From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 28 Jun 2007 14:44:05 +0000 (+0000)
Subject: add simplistic support for sudoRunas; note that if a sudoers entry contains multiple... 
X-Git-Tag: SUDO_1_7_0~518
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ad86ccfb19b502ed93ec748a500b883257321f2c;p=sudo

add simplistic support for sudoRunas; note that if a sudoers entry contains multiple Runas users, all will apply to the sudoRole
---

diff --git a/sudoers2ldif b/sudoers2ldif
index 4dcd8cf36..b839235ea 100644
--- a/sudoers2ldif
+++ b/sudoers2ldif
@@ -10,11 +10,12 @@ use strict;
 
 # BUGS:
 #   Does not yet handle multiple lines with : in them
-#   Does not yet handle runas (xxx) syntax.
 #   Does not yet remove quotation marks from options
 #   Does not yet escape + at the beginning of a dn
 #   Does not yet handle line wraps correctly
 #   Does not yet handle multiple roles with same name (needs tiebreaker)
+#   Sudoers entries can have multiple Runas entries that override former ones,
+#	with LDAP sudoRunas applies to all commands in a sudoRole
 
 my %UA;
 my %HA;
@@ -79,6 +80,12 @@ while (<>){
       # will clobber options
       print "sudoUser: $_\n"   foreach expand(\%UA,@users);
       print "sudoHost: $_\n"   foreach expand(\%HA,@hosts);
+      my $runas = undef;
+      foreach (@cmds) {
+	if (s/^\(([^\)]+)\)\s*//) {
+	  print "sudoRunas: $_\n" foreach expand(\%UA, split(/,\s*/, $1));
+	}
+      }
       print "sudoCommand: $_\n" foreach expand(\%CA,@cmds);
       print "sudoOption: $_\n" foreach @options;
       print "\n";