Setting a sudoOrder start point of 0 will disable creation of

sudoOrder attributes in the resulting LDIF output.

diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat
index 2777a43ca9e742f24a0823a9c028cffa7f6b486c..006581a4869e8d793ae6b5fd4d7afac5b9c06b19 100644 (file)
--- a/doc/cvtsudoers.cat
+++ b/doc/cvtsudoers.cat
@@ -93,7 +93,9 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
                  _\bs_\bt_\ba_\br_\bt_\b__\bp_\bo_\bi_\bn_\bt in the sudoOrder attribute of the first sudoRole
                  object.  Subsequent sudoRole object use a sudoOrder value
                  generated by adding an _\bi_\bn_\bc_\br_\be_\bm_\be_\bn_\bt, see the -\b-I\bI option for
-                 details.  Defaults to a starting point of 1.
+                 details.  Defaults to a starting point of 1.  A starting
+                 point of 0 will disable the generation of sudoOrder
+                 attributes in the resulting LDIF file.
 
      -\b-o\bo _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be, -\b--\b-o\bou\but\btp\bpu\but\bt=_\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be
                  Write the converted output to _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be.  If no _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be

diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in
index 1e223fe7409dfc959c338491f134393006a90ee0..28c23bcd65fe6b2bd01a0fa5698c00ecbd8b05de 100644 (file)
--- a/doc/cvtsudoers.man.in
+++ b/doc/cvtsudoers.man.in
@@ -172,6 +172,8 @@ see the
 \fB\-I\fR
 option for details.
 Defaults to a starting point of 1.
+A starting point of 0 will disable the generation of sudoOrder
+attributes in the resulting LDIF file.
 .TP 12n
 \fB\-o\fR \fIoutput_file\fR, \fB\--output\fR=\fIoutput_file\fR
 Write the converted output to

diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in
index 8c99d1892a84de5f4b96182ab15c7c89524a42b3..6a1df133d60a85b1ad9467fdae97339304b33b04 100644 (file)
--- a/doc/cvtsudoers.mdoc.in
+++ b/doc/cvtsudoers.mdoc.in
@@ -137,6 +137,8 @@ see the
 .Fl I
 option for details.
 Defaults to a starting point of 1.
+A starting point of 0 will disable the generation of sudoOrder
+attributes in the resulting LDIF file.
 .It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file
 Write the converted output to
 .Ar output_file .

diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
index 456f7f3283aef817a64f6720d26aca89700911e1..2d7e24c03104a8b3d386ed71c1630b1b0a6aec97 100644 (file)
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -178,7 +178,7 @@ main(int argc, char *argv[])
            output_file = optarg;
            break;
        case 'O':
-           conf->sudo_order = sudo_strtonum(optarg, 1, UINT_MAX, &errstr);
+           conf->sudo_order = sudo_strtonum(optarg, 0, UINT_MAX, &errstr);
            if (errstr != NULL) {
                sudo_warnx(U_("starting order: %s: %s"), optarg, U_(errstr));
                usage(1);

diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c
index 120b3bd186df428f5c1eadf1cde17a711d156cc7..c8648d0921dcd4542508d89123a44b5484f03cd0 100644 (file)
--- a/plugins/sudoers/cvtsudoers_ldif.c
+++ b/plugins/sudoers/cvtsudoers_ldif.c
@@ -445,8 +445,10 @@ print_userspec_ldif(FILE *fp, struct userspec *us, struct cvtsudoers_config *con
 
            print_cmndspec_ldif(fp, cs, &next, &priv->defaults);
 
-           fprintf(fp, "sudoOrder: %d\n\n", conf->sudo_order);
-           conf->sudo_order += conf->order_increment;
+           if (conf->sudo_order != 0) {
+               fprintf(fp, "sudoOrder: %d\n\n", conf->sudo_order);
+               conf->sudo_order += conf->order_increment;
+           }
        }
     }