Fix handling of '!' operator when converting sudoers. We now add

a "negated" boolean flag to objects that have the '!' operator.

plugins/sudoers/visudo_json.c

@@ -229,21 +229,41 @@ printstr_json(FILE *fp, const char *pre, const char *str, const char *post,
 }
 
 /*
- * Print struct sudo_command in JSON format, with specified indentation.
+ * Print sudo command member in JSON format, with specified indentation.
  * If last_one is false, a comma will be printed before the newline
  * that closes the object.
  */
 static void
-print_command_json(FILE *fp, struct sudo_command *c, int indent, bool last_one)
+print_command_json(FILE *fp, struct member *m, int indent, bool last_one)
 {
+    struct sudo_command *c = (struct sudo_command *)m->name;
     struct json_value value;
     const char *digest_name;
     debug_decl(print_command_json, SUDO_DEBUG_UTIL)
 
     printstr_json(fp, "{", NULL, NULL, indent);
-    if (c->digest != NULL) {
+    if (m->negated || c->digest != NULL) {
 	putc('\n', fp);
 	indent += 4;
+    } else {
+	putc(' ', fp);
+	indent = 0;
+    }
+
+    /* Print command with optional command line args. */
+    if (c->args != NULL) {
+	printstr_json(fp, "\"", "command", "\": ", indent);
+	printstr_json(fp, "\"", c->cmnd, " ", 0);
+	printstr_json(fp, NULL, c->args, "\"", 0);
+    } else {
+	value.type = JSON_STRING;
+	value.u.string = c->cmnd;
+	print_pair_json(fp, NULL, "command", &value, NULL, indent);
+    }
+
+    /* Optional digest. */
+    if (c->digest != NULL) {
+	fputs(",\n", fp);
 	switch (c->digest->digest_type) {
 	case SUDO_DIGEST_SHA224:
 	    digest_name = "sha224";
@@ -263,21 +283,18 @@ print_command_json(FILE *fp, struct sudo_command *c, int indent, bool last_one)
 	}
 	value.type = JSON_STRING;
 	value.u.string = c->digest->digest_str;
-	print_pair_json(fp, NULL, digest_name, &value, ",\n", indent);
-    } else {
-	putc(' ', fp);
-	indent = 0;
+	print_pair_json(fp, NULL, digest_name, &value, NULL, indent);
     }
-    if (c->args != NULL) {
-	printstr_json(fp, "\"", "command", "\": ", indent);
-	printstr_json(fp, "\"", c->cmnd, " ", 0);
-	printstr_json(fp, NULL, c->args, "\"", 0);
-    } else {
-	value.type = JSON_STRING;
-	value.u.string = c->cmnd;
-	print_pair_json(fp, NULL, "command", &value, NULL, indent);
+
+    /* Command may be negated. */
+    if (m->negated) {
+	fputs(",\n", fp);
+	value.type = JSON_BOOL;
+	value.u.boolean = true;
+	print_pair_json(fp, NULL, "negated", &value, NULL, indent);
     }
-    if (c->digest != NULL) {
+
+    if (indent != 0) {
 	indent -= 4;
 	putc('\n', fp);
 	print_indent(fp, indent);
@@ -391,7 +408,7 @@ print_member_json(FILE *fp, struct member *m, enum word_type word_type,
 	typestr = "networkaddr";
 	break;
     case COMMAND:
-	print_command_json(fp, (struct sudo_command *)m->name, indent, last_one);
+	print_command_json(fp, m, indent, last_one);
 	debug_return;
     case WORD:
 	switch (word_type) {
@@ -445,7 +462,21 @@ print_member_json(FILE *fp, struct member *m, enum word_type word_type,
     default:
 	fatalx("unexpected member type %d", m->type);
     }
-    print_pair_json(fp, "{ ", typestr, &value, " }", indent);
+
+    if (m->negated) {
+	print_indent(fp, indent);
+	fputs("{\n", fp);
+	indent += 4;
+	print_pair_json(fp, NULL, typestr, &value, ",\n", indent);
+	value.type = JSON_BOOL;
+	value.u.boolean = true;
+	print_pair_json(fp, NULL, "negated", &value, "\n", indent);
+	indent -= 4;
+	print_indent(fp, indent);
+	putc('}', fp);
+    } else {
+	print_pair_json(fp, "{ ", typestr, &value, " }", indent);
+    }
     if (!last_one)
 	putc(',', fp);
     putc('\n', fp);