cpo_save 390unlet s:cpo_save 391