From: Todd C. Miller Date: Thu, 26 Jul 2012 17:50:26 +0000 (-0400) Subject: Add post-processing scripts to strip out login class, BSD auth, X-Git-Tag: SUDO_1_8_6^2~82 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=336233c2e52498664f0d41cea1acf072cc1b8220;p=sudo Add post-processing scripts to strip out login class, BSD auth, SELinux and privilege set bits when they are not supported. --- diff --git a/MANIFEST b/MANIFEST index f5c9381f0..3979ddd3b 100644 --- a/MANIFEST +++ b/MANIFEST @@ -81,7 +81,9 @@ doc/schema.OpenLDAP doc/schema.iPlanet doc/sudo.cat doc/sudo.man.in +doc/sudo.man.sh doc/sudo.mdoc.in +doc/sudo.mdoc.sh doc/sudo_plugin.cat doc/sudo_plugin.man.in doc/sudo_plugin.mdoc.in @@ -90,7 +92,9 @@ doc/sudoers.ldap.cat doc/sudoers.ldap.man.in doc/sudoers.ldap.mdoc.in doc/sudoers.man.in +doc/sudoers.man.sh doc/sudoers.mdoc.in +doc/sudoers.mdoc.sh doc/sudoreplay.cat doc/sudoreplay.man.in doc/sudoreplay.mdoc.in diff --git a/doc/Makefile.in b/doc/Makefile.in index ef64a74c5..98ccf79ce 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2011 Todd C. Miller +# Copyright (c) 2012 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -26,6 +26,7 @@ top_srcdir = @top_srcdir@ cross_compiling = @CROSS_COMPILING@ # Tools to use +SED = @SED@ NROFF = @NROFFPROG@ MANDOC = mandoc MANCOMPRESS = @MANCOMPRESS@ @@ -96,7 +97,7 @@ Makefile: $(srcdir)/Makefile.in varsub: $(top_srcdir)/configure.in @if [ -n "$(DEVEL)" ]; then \ printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#5#g\ns#@%s@#8#g\ns#@%s@#%s#\n' SEMAN BAMAN LCMAN PSMAN sysconfdir prefix mansectform mansectsu PACKAGE_VERSION $(VERSION) > $@; \ - sed -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(top_srcdir)/configure.in | sed -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@; \ + $(SED) -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(top_srcdir)/configure.in | $(SED) -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@; \ fi $(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in @@ -106,20 +107,20 @@ $(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in\n' >> $@; \ - sed -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.mdoc.in >> $@; \ - sed -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | sed -e 's/^\(\.TH "SUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.mdoc.in >> $@; \ + $(SED) -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi -sudo.man: $(srcdir)/sudo.man.in - (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) +sudo.man: $(srcdir)/sudo.man.in $(srcdir)/sudo.man.sh + $(SHELL) $(top_builddir)/config.status --file=- < $@.in | SED=$(SED) BAMAN=@BAMAN@ LCMAN=@LCMAN@ SEMAN=@SEMAN@ $(SHELL) $(srcdir)/$@.sh > $@ -sudo.mdoc: $(srcdir)/sudo.mdoc.in - (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) +sudo.mdoc: $(srcdir)/sudo.mdoc.in $(srcdir)/sudo.mdoc.sh + $(SHELL) $(top_builddir)/config.status --file=- < $@.in | SED=$(SED) BAMAN=@BAMAN@ LCMAN=@LCMAN@ SEMAN=@SEMAN@ $(SHELL) $(srcdir)/$@.sh > $@ $(srcdir)/sudo.cat: varsub $(srcdir)/sudo.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - sed -f varsub $(srcdir)/sudo.mdoc.in | $(NROFF) -mdoc | sed -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + $(SED) -f varsub $(srcdir)/sudo.mdoc.in | $(NROFF) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/visudo.man.in: $(srcdir)/visudo.mdoc.in @@ -129,8 +130,8 @@ $(srcdir)/visudo.man.in: $(srcdir)/visudo.mdoc.in mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in\n' >> $@; \ - sed -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/visudo.mdoc.in >> $@; \ - sed -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | sed -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/visudo.mdoc.in >> $@; \ + $(SED) -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi visudo.man: $(srcdir)/visudo.man.in @@ -142,7 +143,7 @@ visudo.mdoc: $(srcdir)/visudo.mdoc.in $(srcdir)/visudo.cat: varsub $(srcdir)/visudo.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - sed -f varsub $(srcdir)/visudo.mdoc.in | $(NROFF) -mdoc | sed -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + $(SED) -f varsub $(srcdir)/visudo.mdoc.in | $(NROFF) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in @@ -152,20 +153,20 @@ $(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in\n' >> $@; \ - sed -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoers.mdoc.in >> $@; \ - sed -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | sed -e 's/^\(\.TH "SUDOERS" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoers.mdoc.in >> $@; \ + $(SED) -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi -sudoers.man: $(srcdir)/sudoers.man.in - (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) +sudoers.man: $(srcdir)/sudoers.man.in $(srcdir)/sudoers.man.sh + $(SHELL) $(top_builddir)/config.status --file=- < $@.in | SED=$(SED) LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/$@.sh > $@ -sudoers.mdoc: $(srcdir)/sudoers.mdoc.in - (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@) +sudoers.mdoc: $(srcdir)/sudoers.mdoc.in $(srcdir)/sudoers.mdoc.sh + $(SHELL) $(top_builddir)/config.status --file=- < $@.in | SED=$(SED) LCMAN=@LCMAN@ SEMAN=@SEMAN@ PSMAN=@PSMAN@ $(SHELL) $(srcdir)/$@.sh > $@ $(srcdir)/sudoers.cat: varsub $(srcdir)/sudoers.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - sed -f varsub $(srcdir)/sudoers.mdoc.in | $(NROFF) -mdoc | sed -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + $(SED) -f varsub $(srcdir)/sudoers.mdoc.in | $(NROFF) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.mdoc.in @@ -175,8 +176,8 @@ $(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.mdoc.in mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudoers.ldap.mdoc.in\n' >> $@; \ - sed -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoers.ldap.mdoc.in >> $@; \ - sed -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | sed -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoers.ldap.mdoc.in >> $@; \ + $(SED) -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudoers.ldap.man: $(srcdir)/sudoers.ldap.man.in @@ -188,7 +189,7 @@ sudoers.ldap.mdoc: $(srcdir)/sudoers.ldap.mdoc.in $(srcdir)/sudoers.ldap.cat: varsub $(srcdir)/sudoers.ldap.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - sed -f varsub $(srcdir)/sudoers.ldap.mdoc.in | $(NROFF) -mdoc | sed -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + $(SED) -f varsub $(srcdir)/sudoers.ldap.mdoc.in | $(NROFF) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in @@ -198,8 +199,8 @@ $(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in\n' >> $@; \ - sed -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoreplay.mdoc.in >> $@; \ - sed -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | sed -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudoreplay.mdoc.in >> $@; \ + $(SED) -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudoreplay.man: $(srcdir)/sudoreplay.man.in @@ -211,7 +212,7 @@ sudoreplay.mdoc: $(srcdir)/sudoreplay.mdoc.in $(srcdir)/sudoreplay.cat: varsub $(srcdir)/sudoreplay.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - sed -f varsub $(srcdir)/sudoreplay.mdoc.in | $(NROFF) -mdoc | sed -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + $(SED) -f varsub $(srcdir)/sudoreplay.mdoc.in | $(NROFF) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi $(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in @@ -221,8 +222,8 @@ $(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; \ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo_plugin.mdoc.in\n' >> $@; \ - sed -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo_plugin.mdoc.in >> $@; \ - sed -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | sed -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo_plugin.mdoc.in >> $@; \ + $(SED) -e 's/^\.Os.*/.Os @PACKAGE_VERSION@/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ fi sudo_plugin.man: $(srcdir)/sudo_plugin.man.in @@ -234,13 +235,13 @@ sudo_plugin.mdoc: $(srcdir)/sudo_plugin.mdoc.in $(srcdir)/sudo_plugin.cat: varsub $(srcdir)/sudo_plugin.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - sed -f varsub $(srcdir)/sudo_plugin.mdoc.in | $(NROFF) -mdoc | sed -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + $(SED) -f varsub $(srcdir)/sudo_plugin.mdoc.in | $(NROFF) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi CONTRIBUTORS: $(srcdir)/contributors.pod @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - pod2text -l -i0 $(srcdir)/contributors.pod | sed '1,3d' > $@; \ + pod2text -l -i0 $(srcdir)/contributors.pod | $(SED) '1,3d' > $@; \ fi HISTORY: $(srcdir)/history.pod @@ -252,7 +253,7 @@ HISTORY: $(srcdir)/history.pod LICENSE: $(srcdir)/license.pod @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ - pod2text -l -i0 $(srcdir)/license.pod | sed '1,3d' > $@; \ + pod2text -l -i0 $(srcdir)/license.pod | $(SED) '1,3d' > $@; \ fi pre-install: diff --git a/doc/sudo.man.sh b/doc/sudo.man.sh new file mode 100644 index 000000000..2f128c218 --- /dev/null +++ b/doc/sudo.man.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +: ${SED='sed'} + +# BSD auth +BA_FLAG="" +BA_ITEM="" +if [ X"$BAMAN" != X"1" ]; then + BA_FLAG=';/^\[\\fB\\-a\\fR\\ \\fIauth_type\\fR/d' + BA_ITEM=';/^\\fB\\-a\\fR \\fItype\\fR$/,/^\.TP 12n$/{;/^\.PD$/!d;}' +fi + +# BSD login class +LC_FLAG="" +LC_ITEM="" +if [ X"$LCMAN" != X"1" ]; then + LC_FLAG=';/^\[\\fB\\-c\\fR\\ \\fIclass\\fR/d' + LC_ITEM=';/^\\fB\\-c\\fR \\fIclass\\fR$/,/^\.TP 12n$/{;/^\.PD$/!d;}' +fi + +# SELinux +SE_FLAG="" +SE_ITEM="" +if [ X"$SEMAN" != X"1" ]; then + SE_FLAG=';/^\[\\fB\\-[rt]\\fR\\ \\fI[rt][oy][lp]e\\fR/d' + SE_ITEM=';/^\\fB\\-[rt]\\fR \\fI[rt][oy][lp]e\\fR$/,/^\.TP 12n$/{;/^\.PD$/!d;}' +fi + +# Now put it all together and replace "0 minutes" with "unlimited" +$SED -e '/^\\fR0\\fR$/{;N;s/^\\fR0\\fR\nminutes\.$/unlimited./;}'"$BA_FLAG$LC_FLAG$SE_FLAG$BA_ITEM$LC_ITEM$SE_ITEM" +#!/bin/sh + +: ${SED='sed'} + +# BSD auth +BA_FLAG="" +BA_ITEM="" +if [ X"$BAMAN" != X"1" ]; then + BA_FLAG=';/^\[\\fB\\-a\\fR\\ \\fIauth_type\\fR/d' + BA_ITEM=';/^\\fB\\-a\\fR \\fItype\\fR$/,/^\.TP 12n$/{;/^\.PD$/!d;}' +fi + +# BSD login class +LC_FLAG="" +LC_ITEM="" +if [ X"$LCMAN" != X"1" ]; then + LC_FLAG=';/^\[\\fB\\-c\\fR\\ \\fIclass\\fR/d' + LC_ITEM=';/^\\fB\\-c\\fR \\fIclass\\fR$/,/^\.TP 12n$/{;/^\.PD$/!d;}' +fi + +# SELinux +SE_FLAG="" +SE_ITEM="" +if [ X"$SEMAN" != X"1" ]; then + SE_FLAG=';/^\[\\fB\\-[rt]\\fR\\ \\fI[rt][oy][lp]e\\fR/d' + SE_ITEM=';/^\\fB\\-[rt]\\fR \\fI[rt][oy][lp]e\\fR$/,/^\.TP 12n$/{;/^\.PD$/!d;}' +fi + +# Now put it all together and replace "0 minutes" with "unlimited" +$SED -e '/^\\fR0\\fR$/{;N;s/^\\fR0\\fR\nminutes\.$/unlimited./;}'"$BA_FLAG$LC_FLAG$SE_FLAG$BA_ITEM$LC_ITEM$SE_ITEM" diff --git a/doc/sudo.mdoc.sh b/doc/sudo.mdoc.sh new file mode 100644 index 000000000..5fea6293d --- /dev/null +++ b/doc/sudo.mdoc.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +: ${SED='sed'} + +# BSD auth +BA_FLAG="" +BA_ITEM="" +if [ X"$BAMAN" != X"1" ]; then + BA_FLAG='/^.*\n\.Op Fl a Ar auth_type/{;N;/^.*\n\.Ek$/d;};' + BA_ITEM=';/^\.It Fl a Ar type/,/BSD authentication\.$/{;d;}' +fi + +# BSD login class +LC_FLAG="" +LC_ITEM="" +if [ X"$LCMAN" != X"1" ]; then + LC_FLAG='/^.*\n\.Op Fl c Ar class/{;N;/^.*\n\.Ek$/d;};' + LC_ITEM=';/^\.It Fl c Ar class/,/BSD login classes\.$/{;d;};/^\.Xr login_cap 3 ,$/d' +fi + +# SELinux +SE_FLAG="" +SE_ITEM="" +if [ X"$SEMAN" != X"1" ]; then + SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};' + SE_ITEM=';/^\.It Fl r Ar role/,/newline character\.$/{;d;};/^\.It Fl t Ar type/,/specified role\.$/{;d;}' +fi + +# Unsupported flags must be removed together +RM_FLAGS="" +if [ -n "$BA_FLAG$LC_FLAG$SE_FLAG" ]; then + RM_FLAGS=";/^\.Bk -words\$/{;N;$BA_FLAG$LC_FLAG$SE_FLAG}" +fi + +# Now put it all together and replace "0 minutes" with "unlimited" +$SED -e '/^\.Li 0$/{;N;s/^\.Li 0\nminutes\.$/unlimited./;}'"$RM_FLAGS$BA_ITEM$LC_ITEM$SE_ITEM" +#!/bin/sh + +: ${SED='sed'} + +# BSD auth +BA_FLAG="" +BA_ITEM="" +if [ X"$BAMAN" != X"1" ]; then + BA_FLAG='/^.*\n\.Op Fl a Ar auth_type/{;N;/^.*\n\.Ek$/d;};' + BA_ITEM=';/^\.It Fl a Ar type/,/BSD authentication\.$/{;d;}' +fi + +# BSD login class +LC_FLAG="" +LC_ITEM="" +if [ X"$LCMAN" != X"1" ]; then + LC_FLAG='/^.*\n\.Op Fl c Ar class/{;N;/^.*\n\.Ek$/d;};' + LC_ITEM=';/^\.It Fl c Ar class/,/BSD login classes\.$/{;d;};/^\.Xr login_cap 3 ,$/d' +fi + +# SELinux +SE_FLAG="" +SE_ITEM="" +if [ X"$SEMAN" != X"1" ]; then + SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};' + SE_ITEM=';/^\.It Fl r Ar role/,/newline character\.$/{;d;};/^\.It Fl t Ar type/,/specified role\.$/{;d;}' +fi + +# Unsupported flags must be removed together +RM_FLAGS="" +if [ -n "$BA_FLAG$LC_FLAG$SE_FLAG" ]; then + RM_FLAGS=";/^\.Bk -words\$/{;N;$BA_FLAG$LC_FLAG$SE_FLAG}" +fi + +# Now put it all together and replace "0 minutes" with "unlimited" +$SED -e '/^\.Li 0$/{;N;s/^\.Li 0\nminutes\.$/unlimited./;}'"$RM_FLAGS$BA_ITEM$LC_ITEM$SE_ITEM" diff --git a/doc/sudoers.man.sh b/doc/sudoers.man.sh new file mode 100644 index 000000000..7f6ab20ed --- /dev/null +++ b/doc/sudoers.man.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +: ${SED='sed'} + +# Subsections to remove (SELinux and Solaris are adjacent) +RM_SS= +if [ X"$PSMAN" != X"1" ]; then + if [ X"$SEMAN" != X"1" ]; then + RM_SS='/^\.SS "SELinux_Spec"/,/^\.SS "[^S]/{;/^\.SS "[^S][^o][^l]/!d;};' + else + RM_SS='/^\.SS "Solaris_Priv_Spec"/,/^\.SS/{;/^\.SS "[^S][^o][^l]/!d;};' + fi +elif [ X"$SEMAN" != X"1" ]; then + RM_SS='/^\.SS "SELinux_Spec"/,/^\.SS/{;/^\.SS "[^S][^E][^L]/!d;};' +fi + +# BSD login class +LC_SED= +if [ X"$LCMAN" != X"1" ]; then + LC_SED='/^On BSD systems/,/\.$/{;d;};/^use_loginclass$/,/^\.TP 18n$/{;/^\.PD$/!d;};' +fi + +# Solaris PrivSpec +PS_SED= +if [ X"$PSMAN" != X"1" ]; then + PS_SED='s/Solaris_Priv_Spec? //;/^Solaris_Priv_Spec ::=/{;N;d;};/^l*i*m*i*t*privs$/,/^\.TP 18n$/{;/^\.PD$/!d;};' +fi + +# SELinux +SE_SED= +if [ X"$SEMAN" != X"1" ]; then + SE_SED='s/SELinux_Spec? //;/^SELinux_Spec ::=/{;N;d;};/^[rt][oy][lp]e$/,/^\.TP 18n$/{;/^\.PD$/!d;};' +fi + +$SED -e "$SE_SED$PS_SED$LC_SED$RM_SS" diff --git a/doc/sudoers.mdoc.sh b/doc/sudoers.mdoc.sh new file mode 100644 index 000000000..8bcda328f --- /dev/null +++ b/doc/sudoers.mdoc.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +: ${SED='sed'} + +# Subsections to remove (SELinux and Solaris are adjacent) +RM_SS= +if [ X"$PSMAN" != X"1" ]; then + if [ X"$SEMAN" != X"1" ]; then + RM_SS='/^\.Ss SELinux_Spec/,/^\.Ss [^S]/{;/^\.Ss [^S][^o][^l]/!d;};' + else + RM_SS='/^\.Ss Solaris_Priv_Spec/,/^\.Ss/{;/^\.Ss [^S][^o][^l]/!d;};' + fi +elif [ X"$SEMAN" != X"1" ]; then + RM_SS='/^\.Ss SELinux_Spec/,/^\.Ss/{;/^\.Ss [^S][^E][^L]/!d;};' +fi + +# BSD login class +LC_SED= +if [ X"$LCMAN" != X"1" ]; then + LC_SED='/^On BSD systems/,/\.$/{;d;};/^\.It use_loginclass$/,/^\.It/{;/^\.It [^u][^s][^e][^_][^l]/!d;};' +fi + +# Solaris PrivSpec +PS_SED= +if [ X"$PSMAN" != X"1" ]; then + PS_SED='s/Solaris_Priv_Spec? //;/^Solaris_Priv_Spec ::=/{;N;d;};/^\.It limitprivs$/,/^\.It/{;/^\.It [^l][^i][^m][^i][^t]/!d;};/^\.It privs$/,/^\.It/{;/^\.It [^p][^r][^i][^v][^s]$/!d;};' +fi + +# SELinux +SE_SED= +if [ X"$SEMAN" != X"1" ]; then + SE_SED='s/SELinux_Spec? //;/^SELinux_Spec ::=/{;N;d;};/^\.It [rt][oy][lp]e$/,/^\.It/{;/^\.It [^rt][^oy][^lp][^e]$/!d;};' +fi + +$SED -e "$SE_SED$PS_SED$LC_SED$RM_SS"