diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in index f1a8e91a9..02e4c9af3 100644 --- a/doc/cvtsudoers.man.in +++ b/doc/cvtsudoers.man.in @@ -2,7 +2,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2018 Todd C. Miller +.\" Copyright (c) 2018, 2021 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.TH "CVTSUDOERS" "1" "December 11, 2018" "Sudo @PACKAGE_VERSION@" "General Commands Manual" +.TH "CVTSUDOERS" "1" "September 23, 2021" "Sudo @PACKAGE_VERSION@" "General Commands Manual" .nh .if n .ad l .SH "NAME" @@ -179,6 +179,13 @@ output inline. .RE .PD .TP 12n +\fB\--group-file\fR=\fIfile\fR +When the +\fB\-M\fR +option is also specified, perform group queries using +\fIfile\fR +instead of the system group database. +.TP 12n \fB\-h\fR, \fB\--help\fR Display a short help message to the standard output and exit. .TP 12n @@ -293,6 +300,13 @@ Defaults to a starting point of 1. A starting point of 0 will disable the generation of sudoOrder attributes in the resulting LDIF file. .TP 12n +\fB\--passwd-file\fR=\fIfile\fR +When the +\fB\-M\fR +option is also specified, perform passwd queries using +\fIfile\fR +instead of the system passwd database. +.TP 12n \fB\-p\fR, \fB\--prune-matches\fR When the \fB\-m\fR diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in index b24f36370..a07a68b25 100644 --- a/doc/cvtsudoers.mdoc.in +++ b/doc/cvtsudoers.mdoc.in @@ -1,7 +1,7 @@ .\" .\" SPDX-License-Identifier: ISC .\" -.\" Copyright (c) 2018 Todd C. Miller +.\" Copyright (c) 2018, 2021 Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd December 11, 2018 +.Dd September 23, 2021 .Dt CVTSUDOERS 1 .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -146,6 +146,12 @@ A new sudoers file will be reconstructed from the parsed input file. Comments are not preserved and data from any include files will be output inline. .El +.It Fl -group-file Ns = Ns Ar file +When the +.Fl M +option is also specified, perform group queries using +.Ar file +instead of the system group database. .It Fl h , Fl -help Display a short help message to the standard output and exit. .It Fl i Ar input_format , Fl -input-format Ns = Ns Ar input_format @@ -245,6 +251,12 @@ option for details. Defaults to a starting point of 1. A starting point of 0 will disable the generation of sudoOrder attributes in the resulting LDIF file. +.It Fl -passwd-file Ns = Ns Ar file +When the +.Fl M +option is also specified, perform passwd queries using +.Ar file +instead of the system passwd database. .It Fl p , Fl -prune-matches When the .Fl m diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 1cad2bcc5..4604f7b95 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -198,7 +198,7 @@ VISUDO_IOBJS = sudo_printf.i visudo.i CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_json.o \ cvtsudoers_ldif.o cvtsudoers_pwutil.o fmtsudoers.lo \ fmtsudoers_cvt.lo locale.lo parse_ldif.o stubs.o \ - sudo_printf.o ldap_util.lo + sudo_printf.o ldap_util.lo testsudoers_pwutil.o tsgetgrpw.o CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_json.i cvtsudoers_ldif.i \ cvtsudoers_pwutil.i diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c index 79558c314..973f2b09c 100644 --- a/plugins/sudoers/cvtsudoers.c +++ b/plugins/sudoers/cvtsudoers.c @@ -48,8 +48,13 @@ #include "sudo_lbuf.h" #include "redblack.h" #include "cvtsudoers.h" +#include "tsgetgrpw.h" #include +/* Long-only options values. */ +#define OPT_GROUP_FILE 256 +#define OPT_PASSWD_FILE 257 + /* * Globals */ @@ -74,7 +79,9 @@ static struct option long_opts[] = { { "output", required_argument, NULL, 'o' }, { "suppress", required_argument, NULL, 's' }, { "version", no_argument, NULL, 'V' }, - { NULL, no_argument, NULL, '\0' }, + { "group-file", required_argument, NULL, OPT_GROUP_FILE }, + { "passwd-file", required_argument, NULL, OPT_PASSWD_FILE }, + { NULL, no_argument, NULL, 0 }, }; sudo_dso_public int main(int argc, char *argv[]); @@ -104,6 +111,7 @@ main(int argc, char *argv[]) const char *input_file = "-"; const char *output_file = "-"; const char *conf_file = _PATH_CVTSUDOERS_CONF; + const char *grfile = NULL, *pwfile = NULL; const char *errstr; debug_decl(main, SUDOERS_DEBUG_MAIN); @@ -231,6 +239,12 @@ main(int argc, char *argv[]) SUDOERS_GRAMMAR_VERSION); exitcode = EXIT_SUCCESS; goto done; + case OPT_GROUP_FILE: + grfile = optarg; + break; + case OPT_PASSWD_FILE: + pwfile = optarg; + break; default: usage(1); } @@ -317,9 +331,19 @@ main(int argc, char *argv[]) } /* Set pwutil backend to use the filter data. */ - if (conf->filter != NULL && !match_local) { + if (conf->filter != NULL & !match_local) { sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem, cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item); + } else { + if (grfile != NULL) + testsudoers_setgrfile(grfile); + if (pwfile != NULL) + testsudoers_setpwfile(pwfile); + sudo_pwutil_set_backend( + pwfile ? testsudoers_make_pwitem : NULL, + grfile ? testsudoers_make_gritem : NULL, + grfile ? testsudoers_make_gidlist_item : NULL, + grfile ? testsudoers_make_grlist_item : NULL); } /* We may need the hostname to resolve %h escapes in include files. */ diff --git a/plugins/sudoers/cvtsudoers.h b/plugins/sudoers/cvtsudoers.h index 721b81e50..9fb09bd71 100644 --- a/plugins/sudoers/cvtsudoers.h +++ b/plugins/sudoers/cvtsudoers.h @@ -94,6 +94,12 @@ struct cache_item *cvtsudoers_make_gritem(gid_t gid, const char *name); struct cache_item *cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, unsigned int type); struct cache_item *cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1); +/* testsudoers_pwutil.c */ +struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group); +struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups); +struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type); +struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user); + /* stubs.c */ void get_hostname(void); diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index c8d6c82d7..ca5e146b4 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -90,10 +90,14 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem, { debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS); - make_pwitem = pwitem; - make_gritem = gritem; - make_gidlist_item = gidlist_item; - make_grlist_item = grlist_item; + if (pwitem != NULL) + make_pwitem = pwitem; + if (gritem != NULL) + make_gritem = gritem; + if (gidlist_item != NULL) + make_gidlist_item = gidlist_item; + if (grlist_item != NULL) + make_grlist_item = grlist_item; debug_return; }