Add --group-file and --passwd-file options to cvtsudoers.
These are based on the code in testsudoers.
This commit is contained in:
Todd C. Miller
@@ -2,7 +2,7 @@
|
||||
.\"
|
||||
.\" SPDX-License-Identifier: ISC
|
||||
.\"
|
||||
.\" Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||
.\" Copyright (c) 2018, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
@@ -16,7 +16,7 @@
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.TH "CVTSUDOERS" "1" "December 11, 2018" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
|
||||
.TH "CVTSUDOERS" "1" "September 23, 2021" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
|
||||
.nh
|
||||
.if n .ad l
|
||||
.SH "NAME"
|
||||
@@ -179,6 +179,13 @@ output inline.
|
||||
.RE
|
||||
.PD
|
||||
.TP 12n
|
||||
\fB\--group-file\fR=\fIfile\fR
|
||||
When the
|
||||
\fB\-M\fR
|
||||
option is also specified, perform group queries using
|
||||
\fIfile\fR
|
||||
instead of the system group database.
|
||||
.TP 12n
|
||||
\fB\-h\fR, \fB\--help\fR
|
||||
Display a short help message to the standard output and exit.
|
||||
.TP 12n
|
||||
@@ -293,6 +300,13 @@ Defaults to a starting point of 1.
|
||||
A starting point of 0 will disable the generation of sudoOrder
|
||||
attributes in the resulting LDIF file.
|
||||
.TP 12n
|
||||
\fB\--passwd-file\fR=\fIfile\fR
|
||||
When the
|
||||
\fB\-M\fR
|
||||
option is also specified, perform passwd queries using
|
||||
\fIfile\fR
|
||||
instead of the system passwd database.
|
||||
.TP 12n
|
||||
\fB\-p\fR, \fB\--prune-matches\fR
|
||||
When the
|
||||
\fB\-m\fR
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
.\"
|
||||
.\" SPDX-License-Identifier: ISC
|
||||
.\"
|
||||
.\" Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||
.\" Copyright (c) 2018, 2021 Todd C. Miller <Todd.Miller@sudo.ws>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
@@ -15,7 +15,7 @@
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.Dd December 11, 2018
|
||||
.Dd September 23, 2021
|
||||
.Dt CVTSUDOERS 1
|
||||
.Os Sudo @PACKAGE_VERSION@
|
||||
.Sh NAME
|
||||
@@ -146,6 +146,12 @@ A new sudoers file will be reconstructed from the parsed input file.
|
||||
Comments are not preserved and data from any include files will be
|
||||
output inline.
|
||||
.El
|
||||
.It Fl -group-file Ns = Ns Ar file
|
||||
When the
|
||||
.Fl M
|
||||
option is also specified, perform group queries using
|
||||
.Ar file
|
||||
instead of the system group database.
|
||||
.It Fl h , Fl -help
|
||||
Display a short help message to the standard output and exit.
|
||||
.It Fl i Ar input_format , Fl -input-format Ns = Ns Ar input_format
|
||||
@@ -245,6 +251,12 @@ option for details.
|
||||
Defaults to a starting point of 1.
|
||||
A starting point of 0 will disable the generation of sudoOrder
|
||||
attributes in the resulting LDIF file.
|
||||
.It Fl -passwd-file Ns = Ns Ar file
|
||||
When the
|
||||
.Fl M
|
||||
option is also specified, perform passwd queries using
|
||||
.Ar file
|
||||
instead of the system passwd database.
|
||||
.It Fl p , Fl -prune-matches
|
||||
When the
|
||||
.Fl m
|
||||
|
||||
@@ -198,7 +198,7 @@ VISUDO_IOBJS = sudo_printf.i visudo.i
|
||||
CVTSUDOERS_OBJS = b64_encode.o cvtsudoers.o cvtsudoers_json.o \
|
||||
cvtsudoers_ldif.o cvtsudoers_pwutil.o fmtsudoers.lo \
|
||||
fmtsudoers_cvt.lo locale.lo parse_ldif.o stubs.o \
|
||||
sudo_printf.o ldap_util.lo
|
||||
sudo_printf.o ldap_util.lo testsudoers_pwutil.o tsgetgrpw.o
|
||||
|
||||
CVTSUDOERS_IOBJS = cvtsudoers.i cvtsudoers_json.i cvtsudoers_ldif.i \
|
||||
cvtsudoers_pwutil.i
|
||||
|
||||
@@ -48,8 +48,13 @@
|
||||
#include "sudo_lbuf.h"
|
||||
#include "redblack.h"
|
||||
#include "cvtsudoers.h"
|
||||
#include "tsgetgrpw.h"
|
||||
#include <gram.h>
|
||||
|
||||
/* Long-only options values. */
|
||||
#define OPT_GROUP_FILE 256
|
||||
#define OPT_PASSWD_FILE 257
|
||||
|
||||
/*
|
||||
* Globals
|
||||
*/
|
||||
@@ -74,7 +79,9 @@ static struct option long_opts[] = {
|
||||
{ "output", required_argument, NULL, 'o' },
|
||||
{ "suppress", required_argument, NULL, 's' },
|
||||
{ "version", no_argument, NULL, 'V' },
|
||||
{ NULL, no_argument, NULL, '\0' },
|
||||
{ "group-file", required_argument, NULL, OPT_GROUP_FILE },
|
||||
{ "passwd-file", required_argument, NULL, OPT_PASSWD_FILE },
|
||||
{ NULL, no_argument, NULL, 0 },
|
||||
};
|
||||
|
||||
sudo_dso_public int main(int argc, char *argv[]);
|
||||
@@ -104,6 +111,7 @@ main(int argc, char *argv[])
|
||||
const char *input_file = "-";
|
||||
const char *output_file = "-";
|
||||
const char *conf_file = _PATH_CVTSUDOERS_CONF;
|
||||
const char *grfile = NULL, *pwfile = NULL;
|
||||
const char *errstr;
|
||||
debug_decl(main, SUDOERS_DEBUG_MAIN);
|
||||
|
||||
@@ -231,6 +239,12 @@ main(int argc, char *argv[])
|
||||
SUDOERS_GRAMMAR_VERSION);
|
||||
exitcode = EXIT_SUCCESS;
|
||||
goto done;
|
||||
case OPT_GROUP_FILE:
|
||||
grfile = optarg;
|
||||
break;
|
||||
case OPT_PASSWD_FILE:
|
||||
pwfile = optarg;
|
||||
break;
|
||||
default:
|
||||
usage(1);
|
||||
}
|
||||
@@ -317,9 +331,19 @@ main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
/* Set pwutil backend to use the filter data. */
|
||||
if (conf->filter != NULL && !match_local) {
|
||||
if (conf->filter != NULL & !match_local) {
|
||||
sudo_pwutil_set_backend(cvtsudoers_make_pwitem, cvtsudoers_make_gritem,
|
||||
cvtsudoers_make_gidlist_item, cvtsudoers_make_grlist_item);
|
||||
} else {
|
||||
if (grfile != NULL)
|
||||
testsudoers_setgrfile(grfile);
|
||||
if (pwfile != NULL)
|
||||
testsudoers_setpwfile(pwfile);
|
||||
sudo_pwutil_set_backend(
|
||||
pwfile ? testsudoers_make_pwitem : NULL,
|
||||
grfile ? testsudoers_make_gritem : NULL,
|
||||
grfile ? testsudoers_make_gidlist_item : NULL,
|
||||
grfile ? testsudoers_make_grlist_item : NULL);
|
||||
}
|
||||
|
||||
/* We may need the hostname to resolve %h escapes in include files. */
|
||||
|
||||
@@ -94,6 +94,12 @@ struct cache_item *cvtsudoers_make_gritem(gid_t gid, const char *name);
|
||||
struct cache_item *cvtsudoers_make_gidlist_item(const struct passwd *pw, char * const *unused1, unsigned int type);
|
||||
struct cache_item *cvtsudoers_make_grlist_item(const struct passwd *pw, char * const *unused1);
|
||||
|
||||
/* testsudoers_pwutil.c */
|
||||
struct cache_item *testsudoers_make_gritem(gid_t gid, const char *group);
|
||||
struct cache_item *testsudoers_make_grlist_item(const struct passwd *pw, char * const *groups);
|
||||
struct cache_item *testsudoers_make_gidlist_item(const struct passwd *pw, char * const *gids, unsigned int type);
|
||||
struct cache_item *testsudoers_make_pwitem(uid_t uid, const char *user);
|
||||
|
||||
/* stubs.c */
|
||||
void get_hostname(void);
|
||||
|
||||
|
||||
@@ -90,10 +90,14 @@ sudo_pwutil_set_backend(sudo_make_pwitem_t pwitem, sudo_make_gritem_t gritem,
|
||||
{
|
||||
debug_decl(sudo_pwutil_set_backend, SUDOERS_DEBUG_NSS);
|
||||
|
||||
make_pwitem = pwitem;
|
||||
make_gritem = gritem;
|
||||
make_gidlist_item = gidlist_item;
|
||||
make_grlist_item = grlist_item;
|
||||
if (pwitem != NULL)
|
||||
make_pwitem = pwitem;
|
||||
if (gritem != NULL)
|
||||
make_gritem = gritem;
|
||||
if (gidlist_item != NULL)
|
||||
make_gidlist_item = gidlist_item;
|
||||
if (grlist_item != NULL)
|
||||
make_grlist_item = grlist_item;
|
||||
|
||||
debug_return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user