# Converts a sudoers file to LDIF format in prepration for loading into
# the LDAP server.
#
-# $Sudo: sudoers2ldif,v 1.2 2004/02/13 02:08:27 aaron Exp $
-#
# BUGS:
# Does not yet handle multiple lines with : in them
-# Does not yet handle runas (xxx) syntax.
# Does not yet remove quotation marks from options
# Does not yet escape + at the beginning of a dn
# Does not yet handle line wraps correctly
# Does not yet handle multiple roles with same name (needs tiebreaker)
+#
+# CAVEATS:
+# Sudoers entries can have multiple RunAs entries that override former ones,
+# with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole
+my %RA;
my %UA;
my %HA;
my %CA;
$p2=~s/\s+$//; # remove trailing whitespace
$p3=~s/\s+$//; # remove trailing whitespace
- if ($p1 eq "User_Alias") {
+ if ($p1 eq "User_Alias") {
$UA{$p2}=$p3;
+ } elsif ($p1 eq "Runas_Alias") {
+ $RA{$p2}=$p3;
} elsif ($p1 eq "Host_Alias") {
$HA{$p2}=$p3;
} elsif ($p1 eq "Cmnd_Alias") {
# will clobber options
print "sudoUser: $_\n" foreach expand(\%UA,@users);
print "sudoHost: $_\n" foreach expand(\%HA,@hosts);
+ foreach (@cmds) {
+ if (s/^\(([^\)]+)\)\s*//) {
+ my @runas = split(/:\s*/, $1);
+ if (defined($runas[0])) {
+ print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0]));
+ }
+ if (defined($runas[1])) {
+ print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1]));
+ }
+ }
+ }
print "sudoCommand: $_\n" foreach expand(\%CA,@cmds);
print "sudoOption: $_\n" foreach @options;
print "\n";
s/PASSWD:\s*// && push @options,"authenticate";
s/NOEXEC:\s*// && push @options,"noexec";
s/EXEC:\s*// && push @options,"!noexec";
+ s/SETENV:\s*// && push @options,"setenv";
+ s/NOSETENV:\s*// && push @options,"!setenv";
s/\w+://; # silently remove other directives
s/\s+$//; # right trim
}
projects / debian / sudo / blobdiff