# Converts a sudoers file to LDIF format in prepration for loading into
# the LDAP server.
#
-# $Sudo: sudoers2ldif,v 1.2.2.1 2007/06/28 14:45:19 millert Exp $
+# $Sudo: sudoers2ldif,v 1.5 2007/12/08 00:09:28 millert Exp $
#
# BUGS:
# Does not yet escape + at the beginning of a dn
# Does not yet handle line wraps correctly
# Does not yet handle multiple roles with same name (needs tiebreaker)
-# Sudoers entries can have multiple Runas entries that override former ones,
-# with LDAP sudoRunas applies to all commands in a sudoRole
+#
+# CAVEATS:
+# Sudoers entries can have multiple RunAs entries that override former ones,
+# with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole
+my %RA;
my %UA;
my %HA;
my %CA;
$p2=~s/\s+$//; # remove trailing whitespace
$p3=~s/\s+$//; # remove trailing whitespace
- if ($p1 eq "User_Alias") {
+ if ($p1 eq "User_Alias") {
$UA{$p2}=$p3;
+ } elsif ($p1 eq "Runas_Alias") {
+ $RA{$p2}=$p3;
} elsif ($p1 eq "Host_Alias") {
$HA{$p2}=$p3;
} elsif ($p1 eq "Cmnd_Alias") {
# will clobber options
print "sudoUser: $_\n" foreach expand(\%UA,@users);
print "sudoHost: $_\n" foreach expand(\%HA,@hosts);
- my $runas = undef;
foreach (@cmds) {
if (s/^\(([^\)]+)\)\s*//) {
- print "sudoRunas: $_\n" foreach expand(\%UA, split(/,\s*/, $1));
+ my @runas = split(/:\s*/, $1);
+ if (defined($runas[0])) {
+ print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0]));
+ }
+ if (defined($runas[1])) {
+ print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1]));
+ }
}
}
print "sudoCommand: $_\n" foreach expand(\%CA,@cmds);
projects / debian / sudo / blobdiff