From: Todd C. Miller Date: Sun, 28 Jan 2018 14:09:22 +0000 (-0700) Subject: Add notbefore and notafter support to the backends. X-Git-Tag: SUDO_1_8_23^2~175 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7dd620981bb334eadd8ec0d12a4ee629574d3f84;p=sudo Add notbefore and notafter support to the backends. --- diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c index 92ead6329..e1556f320 100644 --- a/plugins/sudoers/cvtsudoers_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -27,6 +27,7 @@ #endif /* HAVE_STRINGS_H */ #include #include +#include #include #include "sudoers.h" @@ -733,7 +734,9 @@ print_cmndspec_json(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp, struct cmndspec *next = *nextp; struct json_value value; struct member *m; + struct tm *tp; bool last_one; + char timebuf[sizeof("20120727121554Z")]; debug_decl(print_cmndspec_json, SUDOERS_DEBUG_UTIL) /* Open Cmnd_Spec object. */ @@ -765,7 +768,8 @@ print_cmndspec_json(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp, } /* Print tags */ - if (cs->timeout > 0 || TAGS_SET(cs->tags)) { + if (cs->timeout > 0 || cs->notbefore != UNSPEC || cs->notafter != UNSPEC || + TAGS_SET(cs->tags)) { struct cmndtag tag = cs->tags; fprintf(fp, "%*s\"Options\": [\n", indent, ""); @@ -776,6 +780,35 @@ print_cmndspec_json(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp, print_pair_json(fp, "{ ", "command_timeout", &value, TAGS_SET(tag) ? " },\n" : " }\n", indent); } + if (cs->notbefore != UNSPEC) { + if ((tp = gmtime(&cs->notbefore)) == NULL) { + sudo_warn(U_("unable to get GMT time")); + } else { + if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + sudo_warnx(U_("unable to format timestamp")); + } else { + value.type = JSON_STRING; + value.u.string = timebuf; + print_pair_json(fp, "{ ", "notbefore", &value, + (TAGS_SET(tag) || cs->notafter != UNSPEC) ? + " },\n" : " }\n", indent); + } + } + } + if (cs->notafter != UNSPEC) { + if ((tp = gmtime(&cs->notafter)) == NULL) { + sudo_warn(U_("unable to get GMT time")); + } else { + if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + sudo_warnx(U_("unable to format timestamp")); + } else { + value.type = JSON_STRING; + value.u.string = timebuf; + print_pair_json(fp, "{ ", "notafter", &value, + TAGS_SET(tag) ? " },\n" : " }\n", indent); + } + } + } if (tag.nopasswd != UNSPEC) { value.type = JSON_BOOL; value.u.boolean = !tag.nopasswd; diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index 7282978cc..ef576e586 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -165,7 +165,9 @@ print_cmndspec_ldif(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp) { struct cmndspec *next = *nextp; struct member *m; + struct tm *tp; bool last_one; + char timebuf[sizeof("20120727121554Z")]; debug_decl(print_cmndspec_ldif, SUDOERS_DEBUG_UTIL) /* Print runasuserlist as sudoRunAsUser attributes */ @@ -184,6 +186,30 @@ print_cmndspec_ldif(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp) } } + /* Print sudoNotBefore and sudoNotAfter attributes */ + if (cs->notbefore != UNSPEC) { + if ((tp = gmtime(&cs->notbefore)) == NULL) { + sudo_warn(U_("unable to get GMT time")); + } else { + if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + sudo_warnx(U_("unable to format timestamp")); + } else { + fprintf(fp, "sudoNotBefore: %s\n", timebuf); + } + } + } + if (cs->notafter != UNSPEC) { + if ((tp = gmtime(&cs->notafter)) == NULL) { + sudo_warn(U_("unable to get GMT time")); + } else { + if (strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%SZ", tp) == 0) { + sudo_warnx(U_("unable to format timestamp")); + } else { + fprintf(fp, "sudoNotAfter: %s\n", timebuf); + } + } + } + /* Print tags as sudoOption attributes */ if (cs->timeout > 0 || TAGS_SET(cs->tags)) { struct cmndtag tag = cs->tags; @@ -378,7 +404,7 @@ convert_sudoers_ldif(const char *output_file, const char *base) sudo_fatalx(U_("The SUDOERS_BASE environment variable is not set")); } - if (strcmp(output_file, "-") != 0) { + if (strcmp(output_file, "-") != 0) { if ((output_fp = fopen(output_file, "w")) == NULL) sudo_fatal(U_("unable to open %s"), output_file); } diff --git a/plugins/sudoers/regress/sudoers/test19.json.ok b/plugins/sudoers/regress/sudoers/test19.json.ok index e9cc9dd2f..1da8df4b0 100644 --- a/plugins/sudoers/regress/sudoers/test19.json.ok +++ b/plugins/sudoers/regress/sudoers/test19.json.ok @@ -9,6 +9,10 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" }, + { "notafter": "20170301083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" }, { "command": "/bin/ls" } @@ -25,6 +29,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" }, { "command": "/bin/ls" } @@ -41,6 +48,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083018Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -56,6 +66,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214080000Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -71,6 +84,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214082400Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -86,6 +102,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -101,6 +120,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -116,6 +138,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -131,6 +156,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ] @@ -146,6 +174,9 @@ ], "Cmnd_Specs": [ { + "Options": [ + { "notbefore": "20170214083000Z" } + ], "Commands": [ { "command": "/usr/bin/id" } ]