From 80cb1b5da95253f75945038f623f50b287d58c46 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 26 Jan 2018 11:20:37 -0700 Subject: [PATCH] Move sudoers JSON conversion to cvtsudoers which will eventually output to other formats too. --- MANIFEST | 6 +- doc/Makefile.in | 29 +- doc/cvtsudoers.cat | 66 +++++ doc/cvtsudoers.man.in | 114 ++++++++ doc/cvtsudoers.mdoc.in | 109 +++++++ doc/visudo.cat | 19 +- doc/visudo.man.in | 43 +-- doc/visudo.mdoc.in | 41 +-- plugins/sudoers/Makefile.in | 71 +++-- plugins/sudoers/cvtsudoers.c | 274 ++++++++++++++++++ .../{visudo_json.c => cvtsudoers_json.c} | 45 +-- plugins/sudoers/visudo.c | 19 +- 12 files changed, 665 insertions(+), 171 deletions(-) create mode 100644 doc/cvtsudoers.cat create mode 100644 doc/cvtsudoers.man.in create mode 100644 doc/cvtsudoers.mdoc.in create mode 100644 plugins/sudoers/cvtsudoers.c rename plugins/sudoers/{visudo_json.c => cvtsudoers_json.c} (96%) diff --git a/MANIFEST b/MANIFEST index 84929e7b6..0ae165140 100644 --- a/MANIFEST +++ b/MANIFEST @@ -20,6 +20,9 @@ doc/LICENSE doc/Makefile.in doc/TROUBLESHOOTING doc/UPGRADE +doc/cvtsudoers.cat +doc/cvtsudoers.man.in +doc/cvtsudoers.mdoc.in doc/fixman.sh doc/fixmdoc.sh doc/schema.ActiveDirectory @@ -261,6 +264,8 @@ plugins/sudoers/bsm_audit.c plugins/sudoers/bsm_audit.h plugins/sudoers/check.c plugins/sudoers/check.h +plugins/sudoers/cvtsudoers.c +plugins/sudoers/cvtsudoers_json.c plugins/sudoers/def_data.c plugins/sudoers/def_data.h plugins/sudoers/def_data.in @@ -546,7 +551,6 @@ plugins/sudoers/tsdump.c plugins/sudoers/tsgetgrpw.c plugins/sudoers/tsgetgrpw.h plugins/sudoers/visudo.c -plugins/sudoers/visudo_json.c plugins/system_group/Makefile.in plugins/system_group/system_group.c plugins/system_group/system_group.exp diff --git a/doc/Makefile.in b/doc/Makefile.in index ad58179fb..04ca80b1b 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,5 +1,5 @@ # -# Copyright (c) 2010-2015, 2017 Todd C. Miller +# Copyright (c) 2010-2015, 2017-2018 Todd C. Miller # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -71,7 +71,8 @@ DOCS = $(mansrcdir)/sudo.$(mantype) $(mansrcdir)/visudo.$(mantype) \ $(mansrcdir)/sudo.conf.$(mantype) $(mansrcdir)/sudoers.$(mantype) \ $(mansrcdir)/sudoers.ldap.$(mantype) $(mansrcdir)/sudoers.$(mantype) \ $(mansrcdir)/sudoers_timestamp.$(mantype) \ - $(mansrcdir)/sudoreplay.$(mantype) $(mansrcdir)/sudo_plugin.$(mantype) + $(mansrcdir)/cvtsudoers.$(mantype) $(mansrcdir)/sudoreplay.$(mantype) \ + $(mansrcdir)/sudo_plugin.$(mantype) DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \ $(srcdir)/visudo.man.in $(srcdir)/visudo.cat \ @@ -80,6 +81,7 @@ DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \ $(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.ldap.cat \ $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \ $(srcdir)/sudoers_timestamp.man.in $(srcdir)/sudoers_timestamp.cat \ + $(srcdir)/cvtsudoers.man.in $(srcdir)/cvtsudoers.cat \ $(srcdir)/sudoreplay.man.in $(srcdir)/sudoreplay.cat \ $(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin.cat @@ -266,6 +268,29 @@ $(srcdir)/sudoers_timestamp.cat: varsub $(srcdir)/sudoers_timestamp.mdoc.in $(SED) -f varsub $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tascii -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ fi +$(srcdir)/cvtsudoers.man.in: $(srcdir)/cvtsudoers.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \ + mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \ + printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \ + printf '.\\" IT IS GENERATED AUTOMATICALLY FROM cvtsudoers.mdoc.in\n' >> $@; \ + $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/cvtsudoers.mdoc.in >> $@; \ + $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \ + fi + +$(mansrcdir)/cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + +$(mansrcdir)/cvtsudoers.mdoc: $(top_builddir)/config.status $(srcdir)/cvtsudoers.mdoc.in + cd $(top_builddir) && $(SHELL) config.status --file=doc/$@ + +$(srcdir)/cvtsudoers.cat: varsub $(srcdir)/cvtsudoers.mdoc.in + @if [ -n "$(DEVEL)" ]; then \ + echo "Generating $@"; \ + $(SED) -f varsub $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tascii -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \ + fi + $(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in @if [ -n "$(DEVEL)" ]; then \ echo "Generating $@"; \ diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat new file mode 100644 index 000000000..e0bb1d33d --- /dev/null +++ b/doc/cvtsudoers.cat @@ -0,0 +1,66 @@ +CVTSUDOERS(1m) System Manager's Manual CVTSUDOERS(1m) + +NNAAMMEE + ccvvttssuuddooeerrss - convert between sudoers file formats + +SSYYNNOOPPSSIISS + ccvvttssuuddooeerrss [--hhVV] [--ff _f_o_r_m_a_t] [--oo _o_u_t_p_u_t___f_i_l_e] [_s_u_d_o_e_r_s___f_i_l_e] + +DDEESSCCRRIIPPTTIIOONN + ccvvttssuuddooeerrss can be used to convert a policy file in _s_u_d_o_e_r_s format to + other formats. The default output format is JSON. + + If no _s_u_d_o_e_r_s___f_i_l_e is specified, or if it is `-', the policy is read from + the standard input. By default, the result is written to the standard + output. + + The options are as follows: + + --ff, ----ffoorrmmaatt + Specify the output format. Currently, JSON is the only + supported output format. The JSON format is intended to be + easier for third-party applications to parse than the + traditional _s_u_d_o_e_r_s format. The various values have explicit + types which removes much of the ambiguity of the _s_u_d_o_e_r_s + format. + + --hh, ----hheellpp Display a short help message to the standard output and exit. + + --oo _o_u_t_p_u_t___f_i_l_e, ----oouuttppuutt=_o_u_t_p_u_t___f_i_l_e + Write the converted output to _o_u_t_p_u_t___f_i_l_e. If no _o_u_t_p_u_t___f_i_l_e + is specified, or if it is `-', the converted _s_u_d_o_e_r_s policy + will be written to the standard output. + + --VV, ----vveerrssiioonn + Print the ccvvttssuuddooeerrss and _s_u_d_o_e_r_s grammar versions and exit. + +SSEEEE AALLSSOO + sudoers(4), sudo(1m) + +AAUUTTHHOORRSS + Many people have worked on ssuuddoo over the years; this version consists of + code written primarily by: + + Todd C. Miller + + See the CONTRIBUTORS file in the ssuuddoo distribution + (https://www.sudo.ws/contributors.html) for an exhaustive list of people + who have contributed to ssuuddoo. + +BBUUGGSS + If you feel you have found a bug in ccvvttssuuddooeerrss, please submit a bug + report at https://bugzilla.sudo.ws/ + +SSUUPPPPOORRTT + Limited free support is available via the sudo-users mailing list, see + https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search + the archives. + +DDIISSCCLLAAIIMMEERR + ccvvttssuuddooeerrss is provided "AS IS" and any express or implied warranties, + including, but not limited to, the implied warranties of merchantability + and fitness for a particular purpose are disclaimed. See the LICENSE + file distributed with ssuuddoo or https://www.sudo.ws/license.html for + complete details. + +Sudo 1.8.22 January 25, 2018 Sudo 1.8.22 diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in new file mode 100644 index 000000000..9564e684c --- /dev/null +++ b/doc/cvtsudoers.man.in @@ -0,0 +1,114 @@ +.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! +.\" IT IS GENERATED AUTOMATICALLY FROM cvtsudoers.mdoc.in +.\" +.\" Copyright (c) 2018 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.TH "CVTSUDOERS" "8" "January 25, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.nh +.if n .ad l +.SH "NAME" +\fBcvtsudoers\fR +\- convert between sudoers file formats +.SH "SYNOPSIS" +.HP 11n +\fBcvtsudoers\fR +[\fB\-hV\fR] +[\fB\-f\fR\ \fIformat\fR] +[\fB\-o\fR\ \fIoutput_file\fR] +[\fIsudoers_file\fR] +.SH "DESCRIPTION" +\fBcvtsudoers\fR +can be used to convert a policy file in +\fIsudoers\fR +format to other formats. +The default output format is JSON. +.PP +If no +\fIsudoers_file\fR +is specified, or if it is +\(oq-\(cq, +the policy is read from the standard input. +By default, the result is written to the standard output. +.PP +The options are as follows: +.TP 12n +\fB\-f\fR, \fB\--format\fR +Specify the output format. +Currently, JSON is the only supported output format. +The JSON format is intended to be easier for third-party +applications to parse than the traditional +\fIsudoers\fR +format. +The various values have explicit types which removes much of the +ambiguity of the +\fIsudoers\fR +format. +.TP 12n +\fB\-h\fR, \fB\--help\fR +Display a short help message to the standard output and exit. +.TP 12n +\fB\-o\fR \fIoutput_file\fR, \fB\--output\fR=\fIoutput_file\fR +Write the converted output to +\fIoutput_file\fR. +If no +\fIoutput_file\fR +is specified, or if it is +\(oq-\(cq, +the converted +\fIsudoers\fR +policy will be written to the standard output. +.TP 12n +\fB\-V\fR, \fB\--version\fR +Print the +\fBcvtsudoers\fR +and +\fIsudoers\fR +grammar versions and exit. +.SH "SEE ALSO" +sudoers(@mansectform@), +sudo(@mansectsu@) +.SH "AUTHORS" +Many people have worked on +\fBsudo\fR +over the years; this version consists of code written primarily by: +.sp +.RS 6n +Todd C. Miller +.RE +.PP +See the CONTRIBUTORS file in the +\fBsudo\fR +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +\fBsudo\fR. +.SH "BUGS" +If you feel you have found a bug in +\fBcvtsudoers\fR, +please submit a bug report at https://bugzilla.sudo.ws/ +.SH "SUPPORT" +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.SH "DISCLAIMER" +\fBcvtsudoers\fR +is provided +\(LqAS IS\(Rq +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +\fBsudo\fR +or https://www.sudo.ws/license.html for complete details. diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in new file mode 100644 index 000000000..cd6116f80 --- /dev/null +++ b/doc/cvtsudoers.mdoc.in @@ -0,0 +1,109 @@ +.\" +.\" Copyright (c) 2018 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd January 25, 2018 +.Dt CVTSUDOERS @mansectsu@ +.Os Sudo @PACKAGE_VERSION@ +.Sh NAME +.Nm cvtsudoers +.Nd convert between sudoers file formats +.Sh SYNOPSIS +.Nm cvtsudoers +.Op Fl hV +.Op Fl f Ar format +.Op Fl o Ar output_file +.Op Ar sudoers_file +.Sh DESCRIPTION +.Nm +can be used to convert a policy file in +.Em sudoers +format to other formats. +The default output format is JSON. +.Pp +If no +.Ar sudoers_file +is specified, or if it is +.Ql - , +the policy is read from the standard input. +By default, the result is written to the standard output. +.Pp +The options are as follows: +.Bl -tag -width Fl +.It Fl f , -format +Specify the output format. +Currently, JSON is the only supported output format. +The JSON format is intended to be easier for third-party +applications to parse than the traditional +.Em sudoers +format. +The various values have explicit types which removes much of the +ambiguity of the +.Em sudoers +format. +.It Fl h , -help +Display a short help message to the standard output and exit. +.It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file +Write the converted output to +.Ar output_file . +If no +.Ar output_file +is specified, or if it is +.Ql - , +the converted +.Em sudoers +policy will be written to the standard output. +.It Fl V , -version +Print the +.Nm +and +.Em sudoers +grammar versions and exit. +.El +.El +.Sh SEE ALSO +.Xr sudoers @mansectform@ , +.Xr sudo @mansectsu@ +.Sh AUTHORS +Many people have worked on +.Nm sudo +over the years; this version consists of code written primarily by: +.Bd -ragged -offset indent +.An Todd C. Miller +.Ed +.Pp +See the CONTRIBUTORS file in the +.Nm sudo +distribution (https://www.sudo.ws/contributors.html) for an +exhaustive list of people who have contributed to +.Nm sudo . +.Sh BUGS +If you feel you have found a bug in +.Nm , +please submit a bug report at https://bugzilla.sudo.ws/ +.Sh SUPPORT +Limited free support is available via the sudo-users mailing list, +see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or +search the archives. +.Sh DISCLAIMER +.Nm +is provided +.Dq AS IS +and any express or implied warranties, including, but not limited +to, the implied warranties of merchantability and fitness for a +particular purpose are disclaimed. +See the LICENSE file distributed with +.Nm sudo +or https://www.sudo.ws/license.html for complete details. diff --git a/doc/visudo.cat b/doc/visudo.cat index 38f57912c..191ed8491 100644 --- a/doc/visudo.cat +++ b/doc/visudo.cat @@ -4,7 +4,7 @@ NNAAMMEE vviissuuddoo - edit the sudoers file SSYYNNOOPPSSIISS - vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] [--xx _o_u_t_p_u_t___f_i_l_e] + vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] DDEESSCCRRIIPPTTIIOONN vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m). @@ -95,17 +95,6 @@ DDEESSCCRRIIPPTTIIOONN --VV, ----vveerrssiioonn Print the vviissuuddoo and _s_u_d_o_e_r_s grammar versions and exit. - --xx _o_u_t_p_u_t___f_i_l_e, ----eexxppoorrtt=_o_u_t_p_u_t___f_i_l_e - Export a _s_u_d_o_e_r_s in JSON format and write it to _o_u_t_p_u_t___f_i_l_e. - If _o_u_t_p_u_t___f_i_l_e is `-', the exported _s_u_d_o_e_r_s policy will be - written to the standard output. By default, _/_e_t_c_/_s_u_d_o_e_r_s - (and any files it includes) will be exported. The --ff option - can be used to specify a different _s_u_d_o_e_r_s file to export. - The exported format is intended to be easier for third-party - applications to parse than the traditional _s_u_d_o_e_r_s format. - The various values have explicit types which removes much of - the ambiguity of the _s_u_d_o_e_r_s format. - DDeebbuuggggiinngg aanndd ssuuddooeerrss pplluuggiinn aarrgguummeennttss vviissuuddoo versions 1.8.4 and higher support a flexible debugging framework that is configured via Debug lines in the sudo.conf(4) file. @@ -200,10 +189,6 @@ DDIIAAGGNNOOSSTTIICCSS The _s_u_d_o_e_r_s file contains a Defaults setting not recognized by vviissuuddoo. - /etc/sudoers: input and output files must be different - The --xx flag was used and the specified _o_u_t_p_u_t___f_i_l_e has the same - path name as the _s_u_d_o_e_r_s file to export. - SSEEEE AALLSSOO vi(1), sudo.conf(4), sudoers(4), sudo(1m), vipw(1m) @@ -237,4 +222,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.22 December 21, 2017 Sudo 1.8.22 +Sudo 1.8.22 January 26, 2018 Sudo 1.8.22 diff --git a/doc/visudo.man.in b/doc/visudo.man.in index 79d15f630..caefde511 100644 --- a/doc/visudo.man.in +++ b/doc/visudo.man.in @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in .\" -.\" Copyright (c) 1996,1998-2005, 2007-2017 +.\" Copyright (c) 1996,1998-2005, 2007-2018 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "VISUDO" "8" "December 21, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "VISUDO" "8" "January 26, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -32,7 +32,6 @@ \fBvisudo\fR [\fB\-chqsV\fR] [\fB\-f\fR\ \fIsudoers\fR] -[\fB\-x\fR\ \fIoutput_file\fR] .SH "DESCRIPTION" \fBvisudo\fR edits the @@ -256,35 +255,6 @@ Print the and \fIsudoers\fR grammar versions and exit. -.TP 12n -\fB\-x\fR \fIoutput_file\fR, \fB\--export\fR=\fIoutput_file\fR -Export a -\fIsudoers\fR -in JSON format and write it to -\fIoutput_file\fR. -If -\fIoutput_file\fR -is -\(oq-\(cq, -the exported -\fIsudoers\fR -policy will be written to the standard output. -By default, -\fI@sysconfdir@/sudoers\fR -(and any files it includes) will be exported. -The -\fB\-f\fR -option can be used to specify a different -\fIsudoers\fR -file to export. -The exported format is intended to be easier for third-party -applications to parse than the traditional -\fIsudoers\fR -format. -The various values have explicit types which removes much of the -ambiguity of the -\fIsudoers\fR -format. .SS "Debugging and sudoers plugin arguments" \fBvisudo\fR versions 1.8.4 and higher support a flexible debugging framework @@ -453,15 +423,6 @@ file contains a \fRDefaults\fR setting not recognized by \fBvisudo\fR. -.TP 6n -\fR@sysconfdir@/sudoers: input and output files must be different\fR -The -\fB\-x\fR -flag was used and the specified -\fIoutput_file\fR -has the same path name as the -\fIsudoers\fR -file to export. .SH "SEE ALSO" vi(1), sudo.conf(@mansectform@), diff --git a/doc/visudo.mdoc.in b/doc/visudo.mdoc.in index e3dbbacd4..ffa70f93f 100644 --- a/doc/visudo.mdoc.in +++ b/doc/visudo.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1996,1998-2005, 2007-2017 +.\" Copyright (c) 1996,1998-2005, 2007-2018 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd December 21, 2017 +.Dd January 26, 2018 .Dt VISUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -29,7 +29,6 @@ .Nm visudo .Op Fl chqsV .Op Fl f Ar sudoers -.Op Fl x Ar output_file .Sh DESCRIPTION .Nm edits the @@ -248,34 +247,6 @@ Print the and .Em sudoers grammar versions and exit. -.It Fl x Ar output_file , Fl -export Ns = Ns Ar output_file -Export a -.Em sudoers -in JSON format and write it to -.Ar output_file . -If -.Ar output_file -is -.Ql - , -the exported -.Em sudoers -policy will be written to the standard output. -By default, -.Pa @sysconfdir@/sudoers -(and any files it includes) will be exported. -The -.Fl f -option can be used to specify a different -.Em sudoers -file to export. -The exported format is intended to be easier for third-party -applications to parse than the traditional -.Em sudoers -format. -The various values have explicit types which removes much of the -ambiguity of the -.Em sudoers -format. .El .Ss Debugging and sudoers plugin arguments .Nm @@ -433,14 +404,6 @@ file contains a .Li Defaults setting not recognized by .Nm . -.It Li @sysconfdir@/sudoers: input and output files must be different -The -.Fl x -flag was used and the specified -.Ar output_file -has the same path name as the -.Em sudoers -file to export. .El .Sh SEE ALSO .Xr vi 1 , diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 69ce1b5a3..922b3abb2 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -57,6 +57,7 @@ NET_LIBS = @NET_LIBS@ SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@ VISUDO_LIBS = $(NET_LIBS) @LIBMD@ +CVTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@ # C preprocessor defines @@ -121,12 +122,6 @@ plugindir = @PLUGINDIR@ # Directory in which to install the sudoers file sudoersdir = $(sysconfdir) -# Directory in which to install sudoreplay. -replaydir = $(bindir) - -# Directory in which to install visudo -visudodir = $(sbindir) - # User and group ids the installed files should be "owned" by install_uid = 0 install_gid = 0 @@ -143,7 +138,7 @@ DEVEL = @DEVEL@ SHELL = @SHELL@ -PROGS = sudoers.la visudo sudoreplay testsudoers +PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \ check_fill check_gentime check_hexchar check_iolog_path \ @@ -164,8 +159,9 @@ SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \ set_perms.lo starttime.lo sudo_nss.lo sudoers.lo \ timestamp.lo @SUDOERS_OBJS@ -VISUDO_OBJS = editor.o find_path.o goodpath.o locale.o sudo_printf.o visudo.o \ - visudo_json.o +VISUDO_OBJS = editor.o find_path.o goodpath.o locale.o sudo_printf.o visudo.o + +CVTSUDOERS_OBJS = cvtsudoers.o cvtsudoers_json.o locale.o sudo_printf.o REPLAY_OBJS = getdate.o sudoreplay.o @@ -241,6 +237,9 @@ sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@ visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(VISUDO_LIBS) +cvtsudoers: libparsesudoers.la $(CVTSUDOERS_OBJS) $(LT_LIBS) + $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CVTSUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(CVTSUDOERS_LIBS) + sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(LIBS) $(REPLAY_LIBS) @@ -339,7 +338,7 @@ install: install-plugin install-binaries install-sudoers install-doc install-dirs: $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \ - $(DESTDIR)$(visudodir) $(DESTDIR)$(replaydir) \ + $(DESTDIR)$(sbindir) $(DESTDIR)$(bindir) \ $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \ `echo $(DESTDIR)$(rundir)|$(SED) 's,/[^/]*$$,,'` \ `echo $(DESTDIR)$(vardir)|$(SED) 's,/[^/]*$$,,'` @@ -347,9 +346,10 @@ install-dirs: $(INSTALL) -d $(INSTALL_OWNER) -m 0711 $(DESTDIR)$(vardir) $(INSTALL) -d $(INSTALL_OWNER) -m 0700 $(DESTDIR)$(vardir)/lectured -install-binaries: visudo sudoreplay install-dirs - INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudoreplay $(DESTDIR)$(replaydir)/sudoreplay - INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 visudo $(DESTDIR)$(visudodir)/visudo +install-binaries: cvtsudoers sudoreplay visudo install-dirs + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 cvtsudoers $(DESTDIR)$(bindir)/cvtsudoers + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudoreplay $(DESTDIR)$(bindir)/sudoreplay + INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 visudo $(DESTDIR)$(sbindir)/visudo install-includes: @@ -372,11 +372,13 @@ install-sudoers: install-dirs uninstall: -$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sudoers.la - -rm -f $(DESTDIR)$(replaydir)/sudoreplay \ - $(DESTDIR)$(visudodir)/visudo + -rm -f $(DESTDIR)$(bindir)/cvtsudoers \ + $(DESTDIR)$(bindir)/sudoreplay + $(DESTDIR)$(sbindir)/visudo -test -z "$(INSTALL_BACKUP)" || \ - $(DESTDIR)$(replaydir)/sudoreplay$(INSTALL_BACKUP) \ - $(DESTDIR)$(visudodir)/visudo$(INSTALL_BACKUP) \ + $(DESTDIR)$(bindir)/cvtsudoers$(INSTALL_BACKUP) \ + $(DESTDIR)$(bindir)/sudoreplay$(INSTALL_BACKUP) \ + $(DESTDIR)$(sbindir)/visudo$(INSTALL_BACKUP) \ $(DESTDIR)$(plugindir)/sudoers.so$(INSTALL_BACKUP) -cmp $(DESTDIR)$(sudoersdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers.dist >/dev/null && \ rm -f $(DESTDIR)$(sudoersdir)/sudoers @@ -445,7 +447,7 @@ check: $(TEST_PROGS) visudo testsudoers diff $$toke $(srcdir)/$$toke.ok || true; \ fi; \ total=`expr $$total + 1`; \ - ./visudo -f $$t -x - >$$json 2>/dev/null || true; \ + ./cvtsudoers -o $$json $$t 2>/dev/null || true; \ total=`expr $$total + 1`; \ if cmp $$json $(srcdir)/$$json.ok >/dev/null; then \ passed=`expr $$passed + 1`; \ @@ -680,6 +682,29 @@ check_wrap.o: $(srcdir)/regress/logging/check_wrap.c \ $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/logging/check_wrap.c +cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ + $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ + $(srcdir)/sudoers_version.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers.c +cvtsudoers_json.o: $(srcdir)/cvtsudoers_json.c $(devdir)/def_data.h \ + $(devdir)/gram.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers_json.c dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ @@ -1278,13 +1303,3 @@ visudo.o: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \ $(srcdir)/sudoers_version.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/visudo.c -visudo_json.o: $(srcdir)/visudo_json.c $(devdir)/def_data.h $(devdir)/gram.h \ - $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \ - $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/visudo_json.c diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c new file mode 100644 index 000000000..4562122e0 --- /dev/null +++ b/plugins/sudoers/cvtsudoers.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 2018 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Convert from sudoers format to other formats. + * Currently outputs to JSON + */ + +#include + +#include +#include +#include +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#include +#include +#include +#include + +#include "sudoers.h" +#include "interfaces.h" +#include "parse.h" +#include "redblack.h" +#include "sudoers_version.h" +#include "sudo_conf.h" +#include + +#ifdef HAVE_GETOPT_LONG +# include +# else +# include "compat/getopt.h" +#endif /* HAVE_GETOPT_LONG */ + +extern bool export_sudoers(const char *, const char *); + +/* + * Globals + */ +struct sudo_user sudo_user; +struct passwd *list_pw; +static const char short_opts[] = "f:ho:V"; +static struct option long_opts[] = { + { "format", required_argument, NULL, 'f' }, + { "help", no_argument, NULL, 'h' }, +#ifdef notyet + { "input-format", required_argument, NULL, 'i' }, +#endif + { "output", required_argument, NULL, 'o' }, + { "version", no_argument, NULL, 'V' }, + { NULL, no_argument, NULL, '\0' }, +}; + +__dso_public int main(int argc, char *argv[]); +static void get_hostname(void); +static void help(void) __attribute__((__noreturn__)); +static void usage(int); + +int +main(int argc, char *argv[]) +{ + int ch, exitcode = EXIT_FAILURE; + const char *input_file = "-", *output_file = "-"; + const char *output_format = "JSON"; + debug_decl(main, SUDOERS_DEBUG_MAIN) + +#if defined(SUDO_DEVEL) && defined(__OpenBSD__) + { + extern char *malloc_options; + malloc_options = "S"; + } +#endif + + initprogname(argc > 0 ? argv[0] : "cvtsudoers"); + if (!sudoers_initlocale(setlocale(LC_ALL, ""), def_sudoers_locale)) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + sudo_warn_set_locale_func(sudoers_warn_setlocale); + bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */ + textdomain("sudoers"); + +#if 0 + /* Register fatal/fatalx callback. */ + sudo_fatal_callback_register(cvtsudoers_cleanup); +#endif + + /* Read debug and plugin sections of sudo.conf. */ + if (sudo_conf_read(NULL, SUDO_CONF_DEBUG|SUDO_CONF_PLUGINS) == -1) + goto done; + + /* Initialize the debug subsystem. */ + if (!sudoers_debug_register(getprogname(), sudo_conf_debug_files(getprogname()))) + goto done; + + /* + * Arg handling. + */ + while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { + switch (ch) { + case 'f': + if (strcasecmp(optarg, "json") != 0) { + sudo_warnx("unsupported output format %s", optarg); + usage(1); + } + output_format = optarg; + break; + case 'h': + help(); + break; + case 'o': + output_file = optarg; + break; + case 'V': + (void) printf(_("%s version %s\n"), getprogname(), + PACKAGE_VERSION); + (void) printf(_("%s grammar version %d\n"), getprogname(), + SUDOERS_GRAMMAR_VERSION); + exitcode = EXIT_SUCCESS; + goto done; + default: + usage(1); + } + } + argc -= optind; + argv += optind; + + /* Input file (defaults to stdin). */ + if (argc > 0) { + /* XXX - allow multiple input files? */ + if (argc > 1) + usage(1); + input_file = argv[0]; + } + + /* Mock up a fake sudo_user struct. */ + /* XXX - common with visudo */ + user_cmnd = user_base = ""; + if (geteuid() == 0) { + const char *user = getenv("SUDO_USER"); + if (user != NULL && *user != '\0') + sudo_user.pw = sudo_getpwnam(user); + } + if (sudo_user.pw == NULL) { + if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) + sudo_fatalx(U_("you do not exist in the %s database"), "passwd"); + } + get_hostname(); + + /* Setup defaults data structures. */ + if (!init_defaults()) + sudo_fatalx(U_("unable to initialize sudoers default values")); + + exitcode = export_sudoers(input_file, output_file) ? EXIT_SUCCESS : EXIT_FAILURE; + +done: + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode); + return exitcode; +} + +FILE * +open_sudoers(const char *sudoers, bool doedit, bool *keepopen) +{ + return fopen(sudoers, "r"); +} + +/* XXX - Common stubs belong in their own file */ + +/* STUB */ +bool +init_envtables(void) +{ + return true; +} + +/* STUB */ +bool +user_is_exempt(void) +{ + return false; +} + +/* STUB */ +void +sudo_setspent(void) +{ + return; +} + +/* STUB */ +void +sudo_endspent(void) +{ + return; +} + +/* STUB */ +int +group_plugin_query(const char *user, const char *group, const struct passwd *pw) +{ + return false; +} + +/* STUB */ +struct interface_list * +get_interfaces(void) +{ + static struct interface_list dummy = SLIST_HEAD_INITIALIZER(interfaces); + return &dummy; +} + +/* + * Look up the hostname and set user_host and user_shost. + */ +static void +get_hostname(void) +{ + char *p; + debug_decl(get_hostname, SUDOERS_DEBUG_UTIL) + + if ((user_host = sudo_gethostname()) != NULL) { + if ((p = strchr(user_host, '.'))) { + *p = '\0'; + if ((user_shost = strdup(user_host)) == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + *p = '.'; + } else { + user_shost = user_host; + } + } else { + user_host = user_shost = "localhost"; + } + user_runhost = user_host; + user_srunhost = user_shost; + debug_return; +} + +static void +usage(int fatal) +{ + (void) fprintf(fatal ? stderr : stdout, + "usage: %s [-hV] [-f format] [-o output_file] [sudoers_file]\n", + getprogname()); + if (fatal) + exit(1); +} + +static void +help(void) +{ + (void) printf(_("%s - convert between sudoers file formats\n\n"), getprogname()); + usage(0); + (void) puts(_("\nOptions:\n" + " -f, --format=JSON specify output format\n" + " -h, --help display help message and exit\n" + " -o, --output=output_file write sudoers in JSON format to output_file\n" + " -V, --version display version information and exit")); + exit(0); +} diff --git a/plugins/sudoers/visudo_json.c b/plugins/sudoers/cvtsudoers_json.c similarity index 96% rename from plugins/sudoers/visudo_json.c rename to plugins/sudoers/cvtsudoers_json.c index 3dcf44bbf..c545f4311 100644 --- a/plugins/sudoers/visudo_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2016 Todd C. Miller + * Copyright (c) 2013-2018 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -982,11 +982,9 @@ print_userspecs_json(FILE *fp, int indent, bool need_comma) /* * Export the parsed sudoers file in JSON format. - * XXX - ignores strict flag and doesn't pass through quiet flag */ bool -export_sudoers(const char *sudoers_path, const char *export_path, - bool quiet, bool strict) +export_sudoers(const char *sudoers_path, const char *export_path) { bool ret = false, need_comma = false; const int indent = 4; @@ -996,29 +994,20 @@ export_sudoers(const char *sudoers_path, const char *export_path, if (strcmp(sudoers_path, "-") == 0) { sudoersin = stdin; sudoers_path = "stdin"; - } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) { - if (!quiet) - sudo_warn(U_("unable to open %s"), sudoers_path); - goto done; - } + } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) + sudo_fatal(U_("unable to open %s"), sudoers_path); if (strcmp(export_path, "-") != 0) { + /* XXX - move check to front-end */ if (strcmp(sudoers_path, export_path) == 0) { - if (!quiet) { - sudo_warnx(U_("%s: input and output files must be different"), - sudoers_path); - } - goto done; - } - if ((export_fp = fopen(export_path, "w")) == NULL) { - if (!quiet) - sudo_warn(U_("unable to open %s"), export_path); - goto done; + sudo_fatalx(U_("%s: input and output files must be different"), + sudoers_path); } + if ((export_fp = fopen(export_path, "w")) == NULL) + sudo_fatal(U_("unable to open %s"), export_path); } - init_parser(sudoers_path, quiet); + init_parser(sudoers_path, false); if (sudoersparse() && !parse_error) { - if (!quiet) - sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_path); + sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_path); parse_error = true; rcstr_delref(errorfile); if ((errorfile = rcstr_dup(sudoers_path)) == NULL) @@ -1027,13 +1016,11 @@ export_sudoers(const char *sudoers_path, const char *export_path, ret = !parse_error; if (parse_error) { - if (!quiet) { - if (errorlineno != -1) - sudo_warnx(U_("parse error in %s near line %d\n"), - errorfile, errorlineno); - else if (errorfile != NULL) - sudo_warnx(U_("parse error in %s\n"), errorfile); - } + if (errorlineno != -1) + sudo_warnx(U_("parse error in %s near line %d\n"), + errorfile, errorlineno); + else if (errorfile != NULL) + sudo_warnx(U_("parse error in %s\n"), errorfile); goto done; } diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 4d788faf3..f4a352138 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -101,9 +101,6 @@ static void help(void) __attribute__((__noreturn__)); static void usage(int); static void visudo_cleanup(void); -extern bool export_sudoers(const char *, const char *, bool, bool); - -extern void sudoerserror(const char *); extern void sudoersrestart(FILE *); /* @@ -135,7 +132,6 @@ main(int argc, char *argv[]) char *editor, **editor_argv; int ch, oldlocale, editor_argc, exitcode = 0; bool quiet, strict, oldperms; - const char *export_path; debug_decl(main, SUDOERS_DEBUG_MAIN) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) @@ -176,7 +172,6 @@ main(int argc, char *argv[]) * Arg handling. */ checkonly = oldperms = quiet = strict = false; - export_path = NULL; while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { case 'V': @@ -202,8 +197,9 @@ main(int argc, char *argv[]) quiet = true; /* quiet mode */ break; case 'x': - export_path = optarg; /* export mode */ - break; + /* XXX - make more concise */ + sudo_warnx(U_("conversion of sudoers to JSON format has moved to the cvtsudoers utility")); + usage(1); default: usage(1); } @@ -233,10 +229,6 @@ main(int argc, char *argv[]) exitcode = check_syntax(sudoers_file, quiet, strict, oldperms) ? 0 : 1; goto done; } - if (export_path != NULL) { - exitcode = export_sudoers(sudoers_file, export_path, quiet, strict) ? 0 : 1; - goto done; - } /* * Parse the existing sudoers file(s) to highlight any existing @@ -1399,7 +1391,7 @@ static void usage(int fatal) { (void) fprintf(fatal ? stderr : stdout, - "usage: %s [-chqsV] [-f sudoers] [-x output_file]\n", getprogname()); + "usage: %s [-chqsV] [-f sudoers]\n", getprogname()); if (fatal) exit(1); } @@ -1415,7 +1407,6 @@ help(void) " -h, --help display help message and exit\n" " -q, --quiet less verbose (quiet) syntax error messages\n" " -s, --strict strict syntax checking\n" - " -V, --version display version information and exit\n" - " -x, --export=output_file write sudoers in JSON format to output_file")); + " -V, --version display version information and exit\n")); exit(0); } -- 2.40.0