S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs [-\b-e\beh\bhV\bV] [-\b-b\bb _\bd_\bn] [-\b-c\bc _\bc_\bo_\bn_\bf_\b__\bf_\bi_\bl_\be] [-\b-f\bf _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bo_\br_\bm_\ba_\bt]
[-\b-i\bi _\bi_\bn_\bp_\bu_\bt_\b__\bf_\bo_\br_\bm_\ba_\bt] [-\b-I\bI _\bi_\bn_\bc_\br_\be_\bm_\be_\bn_\bt] [-\b-m\bm _\bf_\bi_\bl_\bt_\be_\br] [-\b-o\bo _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be]
- [-\b-O\bO _\bs_\bt_\ba_\br_\bt_\b__\bp_\bo_\bi_\bn_\bt] [_\bi_\bn_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be]
+ [-\b-O\bO _\bs_\bt_\ba_\br_\bt_\b__\bp_\bo_\bi_\bn_\bt] [-\b-s\bs _\bs_\be_\bc_\bt_\bi_\bo_\bn_\bs] [_\bi_\bn_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be]
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs can be used to convert between _\bs_\bu_\bd_\bo_\be_\br_\bs security policy file
point of 0 will disable the generation of sudoOrder
attributes in the resulting LDIF file.
+ -\b-s\bs _\bs_\be_\bc_\bt_\bi_\bo_\bn_\bs, -\b--\b-s\bsu\bup\bpp\bpr\bre\bes\bss\bs=_\bs_\be_\bc_\bt_\bi_\bo_\bn_\bs
+ Suppress the output of specific _\bs_\be_\bc_\bt_\bi_\bo_\bn_\bs of the security
+ policy. One or more section names may be specified,
+ separated by a comma (`,'). The supported section name are:
+ d\bde\bef\bfa\bau\bul\blt\bts\bs, a\bal\bli\bia\bas\bse\bes\bs and p\bpr\bri\biv\bvi\bil\ble\beg\bge\bes\bs (which may be shortened to
+ p\bpr\bri\biv\bvs\bs).
+
-\b-V\bV, -\b--\b-v\bve\ber\brs\bsi\bio\bon\bn
Print the c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs and _\bs_\bu_\bd_\bo_\be_\br_\bs grammar versions and exit.
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.23 March 21, 2018 Sudo 1.8.23
+Sudo 1.8.23 March 22, 2018 Sudo 1.8.23
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "CVTSUDOERS" "8" "March 21, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "CVTSUDOERS" "8" "March 22, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
[\fB\-m\fR\ \fIfilter\fR]
[\fB\-o\fR\ \fIoutput_file\fR]
[\fB\-O\fR\ \fIstart_point\fR]
+[\fB\-s\fR\ \fIsections\fR]
[\fIinput_file\fR]
.SH "DESCRIPTION"
\fBcvtsudoers\fR
A starting point of 0 will disable the generation of sudoOrder
attributes in the resulting LDIF file.
.TP 12n
+\fB\-s\fR \fIsections\fR, \fB\--suppress\fR=\fIsections\fR
+Suppress the output of specific
+\fIsections\fR
+of the security policy.
+One or more section names may be specified, separated by a comma
+(\(oq\&,\(cq).
+The supported section name are:
+\fBdefaults\fR,
+\fBaliases\fR
+and
+\fBprivileges\fR
+(which may be shortened to
+\fBprivs\fR).
+.TP 12n
\fB\-V\fR, \fB\--version\fR
Print the
\fBcvtsudoers\fR
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd March 21, 2018
+.Dd March 22, 2018
.Dt CVTSUDOERS @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Op Fl m Ar filter
.Op Fl o Ar output_file
.Op Fl O Ar start_point
+.Op Fl s Ar sections
.Op Ar input_file
.Sh DESCRIPTION
.Nm
Defaults to a starting point of 1.
A starting point of 0 will disable the generation of sudoOrder
attributes in the resulting LDIF file.
+.It Fl s Ar sections , Fl -suppress Ns = Ns Ar sections
+Suppress the output of specific
+.Ar sections
+of the security policy.
+One or more section names may be specified, separated by a comma
+.Pq Ql \&, .
+The supported section name are:
+.Sy defaults ,
+.Sy aliases
+and
+.Sy privileges
+(which may be shortened to
+.Sy privs ) .
.It Fl V , -version
Print the
.Nm
struct cvtsudoers_filter *filters;
struct sudo_user sudo_user;
struct passwd *list_pw;
-static const char short_opts[] = "b:c:ef:hi:I:m:o:O:V";
+static const char short_opts[] = "b:c:ef:hi:I:m:o:O:s:V";
static struct option long_opts[] = {
{ "base", required_argument, NULL, 'b' },
{ "config", required_argument, NULL, 'c' },
{ "match", required_argument, NULL, 'm' },
{ "order-start", required_argument, NULL, 'O' },
{ "output", required_argument, NULL, 'o' },
+ { "suppress", required_argument, NULL, 's' },
{ "version", no_argument, NULL, 'V' },
{ NULL, no_argument, NULL, '\0' },
};
static bool alias_remove_unused(void);
static struct cvtsudoers_config *cvtsudoers_conf_read(const char *conf_file);
static void cvtsudoers_conf_free(struct cvtsudoers_config *conf);
+static int cvtsudoers_parse_suppression(char *expression);
static void filter_userspecs(void);
static void filter_defaults(void);
usage(1);
}
break;
+ case 's':
+ conf->suppress = cvtsudoers_parse_suppression(optarg);
+ if (conf->suppress == -1)
+ usage(1);
+ break;
case 'V':
(void) printf(_("%s version %s\n"), getprogname(),
PACKAGE_VERSION);
debug_return;
}
+static int
+cvtsudoers_parse_suppression(char *expression)
+{
+ char *last = NULL, *cp = expression;
+ int flags = 0;
+ debug_decl(cvtsudoers_parse_suppression, SUDOERS_DEBUG_UTIL)
+
+ for ((cp = strtok_r(cp, ",", &last)); cp != NULL; (cp = strtok_r(NULL, ",", &last))) {
+ if (strcasecmp(cp, "defaults") == 0) {
+ SET(flags, SUPPRESS_DEFAULTS);
+ } else if (strcasecmp(cp, "aliases") == 0) {
+ SET(flags, SUPPRESS_ALIASES);
+ } else if (strcasecmp(cp, "privileges") == 0 || strcasecmp(cp, "privs") == 0) {
+ SET(flags, SUPPRESS_PRIVS);
+ } else {
+ sudo_warnx(U_("invalid suppression type: %s"), cp);
+ debug_return_int(-1);
+ }
+ }
+
+ debug_return_int(flags);
+}
+
static bool
cvtsudoers_parse_filter(char *expression)
{
sudo_lbuf_init(&lbuf, convert_sudoers_output, 4, "\\", 80);
/* Print Defaults */
- if (!print_defaults_sudoers(&lbuf, conf->expand_aliases))
- goto done;
- if (lbuf.len > 0) {
- sudo_lbuf_print(&lbuf);
- sudo_lbuf_append(&lbuf, "\n");
+ if (!ISSET(conf->suppress, SUPPRESS_DEFAULTS)) {
+ if (!print_defaults_sudoers(&lbuf, conf->expand_aliases))
+ goto done;
+ if (lbuf.len > 0) {
+ sudo_lbuf_print(&lbuf);
+ sudo_lbuf_append(&lbuf, "\n");
+ }
}
/* Print Aliases */
- if (!conf->expand_aliases) {
+ if (!conf->expand_aliases && !ISSET(conf->suppress, SUPPRESS_ALIASES)) {
if (!print_aliases_sudoers(&lbuf))
goto done;
if (lbuf.len > 1) {
}
/* Print User_Specs, separated by blank lines. */
- if (!sudoers_format_userspecs(&lbuf, &userspecs, "\n", conf->expand_aliases, true))
- goto done;
- if (lbuf.len > 1) {
- sudo_lbuf_print(&lbuf);
+ if (!ISSET(conf->suppress, SUPPRESS_PRIVS)) {
+ if (!sudoers_format_userspecs(&lbuf, &userspecs, "\n",
+ conf->expand_aliases, true)) {
+ goto done;
+ }
+ if (lbuf.len > 1) {
+ sudo_lbuf_print(&lbuf);
+ }
}
done:
{
(void) fprintf(fatal ? stderr : stdout, "usage: %s [-ehV] [-b dn] "
"[-c conf_file ] [-f output_format] [-i input_format] [-I increment] "
- "[-m filter] [-o output_file] [-O start_point] [input_file]\n",
- getprogname());
+ "[-m filter] [-o output_file] [-O start_point] [-s sections] "
+ "[input_file]\n", getprogname());
if (fatal)
exit(1);
}
" -m, --match=filter only convert entries that match the filter expression\n"
" -o, --output=output_file write converted sudoers to output_file\n"
" -O, --order-start=num starting point for first sudoOrder\n"
+ " -s, --suppress=sections suppress output of certain sections\n"
" -V, --version display version information and exit"));
exit(0);
}
unsigned int refcnt;
};
+/* Flags for cvtsudoers_config.suppress */
+#define SUPPRESS_DEFAULTS 0x01
+#define SUPPRESS_ALIASES 0x02
+#define SUPPRESS_PRIVS 0x04
+
/* cvtsudoers.conf settings */
struct cvtsudoers_config {
char *sudoers_base;
char *filter;
unsigned int sudo_order;
unsigned int order_increment;
+ int suppress;
bool expand_aliases;
bool store_options;
};
/* Initial config settings for above. */
-#define INITIAL_CONFIG { NULL, NULL, NULL, NULL, 1, 1, false, true }
+#define INITIAL_CONFIG { NULL, NULL, NULL, NULL, 1, 1, 0, false, true }
#define CONF_BOOL 0
#define CONF_UINT 1
putc('{', output_fp);
/* Dump Defaults in JSON format. */
- need_comma = print_defaults_json(output_fp, indent, conf->expand_aliases, need_comma);
+ if (!ISSET(conf->suppress, SUPPRESS_DEFAULTS)) {
+ need_comma = print_defaults_json(output_fp, indent,
+ conf->expand_aliases, need_comma);
+ }
/* Dump Aliases in JSON format. */
- if (!conf->expand_aliases)
+ if (!conf->expand_aliases && !ISSET(conf->suppress, SUPPRESS_ALIASES))
need_comma = print_aliases_json(output_fp, indent, need_comma);
/* Dump User_Specs in JSON format. */
- print_userspecs_json(output_fp, indent, conf->expand_aliases, need_comma);
+ if (!ISSET(conf->suppress, SUPPRESS_PRIVS)) {
+ print_userspecs_json(output_fp, indent, conf->expand_aliases,
+ need_comma);
+ }
/* Close JSON output. */
fputs("\n}\n", output_fp);
seen_users = rbcreate(seen_user_compare);
/* Dump global Defaults in LDIF format. */
- print_global_defaults_ldif(output_fp, conf->sudoers_base);
+ if (!ISSET(conf->suppress, SUPPRESS_DEFAULTS))
+ print_global_defaults_ldif(output_fp, conf->sudoers_base);
/* Dump User_Specs in LDIF format, expanding Aliases. */
- print_userspecs_ldif(output_fp, conf);
+ if (!ISSET(conf->suppress, SUPPRESS_PRIVS))
+ print_userspecs_ldif(output_fp, conf);
/* Clean up. */
rbdestroy(seen_users, seen_user_free);
projects / sudo / commitdiff