Fix documented bug with duplicate role names and turn on perl warnings.

Based on a diff from Aaron Peschel

diff --git a/doc/CONTRIBUTORS b/doc/CONTRIBUTORS
index b5f08004a0c712fe20874f261ffeabf44c07d99d..f132e9572b100c36558f0f805fee75ab2b5b9212 100644 (file)
--- a/doc/CONTRIBUTORS
+++ b/doc/CONTRIBUTORS
@@ -112,6 +112,7 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
     Percival, Ted
     Perera, Andres
     Peron, Christian S.J.
+    Peschel, Aaron
     Peslyak, Alexander
     Peterson, Toby
     Pettenò, Diego Elio

diff --git a/plugins/sudoers/sudoers2ldif b/plugins/sudoers/sudoers2ldif
index 3c165bc7c213fe653697fa5d42dfc4d8c5892413..7bceef1a96c53d4733cb500beaea0b8d6544cdfc 100755 (executable)
--- a/plugins/sudoers/sudoers2ldif
+++ b/plugins/sudoers/sudoers2ldif
@@ -15,6 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #
 
+use warnings;
 use strict;
 
 #
@@ -27,11 +28,10 @@ use strict;
 #   Does not yet remove quotation marks from options
 #   Does not yet escape + at the beginning of a dn
 #   Does not yet handle line wraps correctly
-#   Does not yet handle multiple roles with same name (needs tiebreaker)
 #
 # CAVEATS:
 #   Sudoers entries can have multiple RunAs entries that override former ones,
-#      with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole
+#       with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole
 
 my %RA;
 my %UA;
@@ -42,6 +42,7 @@ my @options=();
 
 my $did_defaults=0;
 my $order = 0;
+my %seen_users;
 
 # parse sudoers one line at a time
 while (<>){
@@ -91,26 +92,33 @@ while (<>){
       }
       # Definition
       my @users=split /\s*,\s*/,$p1;
+      my $username = $users[0];
+      if ($seen_users{$username}) {
+          $seen_users{$username} += 1;
+          $username = sprintf("%s_%s", $username, $seen_users{$username});
+      } else {
+          $seen_users{$username} = 1;
+      }
       my @hosts=split /\s*,\s*/,$p2;
       my @cmds= split /\s*,\s*/,$p3;
       @options=();
-      print "dn: cn=$users[0],$base\n";
+      print "dn: cn=$username,$base\n";
       print "objectClass: top\n";
       print "objectClass: sudoRole\n";
-      print "cn: $users[0]\n";
+      print "cn: $username\n";
       # will clobber options
       print "sudoUser: $_\n"   foreach expand(\%UA,@users);
       print "sudoHost: $_\n"   foreach expand(\%HA,@hosts);
       foreach (@cmds) {
-       if (s/^\(([^\)]+)\)\s*//) {
-         my @runas = split(/:\s*/, $1);
-         if (defined($runas[0])) {
-           print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0]));
-         }
-         if (defined($runas[1])) {
-           print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1]));
-         }
-       }
+        if (s/^\(([^\)]+)\)\s*//) {
+          my @runas = split(/:\s*/, $1);
+          if (defined($runas[0])) {
+            print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0]));
+          }
+          if (defined($runas[1])) {
+            print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1]));
+          }
+        }
       }
       print "sudoCommand: $_\n" foreach expand(\%CA,@cmds);
       print "sudoOption: $_\n" foreach @options;
@@ -120,7 +128,6 @@ while (<>){
   } else {
     print "parse error: $_\n";
   }
-
 }
 
 #
@@ -150,5 +157,3 @@ sub expand{
   push @a,$ref->{$_} ? expand($ref,split /\s*,\s*/,$ref->{$_}):$_ foreach @_;
   @a;
 }
-
-