Move sudoers JSON conversion to cvtsudoers which will eventually

output to other formats too.

MANIFEST

@@ -20,6 +20,9 @@ doc/LICENSE
 doc/Makefile.in
 doc/TROUBLESHOOTING
 doc/UPGRADE
+doc/cvtsudoers.cat
+doc/cvtsudoers.man.in
+doc/cvtsudoers.mdoc.in
 doc/fixman.sh
 doc/fixmdoc.sh
 doc/schema.ActiveDirectory
@@ -261,6 +264,8 @@ plugins/sudoers/bsm_audit.c
 plugins/sudoers/bsm_audit.h
 plugins/sudoers/check.c
 plugins/sudoers/check.h
+plugins/sudoers/cvtsudoers.c
+plugins/sudoers/cvtsudoers_json.c
 plugins/sudoers/def_data.c
 plugins/sudoers/def_data.h
 plugins/sudoers/def_data.in
@@ -546,7 +551,6 @@ plugins/sudoers/tsdump.c
 plugins/sudoers/tsgetgrpw.c
 plugins/sudoers/tsgetgrpw.h
 plugins/sudoers/visudo.c
-plugins/sudoers/visudo_json.c
 plugins/system_group/Makefile.in
 plugins/system_group/system_group.c
 plugins/system_group/system_group.exp

doc/Makefile.in

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2010-2015, 2017 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2010-2015, 2017-2018 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -71,7 +71,8 @@ DOCS =	$(mansrcdir)/sudo.$(mantype) $(mansrcdir)/visudo.$(mantype) \
 	$(mansrcdir)/sudo.conf.$(mantype) $(mansrcdir)/sudoers.$(mantype) \
 	$(mansrcdir)/sudoers.ldap.$(mantype) $(mansrcdir)/sudoers.$(mantype) \
 	$(mansrcdir)/sudoers_timestamp.$(mantype) \
-	$(mansrcdir)/sudoreplay.$(mantype) $(mansrcdir)/sudo_plugin.$(mantype)
+	$(mansrcdir)/cvtsudoers.$(mantype) $(mansrcdir)/sudoreplay.$(mantype) \
+	$(mansrcdir)/sudo_plugin.$(mantype)
 
 DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \
 	  $(srcdir)/visudo.man.in $(srcdir)/visudo.cat \
@@ -80,6 +81,7 @@ DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \
 	  $(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.ldap.cat \
 	  $(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \
 	  $(srcdir)/sudoers_timestamp.man.in $(srcdir)/sudoers_timestamp.cat \
+	  $(srcdir)/cvtsudoers.man.in $(srcdir)/cvtsudoers.cat \
 	  $(srcdir)/sudoreplay.man.in $(srcdir)/sudoreplay.cat \
 	  $(srcdir)/sudo_plugin.man.in $(srcdir)/sudo_plugin.cat
 
@@ -266,6 +268,29 @@ $(srcdir)/sudoers_timestamp.cat: varsub $(srcdir)/sudoers_timestamp.mdoc.in
 	    $(SED) -f varsub $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tascii -mdoc | $(SED) -e 's/ OpenBSD \([^ ].*  \)/     \1    /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \
 	fi
 
+$(srcdir)/cvtsudoers.man.in: $(srcdir)/cvtsudoers.mdoc.in
+	@if [ -n "$(DEVEL)" ]; then \
+	    echo "Generating $@"; \
+	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
+	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
+	    printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \
+	    printf '.\\" IT IS GENERATED AUTOMATICALLY FROM cvtsudoers.mdoc.in\n' >> $@; \
+	    $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/cvtsudoers.mdoc.in >> $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \
+	fi
+
+$(mansrcdir)/cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in
+	cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+
+$(mansrcdir)/cvtsudoers.mdoc: $(top_builddir)/config.status $(srcdir)/cvtsudoers.mdoc.in
+	cd $(top_builddir) && $(SHELL) config.status --file=doc/$@
+
+$(srcdir)/cvtsudoers.cat: varsub $(srcdir)/cvtsudoers.mdoc.in
+	@if [ -n "$(DEVEL)" ]; then \
+	    echo "Generating $@"; \
+	    $(SED) -f varsub $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tascii -mdoc | $(SED) -e 's/ OpenBSD \([^ ].*  \)/     \1    /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \
+	fi
+
 $(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \

doc/cvtsudoers.cat

@@ -0,0 +1,66 @@
+CVTSUDOERS(1m)               System Manager's Manual              CVTSUDOERS(1m)
+
+NNAAMMEE
+     ccvvttssuuddooeerrss - convert between sudoers file formats
+
+SSYYNNOOPPSSIISS
+     ccvvttssuuddooeerrss [--hhVV] [--ff _f_o_r_m_a_t] [--oo _o_u_t_p_u_t___f_i_l_e] [_s_u_d_o_e_r_s___f_i_l_e]
+
+DDEESSCCRRIIPPTTIIOONN
+     ccvvttssuuddooeerrss can be used to convert a policy file in _s_u_d_o_e_r_s format to
+     other formats.  The default output format is JSON.
+
+     If no _s_u_d_o_e_r_s___f_i_l_e is specified, or if it is `-', the policy is read from
+     the standard input.  By default, the result is written to the standard
+     output.
+
+     The options are as follows:
+
+     --ff, ----ffoorrmmaatt
+                 Specify the output format.  Currently, JSON is the only
+                 supported output format.  The JSON format is intended to be
+                 easier for third-party applications to parse than the
+                 traditional _s_u_d_o_e_r_s format.  The various values have explicit
+                 types which removes much of the ambiguity of the _s_u_d_o_e_r_s
+                 format.
+
+     --hh, ----hheellpp  Display a short help message to the standard output and exit.
+
+     --oo _o_u_t_p_u_t___f_i_l_e, ----oouuttppuutt=_o_u_t_p_u_t___f_i_l_e
+                 Write the converted output to _o_u_t_p_u_t___f_i_l_e.  If no _o_u_t_p_u_t___f_i_l_e
+                 is specified, or if it is `-', the converted _s_u_d_o_e_r_s policy
+                 will be written to the standard output.
+
+     --VV, ----vveerrssiioonn
+                 Print the ccvvttssuuddooeerrss and _s_u_d_o_e_r_s grammar versions and exit.
+
+SSEEEE AALLSSOO
+     sudoers(4), sudo(1m)
+
+AAUUTTHHOORRSS
+     Many people have worked on ssuuddoo over the years; this version consists of
+     code written primarily by:
+
+           Todd C. Miller
+
+     See the CONTRIBUTORS file in the ssuuddoo distribution
+     (https://www.sudo.ws/contributors.html) for an exhaustive list of people
+     who have contributed to ssuuddoo.
+
+BBUUGGSS
+     If you feel you have found a bug in ccvvttssuuddooeerrss, please submit a bug
+     report at https://bugzilla.sudo.ws/
+
+SSUUPPPPOORRTT
+     Limited free support is available via the sudo-users mailing list, see
+     https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+     the archives.
+
+DDIISSCCLLAAIIMMEERR
+     ccvvttssuuddooeerrss is provided "AS IS" and any express or implied warranties,
+     including, but not limited to, the implied warranties of merchantability
+     and fitness for a particular purpose are disclaimed.  See the LICENSE
+     file distributed with ssuuddoo or https://www.sudo.ws/license.html for
+     complete details.
+
+Sudo 1.8.22                    January 25, 2018                    Sudo 1.8.22

doc/cvtsudoers.man.in

@@ -0,0 +1,114 @@
+.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
+.\" IT IS GENERATED AUTOMATICALLY FROM cvtsudoers.mdoc.in
+.\"
+.\" Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.TH "CVTSUDOERS" "8" "January 25, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.nh
+.if n .ad l
+.SH "NAME"
+\fBcvtsudoers\fR
+\- convert between sudoers file formats
+.SH "SYNOPSIS"
+.HP 11n
+\fBcvtsudoers\fR
+[\fB\-hV\fR]
+[\fB\-f\fR\ \fIformat\fR]
+[\fB\-o\fR\ \fIoutput_file\fR]
+[\fIsudoers_file\fR]
+.SH "DESCRIPTION"
+\fBcvtsudoers\fR
+can be used to convert a policy file in
+\fIsudoers\fR
+format to other formats.
+The default output format is JSON.
+.PP
+If no
+\fIsudoers_file\fR
+is specified, or if it is
+\(oq-\(cq,
+the policy is read from the standard input.
+By default, the result is written to the standard output.
+.PP
+The options are as follows:
+.TP 12n
+\fB\-f\fR, \fB\--format\fR
+Specify the output format.
+Currently, JSON is the only supported output format.
+The JSON format is intended to be easier for third-party
+applications to parse than the traditional
+\fIsudoers\fR
+format.
+The various values have explicit types which removes much of the
+ambiguity of the
+\fIsudoers\fR
+format.
+.TP 12n
+\fB\-h\fR, \fB\--help\fR
+Display a short help message to the standard output and exit.
+.TP 12n
+\fB\-o\fR \fIoutput_file\fR, \fB\--output\fR=\fIoutput_file\fR
+Write the converted output to
+\fIoutput_file\fR.
+If no
+\fIoutput_file\fR
+is specified, or if it is
+\(oq-\(cq,
+the converted
+\fIsudoers\fR
+policy will be written to the standard output.
+.TP 12n
+\fB\-V\fR, \fB\--version\fR
+Print the
+\fBcvtsudoers\fR
+and
+\fIsudoers\fR
+grammar versions and exit.
+.SH "SEE ALSO"
+sudoers(@mansectform@),
+sudo(@mansectsu@)
+.SH "AUTHORS"
+Many people have worked on
+\fBsudo\fR
+over the years; this version consists of code written primarily by:
+.sp
+.RS 6n
+Todd C. Miller
+.RE
+.PP
+See the CONTRIBUTORS file in the
+\fBsudo\fR
+distribution (https://www.sudo.ws/contributors.html) for an
+exhaustive list of people who have contributed to
+\fBsudo\fR.
+.SH "BUGS"
+If you feel you have found a bug in
+\fBcvtsudoers\fR,
+please submit a bug report at https://bugzilla.sudo.ws/
+.SH "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+\fBcvtsudoers\fR
+is provided
+\(LqAS IS\(Rq
+and any express or implied warranties, including, but not limited
+to, the implied warranties of merchantability and fitness for a
+particular purpose are disclaimed.
+See the LICENSE file distributed with
+\fBsudo\fR
+or https://www.sudo.ws/license.html for complete details.

doc/cvtsudoers.mdoc.in

@@ -0,0 +1,109 @@
+.\"
+.\" Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd January 25, 2018
+.Dt CVTSUDOERS @mansectsu@
+.Os Sudo @PACKAGE_VERSION@
+.Sh NAME
+.Nm cvtsudoers
+.Nd convert between sudoers file formats
+.Sh SYNOPSIS
+.Nm cvtsudoers
+.Op Fl hV
+.Op Fl f Ar format
+.Op Fl o Ar output_file
+.Op Ar sudoers_file
+.Sh DESCRIPTION
+.Nm
+can be used to convert a policy file in
+.Em sudoers
+format to other formats.
+The default output format is JSON.
+.Pp
+If no
+.Ar sudoers_file
+is specified, or if it is
+.Ql - ,
+the policy is read from the standard input.
+By default, the result is written to the standard output.
+.Pp
+The options are as follows:
+.Bl -tag -width Fl
+.It Fl f , -format
+Specify the output format.
+Currently, JSON is the only supported output format.
+The JSON format is intended to be easier for third-party
+applications to parse than the traditional
+.Em sudoers
+format.
+The various values have explicit types which removes much of the
+ambiguity of the
+.Em sudoers
+format.
+.It Fl h , -help
+Display a short help message to the standard output and exit.
+.It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file
+Write the converted output to
+.Ar output_file .
+If no
+.Ar output_file
+is specified, or if it is
+.Ql - ,
+the converted
+.Em sudoers
+policy will be written to the standard output.
+.It Fl V , -version
+Print the
+.Nm
+and
+.Em sudoers
+grammar versions and exit.
+.El
+.El
+.Sh SEE ALSO
+.Xr sudoers @mansectform@ ,
+.Xr sudo @mansectsu@
+.Sh AUTHORS
+Many people have worked on
+.Nm sudo
+over the years; this version consists of code written primarily by:
+.Bd -ragged -offset indent
+.An Todd C. Miller
+.Ed
+.Pp
+See the CONTRIBUTORS file in the
+.Nm sudo
+distribution (https://www.sudo.ws/contributors.html) for an
+exhaustive list of people who have contributed to
+.Nm sudo .
+.Sh BUGS
+If you feel you have found a bug in
+.Nm ,
+please submit a bug report at https://bugzilla.sudo.ws/
+.Sh SUPPORT
+Limited free support is available via the sudo-users mailing list,
+see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+.Sh DISCLAIMER
+.Nm
+is provided
+.Dq AS IS
+and any express or implied warranties, including, but not limited
+to, the implied warranties of merchantability and fitness for a
+particular purpose are disclaimed.
+See the LICENSE file distributed with
+.Nm sudo
+or https://www.sudo.ws/license.html for complete details.

doc/visudo.cat

@@ -4,7 +4,7 @@ NNAAMMEE
      vviissuuddoo - edit the sudoers file
 
 SSYYNNOOPPSSIISS
-     vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] [--xx _o_u_t_p_u_t___f_i_l_e]
+     vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s]
 
 DDEESSCCRRIIPPTTIIOONN
      vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m).
@@ -95,17 +95,6 @@ DDEESSCCRRIIPPTTIIOONN
      --VV, ----vveerrssiioonn
                  Print the vviissuuddoo and _s_u_d_o_e_r_s grammar versions and exit.
 
-     --xx _o_u_t_p_u_t___f_i_l_e, ----eexxppoorrtt=_o_u_t_p_u_t___f_i_l_e
-                 Export a _s_u_d_o_e_r_s in JSON format and write it to _o_u_t_p_u_t___f_i_l_e.
-                 If _o_u_t_p_u_t___f_i_l_e is `-', the exported _s_u_d_o_e_r_s policy will be
-                 written to the standard output.  By default, _/_e_t_c_/_s_u_d_o_e_r_s
-                 (and any files it includes) will be exported.  The --ff option
-                 can be used to specify a different _s_u_d_o_e_r_s file to export.
-                 The exported format is intended to be easier for third-party
-                 applications to parse than the traditional _s_u_d_o_e_r_s format.
-                 The various values have explicit types which removes much of
-                 the ambiguity of the _s_u_d_o_e_r_s format.
-
    DDeebbuuggggiinngg aanndd ssuuddooeerrss pplluuggiinn aarrgguummeennttss
      vviissuuddoo versions 1.8.4 and higher support a flexible debugging framework
      that is configured via Debug lines in the sudo.conf(4) file.
@@ -200,10 +189,6 @@ DDIIAAGGNNOOSSTTIICCSS
            The _s_u_d_o_e_r_s file contains a Defaults setting not recognized by
            vviissuuddoo.
 
-     /etc/sudoers: input and output files must be different
-           The --xx flag was used and the specified _o_u_t_p_u_t___f_i_l_e has the same
-           path name as the _s_u_d_o_e_r_s file to export.
-
 SSEEEE AALLSSOO
      vi(1), sudo.conf(4), sudoers(4), sudo(1m), vipw(1m)
 
@@ -237,4 +222,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.22                    December 21, 2017                   Sudo 1.8.22
+Sudo 1.8.22                    January 26, 2018                    Sudo 1.8.22

doc/visudo.man.in

@@ -1,7 +1,7 @@
 .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
 .\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in
 .\"
-.\" Copyright (c) 1996,1998-2005, 2007-2017
+.\" Copyright (c) 1996,1998-2005, 2007-2018
 .\"	Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -21,7 +21,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.TH "VISUDO" "8" "December 21, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "8" "January 26, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -32,7 +32,6 @@
 \fBvisudo\fR
 [\fB\-chqsV\fR]
 [\fB\-f\fR\ \fIsudoers\fR]
-[\fB\-x\fR\ \fIoutput_file\fR]
 .SH "DESCRIPTION"
 \fBvisudo\fR
 edits the
@@ -256,35 +255,6 @@ Print the
 and
 \fIsudoers\fR
 grammar versions and exit.
-.TP 12n
-\fB\-x\fR \fIoutput_file\fR, \fB\--export\fR=\fIoutput_file\fR
-Export a
-\fIsudoers\fR
-in JSON format and write it to
-\fIoutput_file\fR.
-If
-\fIoutput_file\fR
-is
-\(oq-\(cq,
-the exported
-\fIsudoers\fR
-policy will be written to the standard output.
-By default,
-\fI@sysconfdir@/sudoers\fR
-(and any files it includes) will be exported.
-The
-\fB\-f\fR
-option can be used to specify a different
-\fIsudoers\fR
-file to export.
-The exported format is intended to be easier for third-party
-applications to parse than the traditional
-\fIsudoers\fR
-format.
-The various values have explicit types which removes much of the
-ambiguity of the
-\fIsudoers\fR
-format.
 .SS "Debugging and sudoers plugin arguments"
 \fBvisudo\fR
 versions 1.8.4 and higher support a flexible debugging framework
@@ -453,15 +423,6 @@ file contains a
 \fRDefaults\fR
 setting not recognized by
 \fBvisudo\fR.
-.TP 6n
-\fR@sysconfdir@/sudoers: input and output files must be different\fR
-The
-\fB\-x\fR
-flag was used and the specified
-\fIoutput_file\fR
-has the same path name as the
-\fIsudoers\fR
-file to export.
 .SH "SEE ALSO"
 vi(1),
 sudo.conf(@mansectform@),

doc/visudo.mdoc.in

@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 1996,1998-2005, 2007-2017
+.\" Copyright (c) 1996,1998-2005, 2007-2018
 .\"	Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -19,7 +19,7 @@
 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
-.Dd December 21, 2017
+.Dd January 26, 2018
 .Dt VISUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -29,7 +29,6 @@
 .Nm visudo
 .Op Fl chqsV
 .Op Fl f Ar sudoers
-.Op Fl x Ar output_file
 .Sh DESCRIPTION
 .Nm
 edits the
@@ -248,34 +247,6 @@ Print the
 and
 .Em sudoers
 grammar versions and exit.
-.It Fl x Ar output_file , Fl -export Ns = Ns Ar output_file
-Export a
-.Em sudoers
-in JSON format and write it to
-.Ar output_file .
-If
-.Ar output_file
-is
-.Ql - ,
-the exported
-.Em sudoers
-policy will be written to the standard output.
-By default,
-.Pa @sysconfdir@/sudoers
-(and any files it includes) will be exported.
-The
-.Fl f
-option can be used to specify a different
-.Em sudoers
-file to export.
-The exported format is intended to be easier for third-party
-applications to parse than the traditional
-.Em sudoers
-format.
-The various values have explicit types which removes much of the
-ambiguity of the
-.Em sudoers
-format.
 .El
 .Ss Debugging and sudoers plugin arguments
 .Nm
@@ -433,14 +404,6 @@ file contains a
 .Li Defaults
 setting not recognized by
 .Nm .
-.It Li @sysconfdir@/sudoers: input and output files must be different
-The
-.Fl x
-flag was used and the specified
-.Ar output_file
-has the same path name as the
-.Em sudoers
-file to export.
 .El
 .Sh SEE ALSO
 .Xr vi 1 ,

plugins/sudoers/Makefile.in

@@ -57,6 +57,7 @@ NET_LIBS = @NET_LIBS@
 SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@
 REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
 VISUDO_LIBS = $(NET_LIBS) @LIBMD@
+CVTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@
 TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@
 
 # C preprocessor defines
@@ -121,12 +122,6 @@ plugindir = @PLUGINDIR@
 # Directory in which to install the sudoers file
 sudoersdir = $(sysconfdir)
 
-# Directory in which to install sudoreplay.
-replaydir = $(bindir)
-
-# Directory in which to install visudo
-visudodir = $(sbindir)
-
 # User and group ids the installed files should be "owned" by
 install_uid = 0
 install_gid = 0
@@ -143,7 +138,7 @@ DEVEL = @DEVEL@
 
 SHELL = @SHELL@
 
-PROGS = sudoers.la visudo sudoreplay testsudoers
+PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers
 
 TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \
 	     check_fill check_gentime check_hexchar check_iolog_path \
@@ -164,8 +159,9 @@ SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \
 	       set_perms.lo starttime.lo sudo_nss.lo sudoers.lo \
 	       timestamp.lo @SUDOERS_OBJS@
 
-VISUDO_OBJS = editor.o find_path.o goodpath.o locale.o sudo_printf.o visudo.o \
+VISUDO_OBJS = editor.o find_path.o goodpath.o locale.o sudo_printf.o visudo.o
-	      visudo_json.o
+
+CVTSUDOERS_OBJS = cvtsudoers.o cvtsudoers_json.o locale.o sudo_printf.o
 
 REPLAY_OBJS = getdate.o sudoreplay.o
 
@@ -241,6 +237,9 @@ sudoers.la: $(SUDOERS_OBJS) $(LT_LIBS) libparsesudoers.la @LT_LDDEP@
 visudo: libparsesudoers.la $(VISUDO_OBJS) $(LT_LIBS)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(VISUDO_LIBS)
 
+cvtsudoers: libparsesudoers.la $(CVTSUDOERS_OBJS) $(LT_LIBS)
+	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CVTSUDOERS_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) libparsesudoers.la $(LIBS) $(CVTSUDOERS_LIBS)
+
 sudoreplay: timestr.lo $(REPLAY_OBJS) $(LT_LIBS)
 	$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) timestr.lo $(LIBS) $(REPLAY_LIBS)
 
@@ -339,7 +338,7 @@ install: install-plugin install-binaries install-sudoers install-doc
 
 install-dirs:
 	$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir) \
-	    $(DESTDIR)$(visudodir) $(DESTDIR)$(replaydir) \
+	    $(DESTDIR)$(sbindir) $(DESTDIR)$(bindir) \
 	    $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
 	    `echo $(DESTDIR)$(rundir)|$(SED) 's,/[^/]*$$,,'` \
 	    `echo $(DESTDIR)$(vardir)|$(SED) 's,/[^/]*$$,,'`
@@ -347,9 +346,10 @@ install-dirs:
 	$(INSTALL) -d $(INSTALL_OWNER) -m 0711 $(DESTDIR)$(vardir)
 	$(INSTALL) -d $(INSTALL_OWNER) -m 0700 $(DESTDIR)$(vardir)/lectured
 
-install-binaries: visudo sudoreplay install-dirs
+install-binaries: cvtsudoers sudoreplay visudo install-dirs
-	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudoreplay $(DESTDIR)$(replaydir)/sudoreplay
+	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 cvtsudoers $(DESTDIR)$(bindir)/cvtsudoers
-	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 visudo $(DESTDIR)$(visudodir)/visudo
+	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudoreplay $(DESTDIR)$(bindir)/sudoreplay
+	INSTALL_BACKUP='$(INSTALL_BACKUP)' $(LIBTOOL) $(LTFLAGS) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 visudo $(DESTDIR)$(sbindir)/visudo
 
 install-includes:
 
@@ -372,11 +372,13 @@ install-sudoers: install-dirs
 
 uninstall:
 	-$(LIBTOOL) $(LTFLAGS) --mode=uninstall rm -f $(DESTDIR)$(plugindir)/sudoers.la
-	-rm -f	$(DESTDIR)$(replaydir)/sudoreplay \
+	-rm -f	$(DESTDIR)$(bindir)/cvtsudoers \
-		$(DESTDIR)$(visudodir)/visudo
+		$(DESTDIR)$(bindir)/sudoreplay
+		$(DESTDIR)$(sbindir)/visudo
 	-test -z "$(INSTALL_BACKUP)" || \
-		$(DESTDIR)$(replaydir)/sudoreplay$(INSTALL_BACKUP) \
+		$(DESTDIR)$(bindir)/cvtsudoers$(INSTALL_BACKUP) \
-		$(DESTDIR)$(visudodir)/visudo$(INSTALL_BACKUP) \
+		$(DESTDIR)$(bindir)/sudoreplay$(INSTALL_BACKUP) \
+		$(DESTDIR)$(sbindir)/visudo$(INSTALL_BACKUP) \
 		$(DESTDIR)$(plugindir)/sudoers.so$(INSTALL_BACKUP)
 	-cmp $(DESTDIR)$(sudoersdir)/sudoers $(DESTDIR)$(sudoersdir)/sudoers.dist >/dev/null && \
 	    rm -f $(DESTDIR)$(sudoersdir)/sudoers
@@ -445,7 +447,7 @@ check: $(TEST_PROGS) visudo testsudoers
 		    diff $$toke $(srcdir)/$$toke.ok || true; \
 		fi; \
 		total=`expr $$total + 1`; \
-		./visudo -f $$t -x - >$$json 2>/dev/null || true; \
+		./cvtsudoers -o $$json $$t 2>/dev/null || true; \
 		total=`expr $$total + 1`; \
 		if cmp $$json $(srcdir)/$$json.ok >/dev/null; then \
 		    passed=`expr $$passed + 1`; \
@@ -680,6 +682,29 @@ check_wrap.o: $(srcdir)/regress/logging/check_wrap.c \
               $(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
               $(incdir)/sudo_util.h $(top_builddir)/config.h
 	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/logging/check_wrap.c
+cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \
+              $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \
+              $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+              $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+              $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+              $(srcdir)/defaults.h $(srcdir)/interfaces.h $(srcdir)/logging.h \
+              $(srcdir)/parse.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \
+              $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
+              $(srcdir)/sudoers_version.h $(top_builddir)/config.h \
+              $(top_builddir)/pathnames.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers.c
+cvtsudoers_json.o: $(srcdir)/cvtsudoers_json.c $(devdir)/def_data.h \
+                   $(devdir)/gram.h $(incdir)/compat/stdbool.h \
+                   $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
+                   $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \
+                   $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
+                   $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
+                   $(srcdir)/defaults.h $(srcdir)/logging.h $(srcdir)/parse.h \
+                   $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
+                   $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
+                   $(top_builddir)/pathnames.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/cvtsudoers_json.c
 dce.lo: $(authdir)/dce.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
         $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
         $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -1278,13 +1303,3 @@ visudo.o: $(srcdir)/visudo.c $(devdir)/def_data.h $(devdir)/gram.h \
           $(srcdir)/sudoers_version.h $(top_builddir)/config.h \
           $(top_builddir)/pathnames.h
 	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/visudo.c
-visudo_json.o: $(srcdir)/visudo_json.c $(devdir)/def_data.h $(devdir)/gram.h \
-               $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
-               $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
-               $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
-               $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
-               $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/logging.h \
-               $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
-               $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
-               $(top_builddir)/pathnames.h
-	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/visudo_json.c

plugins/sudoers/cvtsudoers.c

@@ -0,0 +1,274 @@
+/*
+ * Copyright (c) 2018 Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Convert from sudoers format to other formats.
+ * Currently outputs to JSON
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <unistd.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "sudoers.h"
+#include "interfaces.h"
+#include "parse.h"
+#include "redblack.h"
+#include "sudoers_version.h"
+#include "sudo_conf.h"
+#include <gram.h>
+
+#ifdef HAVE_GETOPT_LONG
+# include <getopt.h>
+# else
+# include "compat/getopt.h"
+#endif /* HAVE_GETOPT_LONG */
+
+extern bool export_sudoers(const char *, const char *);
+
+/*
+ * Globals
+ */
+struct sudo_user sudo_user;
+struct passwd *list_pw;
+static const char short_opts[] =  "f:ho:V";
+static struct option long_opts[] = {
+    { "format",		required_argument,	NULL,	'f' },
+    { "help",		no_argument,		NULL,	'h' },
+#ifdef notyet
+    { "input-format",	required_argument,	NULL,	'i' },
+#endif
+    { "output",		required_argument,	NULL,	'o' },
+    { "version",	no_argument,		NULL,	'V' },
+    { NULL,		no_argument,		NULL,	'\0' },
+};
+
+__dso_public int main(int argc, char *argv[]);
+static void get_hostname(void);
+static void help(void) __attribute__((__noreturn__));
+static void usage(int);
+
+int
+main(int argc, char *argv[])
+{
+    int ch, exitcode = EXIT_FAILURE;
+    const char *input_file = "-", *output_file = "-";
+    const char *output_format = "JSON";
+    debug_decl(main, SUDOERS_DEBUG_MAIN)
+
+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
+    {
+	extern char *malloc_options;
+	malloc_options = "S";
+    }
+#endif
+
+    initprogname(argc > 0 ? argv[0] : "cvtsudoers");
+    if (!sudoers_initlocale(setlocale(LC_ALL, ""), def_sudoers_locale))
+	sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+    sudo_warn_set_locale_func(sudoers_warn_setlocale);
+    bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */
+    textdomain("sudoers");
+
+#if 0
+    /* Register fatal/fatalx callback. */
+    sudo_fatal_callback_register(cvtsudoers_cleanup);
+#endif
+
+    /* Read debug and plugin sections of sudo.conf. */
+    if (sudo_conf_read(NULL, SUDO_CONF_DEBUG|SUDO_CONF_PLUGINS) == -1)
+	goto done;
+
+    /* Initialize the debug subsystem. */
+    if (!sudoers_debug_register(getprogname(), sudo_conf_debug_files(getprogname())))
+	goto done;
+
+    /*
+     * Arg handling.
+     */
+    while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) {
+	switch (ch) {
+	    case 'f':
+		if (strcasecmp(optarg, "json") != 0) {
+		    sudo_warnx("unsupported output format %s", optarg);
+		    usage(1);
+		}
+		output_format = optarg;
+		break;
+	    case 'h':
+		help();
+		break;
+	    case 'o':
+		output_file = optarg;
+		break;
+	    case 'V':
+		(void) printf(_("%s version %s\n"), getprogname(),
+		    PACKAGE_VERSION);
+		(void) printf(_("%s grammar version %d\n"), getprogname(),
+		    SUDOERS_GRAMMAR_VERSION);
+		exitcode = EXIT_SUCCESS;
+		goto done;
+	    default:
+		usage(1);
+	}
+    }
+    argc -= optind;
+    argv += optind;
+
+    /* Input file (defaults to stdin). */
+    if (argc > 0) {
+	/* XXX - allow multiple input files? */
+	if (argc > 1)
+	    usage(1);
+	input_file  = argv[0];
+    }
+
+    /* Mock up a fake sudo_user struct. */
+    /* XXX - common with visudo */
+    user_cmnd = user_base = "";
+    if (geteuid() == 0) {
+	const char *user = getenv("SUDO_USER");
+	if (user != NULL && *user != '\0')
+	    sudo_user.pw = sudo_getpwnam(user);
+    }
+    if (sudo_user.pw == NULL) {
+	if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
+	    sudo_fatalx(U_("you do not exist in the %s database"), "passwd");
+    }
+    get_hostname();
+
+    /* Setup defaults data structures. */
+    if (!init_defaults())
+	sudo_fatalx(U_("unable to initialize sudoers default values"));
+
+    exitcode = export_sudoers(input_file, output_file) ? EXIT_SUCCESS : EXIT_FAILURE;
+
+done:
+    sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode);
+    return exitcode;
+}
+
+FILE *
+open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
+{
+    return fopen(sudoers, "r");
+}
+
+/* XXX - Common stubs belong in their own file */
+
+/* STUB */
+bool
+init_envtables(void)
+{
+    return true;
+}
+
+/* STUB */
+bool
+user_is_exempt(void)
+{
+    return false;
+}
+
+/* STUB */
+void
+sudo_setspent(void)
+{
+    return;
+}
+
+/* STUB */
+void
+sudo_endspent(void)
+{
+    return;
+}
+
+/* STUB */
+int
+group_plugin_query(const char *user, const char *group, const struct passwd *pw)
+{
+    return false;
+}
+
+/* STUB */
+struct interface_list *
+get_interfaces(void)
+{
+    static struct interface_list dummy = SLIST_HEAD_INITIALIZER(interfaces);
+    return &dummy;
+}
+
+/*
+ * Look up the hostname and set user_host and user_shost.
+ */
+static void
+get_hostname(void)
+{
+    char *p;
+    debug_decl(get_hostname, SUDOERS_DEBUG_UTIL)
+
+    if ((user_host = sudo_gethostname()) != NULL) {
+	if ((p = strchr(user_host, '.'))) {
+	    *p = '\0';
+	    if ((user_shost = strdup(user_host)) == NULL)
+		sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+	    *p = '.';
+	} else {
+	    user_shost = user_host;
+	}
+    } else {
+	user_host = user_shost = "localhost";
+    }
+    user_runhost = user_host;
+    user_srunhost = user_shost;
+    debug_return;
+}
+
+static void
+usage(int fatal)
+{
+    (void) fprintf(fatal ? stderr : stdout,
+	"usage: %s [-hV] [-f format] [-o output_file] [sudoers_file]\n",
+	    getprogname());
+    if (fatal)
+	exit(1);
+}
+
+static void
+help(void)
+{
+    (void) printf(_("%s - convert between sudoers file formats\n\n"), getprogname());
+    usage(0);
+    (void) puts(_("\nOptions:\n"
+	"  -f, --format=JSON        specify output format\n"
+	"  -h, --help               display help message and exit\n"
+	"  -o, --output=output_file write sudoers in JSON format to output_file\n"
+	"  -V, --version            display version information and exit"));
+    exit(0);
+}

plugins/sudoers/cvtsudoers_json.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2016 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2013-2018 Todd C. Miller <Todd.Miller@sudo.ws>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -982,11 +982,9 @@ print_userspecs_json(FILE *fp, int indent, bool need_comma)
 
 /*
  * Export the parsed sudoers file in JSON format.
- * XXX - ignores strict flag and doesn't pass through quiet flag
  */
 bool
-export_sudoers(const char *sudoers_path, const char *export_path,
+export_sudoers(const char *sudoers_path, const char *export_path)
-    bool quiet, bool strict)
 {
     bool ret = false, need_comma = false;
     const int indent = 4;
@@ -996,28 +994,19 @@ export_sudoers(const char *sudoers_path, const char *export_path,
     if (strcmp(sudoers_path, "-") == 0) {
 	sudoersin = stdin;
 	sudoers_path = "stdin";
-    } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) {
+    } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL)
-	if (!quiet)
+	sudo_fatal(U_("unable to open %s"), sudoers_path);
-	    sudo_warn(U_("unable to open %s"), sudoers_path);
-	goto done;
-    }
     if (strcmp(export_path, "-") != 0) {
+	/* XXX - move check to front-end */
 	if (strcmp(sudoers_path, export_path) == 0) {
-	    if (!quiet) {
+	    sudo_fatalx(U_("%s: input and output files must be different"),
-		sudo_warnx(U_("%s: input and output files must be different"),
 		sudoers_path);
 	}
-	    goto done;
+	if ((export_fp = fopen(export_path, "w")) == NULL)
+	    sudo_fatal(U_("unable to open %s"), export_path);
     }
-	if ((export_fp = fopen(export_path, "w")) == NULL) {
+    init_parser(sudoers_path, false);
-	    if (!quiet)
-		sudo_warn(U_("unable to open %s"), export_path);
-	    goto done;
-	}
-    }
-    init_parser(sudoers_path, quiet);
     if (sudoersparse() && !parse_error) {
-	if (!quiet)
 	sudo_warnx(U_("failed to parse %s file, unknown error"), sudoers_path);
 	parse_error = true;
 	rcstr_delref(errorfile);
@@ -1027,13 +1016,11 @@ export_sudoers(const char *sudoers_path, const char *export_path,
     ret = !parse_error;
 
     if (parse_error) {
-	if (!quiet) {
 	if (errorlineno != -1)
 	    sudo_warnx(U_("parse error in %s near line %d\n"),
 		errorfile, errorlineno);
 	else if (errorfile != NULL)
 	    sudo_warnx(U_("parse error in %s\n"), errorfile);
-	}
 	goto done;
     }
 

plugins/sudoers/visudo.c

@@ -101,9 +101,6 @@ static void help(void) __attribute__((__noreturn__));
 static void usage(int);
 static void visudo_cleanup(void);
 
-extern bool export_sudoers(const char *, const char *, bool, bool);
-
-extern void sudoerserror(const char *);
 extern void sudoersrestart(FILE *);
 
 /*
@@ -135,7 +132,6 @@ main(int argc, char *argv[])
     char *editor, **editor_argv;
     int ch, oldlocale, editor_argc, exitcode = 0;
     bool quiet, strict, oldperms;
-    const char *export_path;
     debug_decl(main, SUDOERS_DEBUG_MAIN)
 
 #if defined(SUDO_DEVEL) && defined(__OpenBSD__)
@@ -176,7 +172,6 @@ main(int argc, char *argv[])
      * Arg handling.
      */
     checkonly = oldperms = quiet = strict = false;
-    export_path = NULL;
     while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) {
 	switch (ch) {
 	    case 'V':
@@ -202,8 +197,9 @@ main(int argc, char *argv[])
 		quiet = true;		/* quiet mode */
 		break;
 	    case 'x':
-		export_path = optarg;	/* export mode */
+		/* XXX - make more concise */
-		break;
+		sudo_warnx(U_("conversion of sudoers to JSON format has moved to the cvtsudoers utility"));
+		usage(1);
 	    default:
 		usage(1);
 	}
@@ -233,10 +229,6 @@ main(int argc, char *argv[])
 	exitcode = check_syntax(sudoers_file, quiet, strict, oldperms) ? 0 : 1;
 	goto done;
     }
-    if (export_path != NULL) {
-	exitcode = export_sudoers(sudoers_file, export_path, quiet, strict) ? 0 : 1;
-	goto done;
-    }
 
     /*
      * Parse the existing sudoers file(s) to highlight any existing
@@ -1399,7 +1391,7 @@ static void
 usage(int fatal)
 {
     (void) fprintf(fatal ? stderr : stdout,
-	"usage: %s [-chqsV] [-f sudoers] [-x output_file]\n", getprogname());
+	"usage: %s [-chqsV] [-f sudoers]\n", getprogname());
     if (fatal)
 	exit(1);
 }
@@ -1415,7 +1407,6 @@ help(void)
 	"  -h, --help               display help message and exit\n"
 	"  -q, --quiet              less verbose (quiet) syntax error messages\n"
 	"  -s, --strict             strict syntax checking\n"
-	"  -V, --version            display version information and exit\n"
+	"  -V, --version            display version information and exit\n"));
-	"  -x, --export=output_file write sudoers in JSON format to output_file"));
     exit(0);
 }