isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add --group-file and --passwd-file options to cvtsudoers.

Browse Source 
These are based on the code in testsudoers.
This commit is contained in:
Todd C. Miller
2021-09-23 19:18:25 -06:00
parent a7367ce47d
commit 41f116050f
6 changed files with 71 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
doc/cvtsudoers.man.in
View File

@@ -2,7 +2,7 @@
.\" .\"
.\" SPDX-License-Identifier: ISC .\" SPDX-License-Identifier: ISC
.\" .\"
.\" Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws> .\" Copyright (c) 2018, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.TH "CVTSUDOERS" "1" "December 11, 2018" "Sudo @PACKAGE_VERSION@" "General Commands Manual" .TH "CVTSUDOERS" "1" "September 23, 2021" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -179,6 +179,13 @@ output inline.
.RE .RE
.PD .PD
.TP 12n .TP 12n
\fB\--group-file\fR=\fIfile\fR
When the
\fB\-M\fR
option is also specified, perform group queries using
\fIfile\fR
instead of the system group database.
.TP 12n
\fB\-h\fR, \fB\--help\fR \fB\-h\fR, \fB\--help\fR
Display a short help message to the standard output and exit. Display a short help message to the standard output and exit.
.TP 12n .TP 12n
@@ -293,6 +300,13 @@ Defaults to a starting point of 1.
A starting point of 0 will disable the generation of sudoOrder A starting point of 0 will disable the generation of sudoOrder
attributes in the resulting LDIF file. attributes in the resulting LDIF file.
.TP 12n .TP 12n
\fB\--passwd-file\fR=\fIfile\fR
When the
\fB\-M\fR
option is also specified, perform passwd queries using
\fIfile\fR
instead of the system passwd database.
.TP 12n
\fB\-p\fR, \fB\--prune-matches\fR \fB\-p\fR, \fB\--prune-matches\fR
When the When the
\fB\-m\fR \fB\-m\fR

16
doc/cvtsudoers.mdoc.in
View File

@@ -1,7 +1,7 @@
.\" .\"
.\" SPDX-License-Identifier: ISC .\" SPDX-License-Identifier: ISC
.\" .\"
.\" Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws> .\" Copyright (c) 2018, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd December 11, 2018 .Dd September 23, 2021
.Dt CVTSUDOERS 1 .Dt CVTSUDOERS 1
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -146,6 +146,12 @@ A new sudoers file will be reconstructed from the parsed input file.
Comments are not preserved and data from any include files will be Comments are not preserved and data from any include files will be
output inline. output inline.
.El .El
.It Fl -group-file Ns = Ns Ar file
When the
.Fl M
option is also specified, perform group queries using
.Ar file
instead of the system group database.
.It Fl h , Fl -help .It Fl h , Fl -help
Display a short help message to the standard output and exit. Display a short help message to the standard output and exit.
.It Fl i Ar input_format , Fl -input-format Ns = Ns Ar input_format .It Fl i Ar input_format , Fl -input-format Ns = Ns Ar input_format
@@ -245,6 +251,12 @@ option for details.
Defaults to a starting point of 1. Defaults to a starting point of 1.
A starting point of 0 will disable the generation of sudoOrder A starting point of 0 will disable the generation of sudoOrder
attributes in the resulting LDIF file. attributes in the resulting LDIF file.
.It Fl -passwd-file Ns = Ns Ar file
When the
.Fl M
option is also specified, perform passwd queries using
.Ar file
instead of the system passwd database.
.It Fl p , Fl -prune-matches .It Fl p , Fl -prune-matches
When the When the
.Fl m .Fl m

2
plugins/sudoers/Makefile.in
View File

@@ -198,7 +198,7 @@ VISUDO_IOBJS = sudo_printf.i visudo.i
CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_json.o \ CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_json.o \
cvtsudoers_ldif.o cvtsudoers_pwutil.o fmtsudoers.lo \ cvtsudoers_ldif.o cvtsudoers_pwutil.o fmtsudoers.lo \
fmtsudoers_cvt.lo locale.lo parse_ldif.o stubs.o \ fmtsudoers_cvt.lo locale.lo parse_ldif.o stubs.o \
sudo_printf.o ldap_util.lo sudo_printf.o ldap_util.lo testsudoers_pwutil.o tsgetgrpw.o
CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_json.i cvtsudoers_ldif.i \ CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_json.i cvtsudoers_ldif.i \
cvtsudoers_pwutil.i cvtsudoers_pwutil.i

28
plugins/sudoers/cvtsudoers.c
View File

@@ -48,8 +48,13 @@
#include "sudo_lbuf.h" #include "sudo_lbuf.h"
#include "redblack.h" #include "redblack.h"
#include "cvtsudoers.h" #include "cvtsudoers.h"
#include "tsgetgrpw.h"
#include <gram.h> #include <gram.h>
/* Long-only options values. */
#define OPT_GROUP_FILE 256
#define OPT_PASSWD_FILE 257
/* /*
* Globals * Globals
*/ */
@@ -74,7 +79,9 @@ static struct option long_opts[] = {
{ "output", required_argument, NULL, 'o' }, { "output", required_argument, NULL, 'o' },
{ "suppress", required_argument, NULL, 's' }, { "suppress", required_argument, NULL, 's' },
{ "version", no_argument, NULL, 'V' }, { "version", no_argument, NULL, 'V' },
{ NULL, no_argument, NULL, '\0' }, { "group-file", required_argument, NULL, OPT_GROUP_FILE },
{ "passwd-file", required_argument, NULL, OPT_PASSWD_FILE },
{ NULL, no_argument, NULL, 0 },
}; };
sudo_dso_public int main(int argc, char *argv[]); sudo_dso_public int main(int argc, char *argv[]);
@@ -104,6 +111,7 @@ main(int argc, char *argv[])
const char *input_file = "-"; const char *input_file = "-";
const char *output_file = "-"; const char *output_file = "-";
const char *conf_file = _PATH_CVTSUDOERS_CONF; const char *conf_file = _PATH_CVTSUDOERS_CONF;
const char *grfile = NULL, *pwfile = NULL;
const char *errstr; const char *errstr;
debug_decl(main, SUDOERS_DEBUG_MAIN); debug_decl(main, SUDOERS_DEBUG_MAIN);
@@ -231,6 +239,12 @@ main(int argc, char *argv[])
SUDOERS_GRAMMAR_VERSION); SUDOERS_GRAMMAR_VERSION);
exitcode = EXIT_SUCCESS; exitcode = EXIT_SUCCESS;
goto done; goto done;
case OPT_GROUP_FILE:
grfile = optarg;
break;
case OPT_PASSWD_FILE:
pwfile = optarg;
break;
default: default:
usage(1); usage(1);
} }
@@ -317,9 +331,19 @@ main(int argc, char *argv[])
} }
/* Set pwutil backend to use the filter data. */ /* Set pwutil backend to use the filter data. */
if (conf->filter != NULL && !match_local) { if (conf->filter != NULL & !match_local) {
sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem, sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem,
cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item); cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item);
} else {
if (grfile != NULL)
testsudoers_setgrfile(grfile);
if (pwfile != NULL)
testsudoers_setpwfile(pwfile);
sudo_pwutil_set_backend(
pwfile ? testsudoers_make_pwitem : NULL,
grfile ? testsudoers_make_gritem : NULL,
grfile ? testsudoers_make_gidlist_item : NULL,
grfile ? testsudoers_make_grlist_item : NULL);
} }
/* We may need the hostname to resolve %h escapes in include files. */ /* We may need the hostname to resolve %h escapes in include files. */

6
plugins/sudoers/cvtsudoers.h
View File

@@ -94,6 +94,12 @@ struct cache_item *cvtsudoers_make_gritem(gid_t gid, const char *name);
struct cache_item *cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, unsigned int type); struct cache_item *cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, unsigned int type);
struct cache_item *cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1); struct cache_item *cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1);
/* testsudoers_pwutil.c */
struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type);
struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
/* stubs.c */ /* stubs.c */
void get_hostname(void); void get_hostname(void);

12
plugins/sudoers/pwutil.c
View File

@@ -90,10 +90,14 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
{ {
debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS); debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS);
make_pwitem = pwitem; if (pwitem != NULL)
make_gritem = gritem; make_pwitem = pwitem;
make_gidlist_item = gidlist_item; if (gritem != NULL)
make_grlist_item = grlist_item; make_gritem = gritem;
if (gidlist_item != NULL)
make_gidlist_item = gidlist_item;
if (grlist_item != NULL)
make_grlist_item = grlist_item;
debug_return; debug_return;
} }