From: Todd C. Miller Date: Mon, 29 Jan 2018 02:58:10 +0000 (-0700) Subject: Add -b option to specify the base dn. X-Git-Tag: SUDO_1_8_23^2~169 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=831de0fc8b808d79950db34d5d55f9488a36b277;p=sudo Add -b option to specify the base dn. --- diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat index 0571ab36f..43aef34d5 100644 --- a/doc/cvtsudoers.cat +++ b/doc/cvtsudoers.cat @@ -4,7 +4,7 @@ NNAAMMEE ccvvttssuuddooeerrss - convert between sudoers file formats SSYYNNOOPPSSIISS - ccvvttssuuddooeerrss [--hhVV] [--ff _f_o_r_m_a_t] [--oo _o_u_t_p_u_t___f_i_l_e] [_s_u_d_o_e_r_s___f_i_l_e] + ccvvttssuuddooeerrss [--hhVV] [--bb _d_n] [--ff _f_o_r_m_a_t] [--oo _o_u_t_p_u_t___f_i_l_e] [_s_u_d_o_e_r_s___f_i_l_e] DDEESSCCRRIIPPTTIIOONN ccvvttssuuddooeerrss can be used to convert a policy file in _s_u_d_o_e_r_s format to @@ -17,7 +17,15 @@ DDEESSCCRRIIPPTTIIOONN The options are as follows: - --ff, ----ffoorrmmaatt + --bb _d_n, ----bbaassee=_d_n + The base DN (distinguished name) that will be used when + performing LDAP queries. Typically this is of the form + ou=SUDOers,dc=example,dc=com for the domain example.com. If + this option is not specified, the value of the SUDOERS_BASE + environment variable will be used instead. Only necessary + when converting to LDIF format. + + --ff _o_u_t_p_u_t___f_o_r_m_a_t, ----ffoorrmmaatt=_o_u_t_p_u_t___f_o_r_m_a_t Specify the output format. The following formats are supported: diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in index dd47964db..512a391c7 100644 --- a/doc/cvtsudoers.man.in +++ b/doc/cvtsudoers.man.in @@ -26,6 +26,7 @@ .HP 11n \fBcvtsudoers\fR [\fB\-hV\fR] +[\fB\-b\fR\ \fIdn\fR] [\fB\-f\fR\ \fIformat\fR] [\fB\-o\fR\ \fIoutput_file\fR] [\fIsudoers_file\fR] @@ -48,7 +49,19 @@ By default, the result is written to the standard output. .PP The options are as follows: .TP 12n -\fB\-f\fR, \fB\--format\fR +\fB\-b\fR \fIdn\fR, \fB\--base\fR=\fIdn\fR +The base DN (distinguished name) that will be used when performing +LDAP queries. +Typically this is of the form +\fRou=SUDOers,dc=example,dc=com\fR +for the domain +\fRexample.com\fR. +If this option is not specified, the value of the +\fRSUDOERS_BASE\fR +environment variable will be used instead. +Only necessary when converting to LDIF format. +.TP 12n +\fB\-f\fR \fIoutput_format\fR, \fB\--format\fR=\fIoutput_format\fR Specify the output format. The following formats are supported: .PP diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in index 4d657f79e..0680a3a86 100644 --- a/doc/cvtsudoers.mdoc.in +++ b/doc/cvtsudoers.mdoc.in @@ -23,6 +23,7 @@ .Sh SYNOPSIS .Nm cvtsudoers .Op Fl hV +.Op Fl b Ar dn .Op Fl f Ar format .Op Fl o Ar output_file .Op Ar sudoers_file @@ -45,7 +46,18 @@ By default, the result is written to the standard output. .Pp The options are as follows: .Bl -tag -width Fl -.It Fl f , -format +.It Fl b Ar dn , Fl -base Ns = Ns Ar dn +The base DN (distinguished name) that will be used when performing +LDAP queries. +Typically this is of the form +.Li ou=SUDOers,dc=example,dc=com +for the domain +.Li example.com . +If this option is not specified, the value of the +.Ev SUDOERS_BASE +environment variable will be used instead. +Only necessary when converting to LDIF format. +.It Fl f Ar output_format , Fl -format Ns = Ns Ar output_format Specify the output format. The following formats are supported: .Bl -tag -width 8n @@ -73,7 +85,7 @@ Command, host, runas and user aliases are not supported by the sudoers LDAP schema so they are expanded during the conversion. .El .El -.It Fl h , -help +.It Fl h , Fl -help Display a short help message to the standard output and exit. .It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file Write the converted output to diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 882913d61..3485524b5 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -57,8 +57,9 @@ extern void get_hostname(void); */ struct sudo_user sudo_user; struct passwd *list_pw; -static const char short_opts[] = "f:ho:V"; +static const char short_opts[] = "b:f:ho:V"; static struct option long_opts[] = { + { "base", required_argument, NULL, 'b' }, { "format", required_argument, NULL, 'f' }, { "help", no_argument, NULL, 'h' }, #ifdef notyet @@ -86,6 +87,7 @@ main(int argc, char *argv[]) enum output_formats output_format = output_ldif; const char *input_file = "-"; const char *output_file = "-"; + const char *sudoers_base = NULL; debug_decl(main, SUDOERS_DEBUG_MAIN) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) @@ -120,31 +122,34 @@ main(int argc, char *argv[]) */ while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { - case 'f': - if (strcasecmp(optarg, "json") == 0) { - output_format = output_json; - } else if (strcasecmp(optarg, "ldif") == 0) { - output_format = output_ldif; - } else { - sudo_warnx("unsupported output format %s", optarg); - usage(1); - } - break; - case 'h': - help(); - break; - case 'o': - output_file = optarg; - break; - case 'V': - (void) printf(_("%s version %s\n"), getprogname(), - PACKAGE_VERSION); - (void) printf(_("%s grammar version %d\n"), getprogname(), - SUDOERS_GRAMMAR_VERSION); - exitcode = EXIT_SUCCESS; - goto done; - default: + case 'b': + sudoers_base = optarg; + break; + case 'f': + if (strcasecmp(optarg, "json") == 0) { + output_format = output_json; + } else if (strcasecmp(optarg, "ldif") == 0) { + output_format = output_ldif; + } else { + sudo_warnx("unsupported output format %s", optarg); usage(1); + } + break; + case 'h': + help(); + break; + case 'o': + output_file = optarg; + break; + case 'V': + (void) printf(_("%s version %s\n"), getprogname(), + PACKAGE_VERSION); + (void) printf(_("%s grammar version %d\n"), getprogname(), + SUDOERS_GRAMMAR_VERSION); + exitcode = EXIT_SUCCESS; + goto done; + default: + usage(1); } } argc -= optind; @@ -211,7 +216,7 @@ main(int argc, char *argv[]) exitcode = !convert_sudoers_json(output_file); break; case output_ldif: - exitcode = !convert_sudoers_ldif(output_file, NULL); + exitcode = !convert_sudoers_ldif(output_file, sudoers_base); break; default: sudo_fatalx("error: unhandled output format %d", output_format); @@ -232,7 +237,7 @@ static void usage(int fatal) { (void) fprintf(fatal ? stderr : stdout, - "usage: %s [-hV] [-f format] [-o output_file] [sudoers_file]\n", + "usage: %s [-hV] [-b dn] [-f format] [-o output_file] [sudoers_file]\n", getprogname()); if (fatal) exit(1); @@ -244,6 +249,7 @@ help(void) (void) printf(_("%s - convert between sudoers file formats\n\n"), getprogname()); usage(0); (void) puts(_("\nOptions:\n" + " -b, --base=dn the base DN for sudo LDAP queries\n" " -f, --format=JSON|LDIF specify output format (JSON or LDIF)\n" " -h, --help display help message and exit\n" " -o, --output=output_file write converted sudoers to output_file\n" diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index ef576e586..0d8c77dc0 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -401,7 +401,7 @@ convert_sudoers_ldif(const char *output_file, const char *base) if (base == NULL) { base = getenv("SUDOERS_BASE"); if (base == NULL) - sudo_fatalx(U_("The SUDOERS_BASE environment variable is not set")); + sudo_fatalx(U_("the SUDOERS_BASE environment variable is not set and the -b option was not specified.")); } if (strcmp(output_file, "-") != 0) {