isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

add help text to sudo, visudo and sudoreplay for the -h option

Browse Source
This commit is contained in:
Todd C. Miller
2011-02-21 11:33:36 -05:00
parent 7b622a8ca1
commit 59515a4a6d
7 changed files with 182 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
doc/sudo.pod
View File

@@ -229,7 +229,8 @@ Depending on the policy, this may be the default behavior.
=item -h =item -h
The B<-h> (I<help>) option causes B<sudo> to print a usage message and exit. The B<-h> (I<help>) option causes B<sudo> to print a short help message
to the standard output and exit.
=item -i [command] =item -i [command]

11
doc/sudoreplay.pod
View File

@@ -21,9 +21,9 @@ sudoreplay - replay sudo session logs
=head1 SYNOPSIS =head1 SYNOPSIS
B<sudoreplay> [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID B<sudoreplay> [B<-h>] [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID
B<sudoreplay> [B<-d> I<directory>] -l [search expression] B<sudoreplay> [B<-h>] [B<-d> I<directory>] -l [search expression]
=head1 DESCRIPTION =head1 DESCRIPTION
@@ -76,7 +76,12 @@ used to select which of these to output. The I<filter> argument
is a comma-separated list, consisting of one or more of following: is a comma-separated list, consisting of one or more of following:
I<stdout>, I<stderr>, and I<ttyout>. I<stdout>, I<stderr>, and I<ttyout>.
=item -l =item -h
The B<-h> (I<help>) option causes B<sudoreplay> to print a short
help message to the standard output and exit.
=item -l [I<search expression>]
Enable "list mode". In this mode, B<sudoreplay> will list available Enable "list mode". In this mode, B<sudoreplay> will list available
session IDs. If a I<search expression> is specified, it will be session IDs. If a I<search expression> is specified, it will be

7
doc/visudo.pod
View File

@@ -26,7 +26,7 @@ visudo - edit the sudoers file
=head1 SYNOPSIS =head1 SYNOPSIS
B<visudo> [B<-c>] [B<-q>] [B<-s>] [B<-V>] [B<-f> I<sudoers>] B<visudo> [B<-chqsV>] [B<-f> I<sudoers>]
=head1 DESCRIPTION =head1 DESCRIPTION
@@ -85,6 +85,11 @@ is the specified I<sudoers> file with ".tmp" appended to it.
In B<check-only> mode only, the argument to B<-f> may be "-", In B<check-only> mode only, the argument to B<-f> may be "-",
indicating that I<sudoers> will be read from the standard input. indicating that I<sudoers> will be read from the standard input.
=item -h
The B<-h> (I<help>) option causes B<visudo> to print a short help message
to the standard output and exit.
=item -q =item -q
Enable B<quiet> mode. In this mode details about syntax errors Enable B<quiet> mode. In this mode details about syntax errors

41
plugins/sudoers/sudoreplay.c
View File

@@ -196,7 +196,8 @@ static int list_sessions(int, char **, const char *, const char *, const char *)
static int parse_expr(struct search_node **, char **); static int parse_expr(struct search_node **, char **);
static void check_input(int, double *); static void check_input(int, double *);
static void delay(double); static void delay(double);
static void usage(void); static void help(void) __attribute__((__noreturn__));
static void usage(int);
static void *open_io_fd(char *pathbuf, int len, const char *suffix); static void *open_io_fd(char *pathbuf, int len, const char *suffix);
static int parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes); static int parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes);
@@ -233,7 +234,7 @@ main(int argc, char *argv[])
decimal = localeconv()->decimal_point; decimal = localeconv()->decimal_point;
#endif #endif
while ((ch = getopt(argc, argv, "d:f:lm:s:V")) != -1) { while ((ch = getopt(argc, argv, "d:f:hlm:s:V")) != -1) {
switch(ch) { switch(ch) {
case 'd': case 'd':
session_dir = optarg; session_dir = optarg;
@@ -252,6 +253,9 @@ main(int argc, char *argv[])
errorx(1, "invalid filter option: %s", optarg); errorx(1, "invalid filter option: %s", optarg);
} }
break; break;
case 'h':
help();
/* NOTREACHED */
case 'l': case 'l':
listonly = 1; listonly = 1;
break; break;
@@ -271,7 +275,7 @@ main(int argc, char *argv[])
(void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION); (void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION);
exit(0); exit(0);
default: default:
usage(); usage(1);
/* NOTREACHED */ /* NOTREACHED */
} }
@@ -283,7 +287,7 @@ main(int argc, char *argv[])
exit(list_sessions(argc, argv, pattern, user, tty)); exit(list_sessions(argc, argv, pattern, user, tty));
if (argc != 1) if (argc != 1)
usage(); usage(1);
/* 6 digit ID in base 36, e.g. 01G712AB */ /* 6 digit ID in base 36, e.g. 01G712AB */
id = argv[0]; id = argv[0];
@@ -917,15 +921,32 @@ bad:
} }
static void static void
usage(void) usage(int fatal)
{ {
fprintf(stderr, fprintf(fatal ? stderr : stdout,
"usage: %s [-d directory] [-m max_wait] [-s speed_factor] ID\n", "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n",
getprogname()); getprogname());
fprintf(stderr, fprintf(fatal ? stderr : stdout,
"usage: %s [-d directory] -l [search expression]\n", "usage: %s [-h] [-d directory] -l [search expression]\n",
getprogname()); getprogname());
exit(1); if (fatal)
exit(1);
}
static void
help(void)
{
(void) printf("%s - replay sudo session logs\n\n", getprogname());
usage(0);
(void) puts("\nOptions:");
(void) puts(" -d directory specify directory for session logs");
(void) puts(" -f filter specify which I/O type to display");
(void) puts(" -h display help message and exit");
(void) puts(" -l [expression] list available session IDs that match expression");
(void) puts(" -m max_wait max number of seconds to wait between events");
(void) puts(" -s speed_factor speed up or slow down output");
(void) puts(" -V display version information and exit");
exit(0);
} }
/* /*

36
plugins/sudoers/visudo.c
View File

@@ -111,7 +111,8 @@ static int visudo_printf(int msg_type, const char *fmt, ...);
static void print_selfref(char *name, int, int, int); static void print_selfref(char *name, int, int, int);
static void print_undefined(char *name, int, int, int); static void print_undefined(char *name, int, int, int);
static void setup_signals(void); static void setup_signals(void);
static void usage(void) __attribute__((__noreturn__)); static void help(void) __attribute__((__noreturn__));
static void usage(int);
void cleanup(int); void cleanup(int);
@@ -154,7 +155,7 @@ main(int argc, char *argv[])
setprogname(argc > 0 ? argv[0] : "visudo"); setprogname(argc > 0 ? argv[0] : "visudo");
#endif #endif
if (argc < 1) if (argc < 1)
usage(); usage(1);
/* /*
* Arg handling. * Arg handling.
@@ -173,6 +174,9 @@ main(int argc, char *argv[])
sudoers_path = optarg; /* sudoers file path */ sudoers_path = optarg; /* sudoers file path */
oldperms = TRUE; oldperms = TRUE;
break; break;
case 'h':
help();
break;
case 's': case 's':
strict++; /* strict mode */ strict++; /* strict mode */
break; break;
@@ -180,13 +184,13 @@ main(int argc, char *argv[])
quiet++; /* quiet mode */ quiet++; /* quiet mode */
break; break;
default: default:
usage(); usage(1);
} }
} }
argc -= optind; argc -= optind;
argv += optind; argv += optind;
if (argc) if (argc)
usage(); usage(1);
sudo_setpwent(); sudo_setpwent();
sudo_setgrent(); sudo_setgrent();
@@ -1157,11 +1161,27 @@ quit(int signo)
} }
static void static void
usage(void) usage(int fatal)
{ {
(void) fprintf(stderr, "usage: %s [-c] [-q] [-s] [-V] [-f sudoers]\n", (void) fprintf(fatal ? stderr : stdout,
getprogname()); "usage: %s [-chqsV] [-f sudoers]\n", getprogname());
exit(1); if (fatal)
exit(1);
}
static void
help(void)
{
(void) printf("%s - safely edit the sudoers file\n\n", getprogname());
usage(0);
(void) puts("\nOptions:");
(void) puts(" -c check-only mode");
(void) puts(" -f sudoers specify sudoers file location");
(void) puts(" -h display help message and exit");
(void) puts(" -q less verbose (quiet) syntax error messages");
(void) puts(" -s strict syntax checking");
(void) puts(" -V display version information and exit");
exit(0);
} }
static int static int

115
src/parse_args.c
View File

@@ -58,7 +58,8 @@ int tgetpass_flags;
/* /*
* Local functions. * Local functions.
*/ */
static void usage_excl(int) __attribute__((__noreturn__)); static void help(void) __attribute__((__noreturn__));
static void usage_excl(int);
/* /*
* Mapping of command line flags to name/value settings. * Mapping of command line flags to name/value settings.
@@ -365,7 +366,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
} }
if (mode == MODE_HELP) if (mode == MODE_HELP)
usage(0); help();
/* /*
* For shell mode we need to rewrite argv * For shell mode we need to rewrite argv
@@ -436,17 +437,23 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
} }
static int static int
usage_out(const char *buf) usage_err(const char *buf)
{ {
return fputs(buf, stderr); return fputs(buf, stderr);
} }
static int
usage_out(const char *buf)
{
return fputs(buf, stdout);
}
/* /*
* Give usage message and exit. * Give usage message and exit.
* The actual usage strings are in sudo_usage.h for configure substitution. * The actual usage strings are in sudo_usage.h for configure substitution.
*/ */
void void
usage(int exit_val) usage(int fatal)
{ {
struct lbuf lbuf; struct lbuf lbuf;
char *uvec[6]; char *uvec[6];
@@ -472,22 +479,112 @@ usage(int exit_val)
* tty width. * tty width.
*/ */
ulen = (int)strlen(getprogname()) + 8; ulen = (int)strlen(getprogname()) + 8;
lbuf_init(&lbuf, usage_out, ulen, NULL, user_details.ts_cols); lbuf_init(&lbuf, fatal ? usage_err : usage_out, ulen, NULL,
user_details.ts_cols);
for (i = 0; uvec[i] != NULL; i++) { for (i = 0; uvec[i] != NULL; i++) {
lbuf_append(&lbuf, "usage: ", getprogname(), uvec[i], NULL); lbuf_append(&lbuf, "usage: ", getprogname(), uvec[i], NULL);
lbuf_print(&lbuf); lbuf_print(&lbuf);
} }
lbuf_destroy(&lbuf); lbuf_destroy(&lbuf);
cleanup(0); if (fatal)
exit(exit_val); exit(1);
} }
/* /*
* Tell which options are mutually exclusive and exit. * Tell which options are mutually exclusive and exit.
*/ */
static void static void
usage_excl(int exit_val) usage_excl(int fatal)
{ {
warningx("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"); warningx("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified");
usage(exit_val); usage(fatal);
}
static void
help(void)
{
struct lbuf lbuf;
int indent = 16;
const char *pname = getprogname();
lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols);
if (strcmp(pname, "sudoedit") == 0)
lbuf_append(&lbuf, pname, " - edit files as another user\n\n", NULL);
else
lbuf_append(&lbuf, pname, " - execute a command as another user\n\n", NULL);
lbuf_print(&lbuf);
usage(0);
lbuf_append(&lbuf, "\nOptions:\n", NULL);
#ifdef HAVE_BSD_AUTH_H
lbuf_append(&lbuf,
" -A use helper program for password prompting\n", NULL);
#endif
lbuf_append(&lbuf,
" -a type use specified BSD authentication type\n", NULL);
lbuf_append(&lbuf,
" -b run command in the background\n", NULL);
lbuf_append(&lbuf,
" -C fd close all file descriptors >= fd\n", NULL);
#ifdef HAVE_LOGIN_CAP_H
lbuf_append(&lbuf,
" -c class run command with specified login class\n", NULL);
#endif
lbuf_append(&lbuf,
" -E preserve user environment when executing command\n",
NULL);
lbuf_append(&lbuf,
" -e edit files instead of running a command\n", NULL);
lbuf_append(&lbuf,
" -g group execute command as the specified group\n", NULL);
lbuf_append(&lbuf,
" -H set HOME variable to target user's home dir.\n",
NULL);
lbuf_append(&lbuf,
" -h display help message and exit\n", NULL);
lbuf_append(&lbuf,
" -i [command] run a login shell as target user\n", NULL);
lbuf_append(&lbuf,
" -K remove timestamp file completely\n", NULL);
lbuf_append(&lbuf,
" -k invalidate timestamp file\n", NULL);
lbuf_append(&lbuf,
" -l[l] command list user's available commands\n", NULL);
lbuf_append(&lbuf,
" -n non-interactive mode, will not prompt user\n", NULL);
lbuf_append(&lbuf,
" -P preserve group vector instead of setting to target's\n",
NULL);
lbuf_append(&lbuf,
" -p prompt use specified password prompt\n", NULL);
#ifdef HAVE_SELINUX
lbuf_append(&lbuf,
" -r role create SELinux security context with specified role\n",
NULL);
#endif
lbuf_append(&lbuf,
" -S read password from standard input\n", NULL);
lbuf_append(&lbuf,
" -s [command] run a shell as target user\n", NULL);
#ifdef HAVE_SELINUX
lbuf_append(&lbuf,
" -t type create SELinux security context with specified role\n",
NULL);
#endif
lbuf_append(&lbuf,
" -U user when listing, list specified user's privileges\n",
NULL);
lbuf_append(&lbuf,
" -u user run command (or edit file) as specified user\n", NULL);
lbuf_append(&lbuf,
" -V display version information and exit\n", NULL);
lbuf_append(&lbuf,
" -v update user's timestamp without running a command\n",
NULL);
lbuf_append(&lbuf,
" -- stop processing command line arguments\n", NULL);
lbuf_print(&lbuf);
lbuf_destroy(&lbuf);
exit(0);
} }

2
src/sudo.h
View File

@@ -207,7 +207,7 @@ extern struct user_details user_details;
int sudo_edit(struct command_details *details, char *argv[], char *envp[]); int sudo_edit(struct command_details *details, char *argv[], char *envp[]);
/* parse_args.c */ /* parse_args.c */
void usage(int) __attribute__((__noreturn__)); void usage(int);
/* selinux.c */ /* selinux.c */
int selinux_restore_tty(void); int selinux_restore_tty(void);