1" Vim syntax file 2" Language: sudoers(5) configuration files 3" Previous Maintainer: Nikolai Weibull <[email protected]> 4" Latest Revision: 2018-08-18 5" Recent Changes: Support for #include and #includedir. 6" Added many new options (Samuel D. Leslie) 7 8if exists("b:current_syntax") 9 finish 10endif 11 12let s:cpo_save = &cpo 13set cpo&vim 14 15" TODO: instead of 'skipnl', we would like to match a specific group that would 16" match \\$ and then continue with the nextgroup, actually, the skipnl doesn't 17" work... 18" TODO: treat 'ALL' like a special (yay, a bundle of new rules!!!) 19 20syn match sudoersUserSpec '^' nextgroup=@sudoersUserInSpec skipwhite 21 22syn match sudoersSpecEquals contained '=' nextgroup=@sudoersCmndSpecList skipwhite 23 24syn cluster sudoersCmndSpecList contains=sudoersUserRunasBegin,sudoersPASSWD,@sudoersCmndInSpec 25 26syn keyword sudoersTodo contained TODO FIXME XXX NOTE 27 28syn region sudoersComment display oneline start='#' end='$' contains=sudoersTodo 29syn region sudoersInclude display oneline start='#\(include\|includedir\)' end='$' 30 31syn keyword sudoersAlias User_Alias Runas_Alias nextgroup=sudoersUserAlias skipwhite skipnl 32syn keyword sudoersAlias Host_Alias nextgroup=sudoersHostAlias skipwhite skipnl 33syn keyword sudoersAlias Cmnd_Alias nextgroup=sudoersCmndAlias skipwhite skipnl 34 35syn match sudoersUserAlias contained '\<\u[A-Z0-9_]*\>' nextgroup=sudoersUserAliasEquals skipwhite skipnl 36syn match sudoersUserNameInList contained '\<\l\+\>' nextgroup=@sudoersUserList skipwhite skipnl 37syn match sudoersUIDInList contained '#\d\+\>' nextgroup=@sudoersUserList skipwhite skipnl 38syn match sudoersGroupInList contained '%\l\+\>' nextgroup=@sudoersUserList skipwhite skipnl 39syn match sudoersUserNetgroupInList contained '+\l\+\>' nextgroup=@sudoersUserList skipwhite skipnl 40syn match sudoersUserAliasInList contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersUserList skipwhite skipnl 41 42syn match sudoersUserName contained '\<\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 43syn match sudoersUID contained '#\d\+\>' nextgroup=@sudoersParameter skipwhite skipnl 44syn match sudoersGroup contained '%\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 45syn match sudoersUserNetgroup contained '+\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 46syn match sudoersUserAliasRef contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersParameter skipwhite skipnl 47 48syn match sudoersUserNameInSpec contained '\<\l\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 49syn match sudoersUIDInSpec contained '#\d\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 50syn match sudoersGroupInSpec contained '%\l\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 51syn match sudoersUserNetgroupInSpec contained '+\l\+\>' nextgroup=@sudoersUserSpec skipwhite skipnl 52syn match sudoersUserAliasInSpec contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersUserSpec skipwhite skipnl 53 54syn match sudoersUserNameInRunas contained '\<\l\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 55syn match sudoersUIDInRunas contained '#\d\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 56syn match sudoersGroupInRunas contained '%\l\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 57syn match sudoersUserNetgroupInRunas contained '+\l\+\>' nextgroup=@sudoersUserRunas skipwhite skipnl 58syn match sudoersUserAliasInRunas contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersUserRunas skipwhite skipnl 59 60syn match sudoersHostAlias contained '\<\u[A-Z0-9_]*\>' nextgroup=sudoersHostAliasEquals skipwhite skipnl 61syn match sudoersHostNameInList contained '\<\l\+\>' nextgroup=@sudoersHostList skipwhite skipnl 62syn match sudoersIPAddrInList contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}' nextgroup=@sudoersHostList skipwhite skipnl 63syn match sudoersNetworkInList contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}\%(/\%(\%(\d\{1,3}\.\)\{3}\d\{1,3}\|\d\+\)\)\=' nextgroup=@sudoersHostList skipwhite skipnl 64syn match sudoersHostNetgroupInList contained '+\l\+\>' nextgroup=@sudoersHostList skipwhite skipnl 65syn match sudoersHostAliasInList contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersHostList skipwhite skipnl 66 67syn match sudoersHostName contained '\<\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 68syn match sudoersIPAddr contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}' nextgroup=@sudoersParameter skipwhite skipnl 69syn match sudoersNetwork contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}\%(/\%(\%(\d\{1,3}\.\)\{3}\d\{1,3}\|\d\+\)\)\=' nextgroup=@sudoersParameter skipwhite skipnl 70syn match sudoersHostNetgroup contained '+\l\+\>' nextgroup=@sudoersParameter skipwhite skipnl 71syn match sudoersHostAliasRef contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersParameter skipwhite skipnl 72 73syn match sudoersHostNameInSpec contained '\<\l\+\>' nextgroup=@sudoersHostSpec skipwhite skipnl 74syn match sudoersIPAddrInSpec contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}' nextgroup=@sudoersHostSpec skipwhite skipnl 75syn match sudoersNetworkInSpec contained '\%(\d\{1,3}\.\)\{3}\d\{1,3}\%(/\%(\%(\d\{1,3}\.\)\{3}\d\{1,3}\|\d\+\)\)\=' nextgroup=@sudoersHostSpec skipwhite skipnl 76syn match sudoersHostNetgroupInSpec contained '+\l\+\>' nextgroup=@sudoersHostSpec skipwhite skipnl 77syn match sudoersHostAliasInSpec contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersHostSpec skipwhite skipnl 78 79syn match sudoersCmndAlias contained '\<\u[A-Z0-9_]*\>' nextgroup=sudoersCmndAliasEquals skipwhite skipnl 80syn match sudoersCmndNameInList contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=@sudoersCmndList,sudoersCommandEmpty,sudoersCommandArgs skipwhite 81syn match sudoersCmndAliasInList contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersCmndList skipwhite skipnl 82 83syn match sudoersCmndNameInSpec contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=@sudoersCmndSpec,sudoersCommandEmptyInSpec,sudoersCommandArgsInSpec skipwhite 84syn match sudoersCmndAliasInSpec contained '\<\u[A-Z0-9_]*\>' nextgroup=@sudoersCmndSpec skipwhite skipnl 85 86syn match sudoersUserAliasEquals contained '=' nextgroup=@sudoersUserInList skipwhite skipnl 87syn match sudoersUserListComma contained ',' nextgroup=@sudoersUserInList skipwhite skipnl 88syn match sudoersUserListColon contained ':' nextgroup=sudoersUserAlias skipwhite skipnl 89syn cluster sudoersUserList contains=sudoersUserListComma,sudoersUserListColon 90 91syn match sudoersUserSpecComma contained ',' nextgroup=@sudoersUserInSpec skipwhite skipnl 92syn cluster sudoersUserSpec contains=sudoersUserSpecComma,@sudoersHostInSpec 93 94syn match sudoersUserRunasBegin contained '(' nextgroup=@sudoersUserInRunas skipwhite skipnl 95syn match sudoersUserRunasComma contained ',' nextgroup=@sudoersUserInRunas skipwhite skipnl 96syn match sudoersUserRunasEnd contained ')' nextgroup=sudoersPASSWD,@sudoersCmndInSpec skipwhite skipnl 97syn cluster sudoersUserRunas contains=sudoersUserRunasComma,@sudoersUserInRunas,sudoersUserRunasEnd 98 99 100syn match sudoersHostAliasEquals contained '=' nextgroup=@sudoersHostInList skipwhite skipnl 101syn match sudoersHostListComma contained ',' nextgroup=@sudoersHostInList skipwhite skipnl 102syn match sudoersHostListColon contained ':' nextgroup=sudoersHostAlias skipwhite skipnl 103syn cluster sudoersHostList contains=sudoersHostListComma,sudoersHostListColon 104 105syn match sudoersHostSpecComma contained ',' nextgroup=@sudoersHostInSpec skipwhite skipnl 106syn cluster sudoersHostSpec contains=sudoersHostSpecComma,sudoersSpecEquals 107 108 109syn match sudoersCmndAliasEquals contained '=' nextgroup=@sudoersCmndInList skipwhite skipnl 110syn match sudoersCmndListComma contained ',' nextgroup=@sudoersCmndInList skipwhite skipnl 111syn match sudoersCmndListColon contained ':' nextgroup=sudoersCmndAlias skipwhite skipnl 112syn cluster sudoersCmndList contains=sudoersCmndListComma,sudoersCmndListColon 113 114syn match sudoersCmndSpecComma contained ',' nextgroup=@sudoersCmndSpecList skipwhite skipnl 115syn match sudoersCmndSpecColon contained ':' nextgroup=@sudoersUserInSpec skipwhite skipnl 116syn cluster sudoersCmndSpec contains=sudoersCmndSpecComma,sudoersCmndSpecColon 117 118syn cluster sudoersUserInList contains=sudoersUserNegationInList,sudoersUserNameInList,sudoersUIDInList,sudoersGroupInList,sudoersUserNetgroupInList,sudoersUserAliasInList 119syn cluster sudoersHostInList contains=sudoersHostNegationInList,sudoersHostNameInList,sudoersIPAddrInList,sudoersNetworkInList,sudoersHostNetgroupInList,sudoersHostAliasInList 120syn cluster sudoersCmndInList contains=sudoersCmndNegationInList,sudoersCmndNameInList,sudoersCmndAliasInList 121 122syn cluster sudoersUser contains=sudoersUserNegation,sudoersUserName,sudoersUID,sudoersGroup,sudoersUserNetgroup,sudoersUserAliasRef 123syn cluster sudoersHost contains=sudoersHostNegation,sudoersHostName,sudoersIPAddr,sudoersNetwork,sudoersHostNetgroup,sudoersHostAliasRef 124 125syn cluster sudoersUserInSpec contains=sudoersUserNegationInSpec,sudoersUserNameInSpec,sudoersUIDInSpec,sudoersGroupInSpec,sudoersUserNetgroupInSpec,sudoersUserAliasInSpec 126syn cluster sudoersHostInSpec contains=sudoersHostNegationInSpec,sudoersHostNameInSpec,sudoersIPAddrInSpec,sudoersNetworkInSpec,sudoersHostNetgroupInSpec,sudoersHostAliasInSpec 127syn cluster sudoersUserInRunas contains=sudoersUserNegationInRunas,sudoersUserNameInRunas,sudoersUIDInRunas,sudoersGroupInRunas,sudoersUserNetgroupInRunas,sudoersUserAliasInRunas 128syn cluster sudoersCmndInSpec contains=sudoersCmndNegationInSpec,sudoersCmndNameInSpec,sudoersCmndAliasInSpec 129 130syn match sudoersUserNegationInList contained '!\+' nextgroup=@sudoersUserInList skipwhite skipnl 131syn match sudoersHostNegationInList contained '!\+' nextgroup=@sudoersHostInList skipwhite skipnl 132syn match sudoersCmndNegationInList contained '!\+' nextgroup=@sudoersCmndInList skipwhite skipnl 133 134syn match sudoersUserNegation contained '!\+' nextgroup=@sudoersUser skipwhite skipnl 135syn match sudoersHostNegation contained '!\+' nextgroup=@sudoersHost skipwhite skipnl 136 137syn match sudoersUserNegationInSpec contained '!\+' nextgroup=@sudoersUserInSpec skipwhite skipnl 138syn match sudoersHostNegationInSpec contained '!\+' nextgroup=@sudoersHostInSpec skipwhite skipnl 139syn match sudoersUserNegationInRunas contained '!\+' nextgroup=@sudoersUserInRunas skipwhite skipnl 140syn match sudoersCmndNegationInSpec contained '!\+' nextgroup=@sudoersCmndInSpec skipwhite skipnl 141 142syn match sudoersCommandArgs contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersCommandArgs,@sudoersCmndList skipwhite 143syn match sudoersCommandEmpty contained '""' nextgroup=@sudoersCmndList skipwhite skipnl 144 145syn match sudoersCommandArgsInSpec contained '[^[:space:],:=\\]\+\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersCommandArgsInSpec,@sudoersCmndSpec skipwhite 146syn match sudoersCommandEmptyInSpec contained '""' nextgroup=@sudoersCmndSpec skipwhite skipnl 147 148syn keyword sudoersDefaultEntry Defaults nextgroup=sudoersDefaultTypeAt,sudoersDefaultTypeColon,sudoersDefaultTypeGreaterThan,@sudoersParameter skipwhite skipnl 149syn match sudoersDefaultTypeAt contained '@' nextgroup=@sudoersHost skipwhite skipnl 150syn match sudoersDefaultTypeColon contained ':' nextgroup=@sudoersUser skipwhite skipnl 151syn match sudoersDefaultTypeGreaterThan contained '>' nextgroup=@sudoersUser skipwhite skipnl 152 153" TODO: could also deal with special characters here 154syn match sudoersBooleanParameter contained '!' nextgroup=sudoersBooleanParameter skipwhite skipnl 155syn keyword sudoersBooleanParameter contained skipwhite skipnl 156 \ always_query_group_plugin 157 \ always_set_home 158 \ authenticate 159 \ closefrom_override 160 \ compress_io 161 \ env_editor 162 \ env_reset 163 \ exec_background 164 \ fast_glob 165 \ fqdn 166 \ ignore_audit_errors 167 \ ignore_dot 168 \ ignore_iolog_errors 169 \ ignore_local_sudoers 170 \ ignore_logfile_errors 171 \ ignore_unknown_defaults 172 \ insults 173 \ log_host 174 \ log_input 175 \ log_output 176 \ log_year 177 \ long_otp_prompt 178 \ mail_all_cmnds 179 \ mail_always 180 \ mail_badpass 181 \ mail_no_host 182 \ mail_no_perms 183 \ mail_no_user 184 \ match_group_by_gid 185 \ netgroup_tuple 186 \ noexec 187 \ pam_session 188 \ pam_setcred 189 \ passprompt_override 190 \ path_info 191 \ preserve_groups 192 \ pwfeedback 193 \ requiretty 194 \ root_sudo 195 \ rootpw 196 \ runaspw 197 \ set_home 198 \ set_logname 199 \ set_utmp 200 \ setenv 201 \ shell_noargs 202 \ stay_setuid 203 \ sudoedit_checkdir 204 \ sudoedit_fellow 205 \ syslog_pid 206 \ targetpw 207 \ tty_tickets 208 \ umask_override 209 \ use_netgroups 210 \ use_pty 211 \ user_command_timeouts 212 \ utmp_runas 213 \ visiblepw 214 215syn keyword sudoersIntegerParameter contained 216 \ nextgroup=sudoersIntegerParameterEquals 217 \ skipwhite skipnl 218 \ closefrom 219 \ command_timeout 220 \ loglinelen 221 \ maxseq 222 \ passwd_timeout 223 \ passwd_tries 224 \ syslog_maxlen 225 \ timestamp_timeout 226 \ umask 227 228syn keyword sudoersStringParameter contained 229 \ nextgroup=sudoersStringParameterEquals 230 \ skipwhite skipnl 231 \ askpass 232 \ badpass_message 233 \ editor 234 \ env_file 235 \ exempt_group 236 \ fdexec 237 \ group_plugin 238 \ iolog_dir 239 \ iolog_file 240 \ iolog_flush 241 \ iolog_group 242 \ iolog_mode 243 \ iolog_user 244 \ lecture 245 \ lecture_file 246 \ lecture_status_dir 247 \ listpw 248 \ logfile 249 \ mailerflags 250 \ mailerpath 251 \ mailfrom 252 \ mailsub 253 \ mailto 254 \ noexec_file 255 \ pam_login_service 256 \ pam_service 257 \ passprompt 258 \ restricted_env_file 259 \ role 260 \ runas_default 261 \ secure_path 262 \ sudoers_locale 263 \ syslog 264 \ syslog_badpri 265 \ syslog_goodpri 266 \ timestamp_type 267 \ timestampdir 268 \ timestampowner 269 \ type 270 \ verifypw 271 272syn keyword sudoersListParameter contained 273 \ nextgroup=sudoersListParameterEquals 274 \ skipwhite skipnl 275 \ env_check 276 \ env_delete 277 \ env_keep 278 279syn match sudoersParameterListComma contained ',' nextgroup=@sudoersParameter skipwhite skipnl 280 281syn cluster sudoersParameter contains=sudoersBooleanParameter,sudoersIntegerParameter,sudoersStringParameter,sudoersListParameter 282 283syn match sudoersIntegerParameterEquals contained '[+-]\==' nextgroup=sudoersIntegerValue skipwhite skipnl 284syn match sudoersStringParameterEquals contained '[+-]\==' nextgroup=sudoersStringValue skipwhite skipnl 285syn match sudoersListParameterEquals contained '[+-]\==' nextgroup=sudoersListValue skipwhite skipnl 286 287syn match sudoersIntegerValue contained '\d\+' nextgroup=sudoersParameterListComma skipwhite skipnl 288syn match sudoersStringValue contained '[^[:space:],:=\\]*\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersParameterListComma skipwhite skipnl 289syn region sudoersStringValue contained start=+"+ skip=+\\"+ end=+"+ nextgroup=sudoersParameterListComma skipwhite skipnl 290syn match sudoersListValue contained '[^[:space:],:=\\]*\%(\\[[:space:],:=\\][^[:space:],:=\\]*\)*' nextgroup=sudoersParameterListComma skipwhite skipnl 291syn region sudoersListValue contained start=+"+ skip=+\\"+ end=+"+ nextgroup=sudoersParameterListComma skipwhite skipnl 292 293syn match sudoersPASSWD contained '\%(NO\)\=PASSWD:' nextgroup=@sudoersCmndInSpec skipwhite 294 295hi def link sudoersSpecEquals Operator 296hi def link sudoersTodo Todo 297hi def link sudoersComment Comment 298hi def link sudoersAlias Keyword 299hi def link sudoersUserAlias Identifier 300hi def link sudoersUserNameInList String 301hi def link sudoersUIDInList Number 302hi def link sudoersGroupInList PreProc 303hi def link sudoersUserNetgroupInList PreProc 304hi def link sudoersUserAliasInList PreProc 305hi def link sudoersUserName String 306hi def link sudoersUID Number 307hi def link sudoersGroup PreProc 308hi def link sudoersUserNetgroup PreProc 309hi def link sudoersUserAliasRef PreProc 310hi def link sudoersUserNameInSpec String 311hi def link sudoersUIDInSpec Number 312hi def link sudoersGroupInSpec PreProc 313hi def link sudoersUserNetgroupInSpec PreProc 314hi def link sudoersUserAliasInSpec PreProc 315hi def link sudoersUserNameInRunas String 316hi def link sudoersUIDInRunas Number 317hi def link sudoersGroupInRunas PreProc 318hi def link sudoersUserNetgroupInRunas PreProc 319hi def link sudoersUserAliasInRunas PreProc 320hi def link sudoersHostAlias Identifier 321hi def link sudoersHostNameInList String 322hi def link sudoersIPAddrInList Number 323hi def link sudoersNetworkInList Number 324hi def link sudoersHostNetgroupInList PreProc 325hi def link sudoersHostAliasInList PreProc 326hi def link sudoersHostName String 327hi def link sudoersIPAddr Number 328hi def link sudoersNetwork Number 329hi def link sudoersHostNetgroup PreProc 330hi def link sudoersHostAliasRef PreProc 331hi def link sudoersHostNameInSpec String 332hi def link sudoersIPAddrInSpec Number 333hi def link sudoersNetworkInSpec Number 334hi def link sudoersHostNetgroupInSpec PreProc 335hi def link sudoersHostAliasInSpec PreProc 336hi def link sudoersCmndAlias Identifier 337hi def link sudoersCmndNameInList String 338hi def link sudoersCmndAliasInList PreProc 339hi def link sudoersCmndNameInSpec String 340hi def link sudoersCmndAliasInSpec PreProc 341hi def link sudoersUserAliasEquals Operator 342hi def link sudoersUserListComma Delimiter 343hi def link sudoersUserListColon Delimiter 344hi def link sudoersUserSpecComma Delimiter 345hi def link sudoersUserRunasBegin Delimiter 346hi def link sudoersUserRunasComma Delimiter 347hi def link sudoersUserRunasEnd Delimiter 348hi def link sudoersHostAliasEquals Operator 349hi def link sudoersHostListComma Delimiter 350hi def link sudoersHostListColon Delimiter 351hi def link sudoersHostSpecComma Delimiter 352hi def link sudoersCmndAliasEquals Operator 353hi def link sudoersCmndListComma Delimiter 354hi def link sudoersCmndListColon Delimiter 355hi def link sudoersCmndSpecComma Delimiter 356hi def link sudoersCmndSpecColon Delimiter 357hi def link sudoersUserNegationInList Operator 358hi def link sudoersHostNegationInList Operator 359hi def link sudoersCmndNegationInList Operator 360hi def link sudoersUserNegation Operator 361hi def link sudoersHostNegation Operator 362hi def link sudoersUserNegationInSpec Operator 363hi def link sudoersHostNegationInSpec Operator 364hi def link sudoersUserNegationInRunas Operator 365hi def link sudoersCmndNegationInSpec Operator 366hi def link sudoersCommandArgs String 367hi def link sudoersCommandEmpty Special 368hi def link sudoersDefaultEntry Keyword 369hi def link sudoersDefaultTypeAt Special 370hi def link sudoersDefaultTypeColon Special 371hi def link sudoersDefaultTypeGreaterThan Special 372hi def link sudoersBooleanParameter Identifier 373hi def link sudoersIntegerParameter Identifier 374hi def link sudoersStringParameter Identifier 375hi def link sudoersListParameter Identifier 376hi def link sudoersParameterListComma Delimiter 377hi def link sudoersIntegerParameterEquals Operator 378hi def link sudoersStringParameterEquals Operator 379hi def link sudoersListParameterEquals Operator 380hi def link sudoersIntegerValue Number 381hi def link sudoersStringValue String 382hi def link sudoersListValue String 383hi def link sudoersPASSWD Special 384hi def link sudoersInclude Statement 385 386let b:current_syntax = "sudoers" 387 388let &cpo = s:cpo_save 389unlet s:cpo_save 390