diff --git a/doc/sudo.pod b/doc/sudo.pod index c0e5cb064..784f89a72 100644 --- a/doc/sudo.pod +++ b/doc/sudo.pod @@ -229,7 +229,8 @@ Depending on the policy, this may be the default behavior. =item -h -The B<-h> (I) option causes B to print a usage message and exit. +The B<-h> (I) option causes B to print a short help message +to the standard output and exit. =item -i [command] diff --git a/doc/sudoreplay.pod b/doc/sudoreplay.pod index c36f9133e..5eb6e1e55 100644 --- a/doc/sudoreplay.pod +++ b/doc/sudoreplay.pod @@ -21,9 +21,9 @@ sudoreplay - replay sudo session logs =head1 SYNOPSIS -B [B<-d> I] [B<-f> I] [B<-m> I] [B<-s> I] ID +B [B<-h>] [B<-d> I] [B<-f> I] [B<-m> I] [B<-s> I] ID -B [B<-d> I] -l [search expression] +B [B<-h>] [B<-d> I] -l [search expression] =head1 DESCRIPTION @@ -76,7 +76,12 @@ used to select which of these to output. The I argument is a comma-separated list, consisting of one or more of following: I, I, and I. -=item -l +=item -h + +The B<-h> (I) option causes B to print a short +help message to the standard output and exit. + +=item -l [I] Enable "list mode". In this mode, B will list available session IDs. If a I is specified, it will be diff --git a/doc/visudo.pod b/doc/visudo.pod index 073dda7ed..2f68cde09 100644 --- a/doc/visudo.pod +++ b/doc/visudo.pod @@ -26,7 +26,7 @@ visudo - edit the sudoers file =head1 SYNOPSIS -B [B<-c>] [B<-q>] [B<-s>] [B<-V>] [B<-f> I] +B [B<-chqsV>] [B<-f> I] =head1 DESCRIPTION @@ -85,6 +85,11 @@ is the specified I file with ".tmp" appended to it. In B mode only, the argument to B<-f> may be "-", indicating that I will be read from the standard input. +=item -h + +The B<-h> (I) option causes B to print a short help message +to the standard output and exit. + =item -q Enable B mode. In this mode details about syntax errors diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index 81d72ae2f..0d4d5d8ec 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -196,7 +196,8 @@ static int list_sessions(int, char **, const char *, const char *, const char *) static int parse_expr(struct search_node **, char **); static void check_input(int, double *); static void delay(double); -static void usage(void); +static void help(void) __attribute__((__noreturn__)); +static void usage(int); static void *open_io_fd(char *pathbuf, int len, const char *suffix); static int parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes); @@ -233,7 +234,7 @@ main(int argc, char *argv[]) decimal = localeconv()->decimal_point; #endif - while ((ch = getopt(argc, argv, "d:f:lm:s:V")) != -1) { + while ((ch = getopt(argc, argv, "d:f:hlm:s:V")) != -1) { switch(ch) { case 'd': session_dir = optarg; @@ -252,6 +253,9 @@ main(int argc, char *argv[]) errorx(1, "invalid filter option: %s", optarg); } break; + case 'h': + help(); + /* NOTREACHED */ case 'l': listonly = 1; break; @@ -271,7 +275,7 @@ main(int argc, char *argv[]) (void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION); exit(0); default: - usage(); + usage(1); /* NOTREACHED */ } @@ -283,7 +287,7 @@ main(int argc, char *argv[]) exit(list_sessions(argc, argv, pattern, user, tty)); if (argc != 1) - usage(); + usage(1); /* 6 digit ID in base 36, e.g. 01G712AB */ id = argv[0]; @@ -917,15 +921,32 @@ bad: } static void -usage(void) +usage(int fatal) { - fprintf(stderr, - "usage: %s [-d directory] [-m max_wait] [-s speed_factor] ID\n", + fprintf(fatal ? stderr : stdout, + "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n", getprogname()); - fprintf(stderr, - "usage: %s [-d directory] -l [search expression]\n", + fprintf(fatal ? stderr : stdout, + "usage: %s [-h] [-d directory] -l [search expression]\n", getprogname()); - exit(1); + if (fatal) + exit(1); +} + +static void +help(void) +{ + (void) printf("%s - replay sudo session logs\n\n", getprogname()); + usage(0); + (void) puts("\nOptions:"); + (void) puts(" -d directory specify directory for session logs"); + (void) puts(" -f filter specify which I/O type to display"); + (void) puts(" -h display help message and exit"); + (void) puts(" -l [expression] list available session IDs that match expression"); + (void) puts(" -m max_wait max number of seconds to wait between events"); + (void) puts(" -s speed_factor speed up or slow down output"); + (void) puts(" -V display version information and exit"); + exit(0); } /* diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index ddc2f251c..99d3f088a 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -111,7 +111,8 @@ static int visudo_printf(int msg_type, const char *fmt, ...); static void print_selfref(char *name, int, int, int); static void print_undefined(char *name, int, int, int); static void setup_signals(void); -static void usage(void) __attribute__((__noreturn__)); +static void help(void) __attribute__((__noreturn__)); +static void usage(int); void cleanup(int); @@ -154,7 +155,7 @@ main(int argc, char *argv[]) setprogname(argc > 0 ? argv[0] : "visudo"); #endif if (argc < 1) - usage(); + usage(1); /* * Arg handling. @@ -173,6 +174,9 @@ main(int argc, char *argv[]) sudoers_path = optarg; /* sudoers file path */ oldperms = TRUE; break; + case 'h': + help(); + break; case 's': strict++; /* strict mode */ break; @@ -180,13 +184,13 @@ main(int argc, char *argv[]) quiet++; /* quiet mode */ break; default: - usage(); + usage(1); } } argc -= optind; argv += optind; if (argc) - usage(); + usage(1); sudo_setpwent(); sudo_setgrent(); @@ -1157,11 +1161,27 @@ quit(int signo) } static void -usage(void) +usage(int fatal) { - (void) fprintf(stderr, "usage: %s [-c] [-q] [-s] [-V] [-f sudoers]\n", - getprogname()); - exit(1); + (void) fprintf(fatal ? stderr : stdout, + "usage: %s [-chqsV] [-f sudoers]\n", getprogname()); + if (fatal) + exit(1); +} + +static void +help(void) +{ + (void) printf("%s - safely edit the sudoers file\n\n", getprogname()); + usage(0); + (void) puts("\nOptions:"); + (void) puts(" -c check-only mode"); + (void) puts(" -f sudoers specify sudoers file location"); + (void) puts(" -h display help message and exit"); + (void) puts(" -q less verbose (quiet) syntax error messages"); + (void) puts(" -s strict syntax checking"); + (void) puts(" -V display version information and exit"); + exit(0); } static int diff --git a/src/parse_args.c b/src/parse_args.c index bf6747ad4..b9dc2fd5d 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -58,7 +58,8 @@ int tgetpass_flags; /* * Local functions. */ -static void usage_excl(int) __attribute__((__noreturn__)); +static void help(void) __attribute__((__noreturn__)); +static void usage_excl(int); /* * Mapping of command line flags to name/value settings. @@ -365,7 +366,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, } if (mode == MODE_HELP) - usage(0); + help(); /* * For shell mode we need to rewrite argv @@ -436,17 +437,23 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp, } static int -usage_out(const char *buf) +usage_err(const char *buf) { return fputs(buf, stderr); } +static int +usage_out(const char *buf) +{ + return fputs(buf, stdout); +} + /* * Give usage message and exit. * The actual usage strings are in sudo_usage.h for configure substitution. */ void -usage(int exit_val) +usage(int fatal) { struct lbuf lbuf; char *uvec[6]; @@ -472,22 +479,112 @@ usage(int exit_val) * tty width. */ ulen = (int)strlen(getprogname()) + 8; - lbuf_init(&lbuf, usage_out, ulen, NULL, user_details.ts_cols); + lbuf_init(&lbuf, fatal ? usage_err : usage_out, ulen, NULL, + user_details.ts_cols); for (i = 0; uvec[i] != NULL; i++) { lbuf_append(&lbuf, "usage: ", getprogname(), uvec[i], NULL); lbuf_print(&lbuf); } lbuf_destroy(&lbuf); - cleanup(0); - exit(exit_val); + if (fatal) + exit(1); } /* * Tell which options are mutually exclusive and exit. */ static void -usage_excl(int exit_val) +usage_excl(int fatal) { warningx("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"); - usage(exit_val); + usage(fatal); +} + +static void +help(void) +{ + struct lbuf lbuf; + int indent = 16; + const char *pname = getprogname(); + + lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); + if (strcmp(pname, "sudoedit") == 0) + lbuf_append(&lbuf, pname, " - edit files as another user\n\n", NULL); + else + lbuf_append(&lbuf, pname, " - execute a command as another user\n\n", NULL); + lbuf_print(&lbuf); + + usage(0); + + lbuf_append(&lbuf, "\nOptions:\n", NULL); +#ifdef HAVE_BSD_AUTH_H + lbuf_append(&lbuf, + " -A use helper program for password prompting\n", NULL); +#endif + lbuf_append(&lbuf, + " -a type use specified BSD authentication type\n", NULL); + lbuf_append(&lbuf, + " -b run command in the background\n", NULL); + lbuf_append(&lbuf, + " -C fd close all file descriptors >= fd\n", NULL); +#ifdef HAVE_LOGIN_CAP_H + lbuf_append(&lbuf, + " -c class run command with specified login class\n", NULL); +#endif + lbuf_append(&lbuf, + " -E preserve user environment when executing command\n", + NULL); + lbuf_append(&lbuf, + " -e edit files instead of running a command\n", NULL); + lbuf_append(&lbuf, + " -g group execute command as the specified group\n", NULL); + lbuf_append(&lbuf, + " -H set HOME variable to target user's home dir.\n", + NULL); + lbuf_append(&lbuf, + " -h display help message and exit\n", NULL); + lbuf_append(&lbuf, + " -i [command] run a login shell as target user\n", NULL); + lbuf_append(&lbuf, + " -K remove timestamp file completely\n", NULL); + lbuf_append(&lbuf, + " -k invalidate timestamp file\n", NULL); + lbuf_append(&lbuf, + " -l[l] command list user's available commands\n", NULL); + lbuf_append(&lbuf, + " -n non-interactive mode, will not prompt user\n", NULL); + lbuf_append(&lbuf, + " -P preserve group vector instead of setting to target's\n", + NULL); + lbuf_append(&lbuf, + " -p prompt use specified password prompt\n", NULL); +#ifdef HAVE_SELINUX + lbuf_append(&lbuf, + " -r role create SELinux security context with specified role\n", + NULL); +#endif + lbuf_append(&lbuf, + " -S read password from standard input\n", NULL); + lbuf_append(&lbuf, + " -s [command] run a shell as target user\n", NULL); +#ifdef HAVE_SELINUX + lbuf_append(&lbuf, + " -t type create SELinux security context with specified role\n", + NULL); +#endif + lbuf_append(&lbuf, + " -U user when listing, list specified user's privileges\n", + NULL); + lbuf_append(&lbuf, + " -u user run command (or edit file) as specified user\n", NULL); + lbuf_append(&lbuf, + " -V display version information and exit\n", NULL); + lbuf_append(&lbuf, + " -v update user's timestamp without running a command\n", + NULL); + lbuf_append(&lbuf, + " -- stop processing command line arguments\n", NULL); + lbuf_print(&lbuf); + lbuf_destroy(&lbuf); + exit(0); } diff --git a/src/sudo.h b/src/sudo.h index 6402d82b2..e6190c16c 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -207,7 +207,7 @@ extern struct user_details user_details; int sudo_edit(struct command_details *details, char *argv[], char *envp[]); /* parse_args.c */ -void usage(int) __attribute__((__noreturn__)); +void usage(int); /* selinux.c */ int selinux_restore_tty(void);