From: Todd C. Miller <Todd.Miller@sudo.ws>
Date: Sat, 24 Feb 2018 21:35:38 +0000 (-0700)
Subject: Setting a sudoOrder start point of 0 will disable creation of
X-Git-Tag: SUDO_1_8_23^2~115
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3a0c3272b59d744a1313772bafd2c2c5b44680e;p=sudo

Setting a sudoOrder start point of 0 will disable creation of
sudoOrder attributes in the resulting LDIF output.
---

diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat
index 2777a43ca..006581a48 100644
--- a/doc/cvtsudoers.cat
+++ b/doc/cvtsudoers.cat
@@ -93,7 +93,9 @@ DDEESSCCRRIIPPTTIIOONN
                  _s_t_a_r_t___p_o_i_n_t in the sudoOrder attribute of the first sudoRole
                  object.  Subsequent sudoRole object use a sudoOrder value
                  generated by adding an _i_n_c_r_e_m_e_n_t, see the --II option for
-                 details.  Defaults to a starting point of 1.
+                 details.  Defaults to a starting point of 1.  A starting
+                 point of 0 will disable the generation of sudoOrder
+                 attributes in the resulting LDIF file.
 
      --oo _o_u_t_p_u_t___f_i_l_e, ----oouuttppuutt=_o_u_t_p_u_t___f_i_l_e
                  Write the converted output to _o_u_t_p_u_t___f_i_l_e.  If no _o_u_t_p_u_t___f_i_l_e
diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in
index 1e223fe74..28c23bcd6 100644
--- a/doc/cvtsudoers.man.in
+++ b/doc/cvtsudoers.man.in
@@ -172,6 +172,8 @@ see the
 \fB\-I\fR
 option for details.
 Defaults to a starting point of 1.
+A starting point of 0 will disable the generation of sudoOrder
+attributes in the resulting LDIF file.
 .TP 12n
 \fB\-o\fR \fIoutput_file\fR, \fB\--output\fR=\fIoutput_file\fR
 Write the converted output to
diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in
index 8c99d1892..6a1df133d 100644
--- a/doc/cvtsudoers.mdoc.in
+++ b/doc/cvtsudoers.mdoc.in
@@ -137,6 +137,8 @@ see the
 .Fl I
 option for details.
 Defaults to a starting point of 1.
+A starting point of 0 will disable the generation of sudoOrder
+attributes in the resulting LDIF file.
 .It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file
 Write the converted output to
 .Ar output_file .
diff --git a/plugins/sudoers/cvtsudoers.c b/plugins/sudoers/cvtsudoers.c
index 456f7f328..2d7e24c03 100644
--- a/plugins/sudoers/cvtsudoers.c
+++ b/plugins/sudoers/cvtsudoers.c
@@ -178,7 +178,7 @@ main(int argc, char *argv[])
 	    output_file = optarg;
 	    break;
 	case 'O':
-	    conf->sudo_order = sudo_strtonum(optarg, 1, UINT_MAX, &errstr);
+	    conf->sudo_order = sudo_strtonum(optarg, 0, UINT_MAX, &errstr);
 	    if (errstr != NULL) {
 		sudo_warnx(U_("starting order: %s: %s"), optarg, U_(errstr));
 		usage(1);
diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c
index 120b3bd18..c8648d092 100644
--- a/plugins/sudoers/cvtsudoers_ldif.c
+++ b/plugins/sudoers/cvtsudoers_ldif.c
@@ -445,8 +445,10 @@ print_userspec_ldif(FILE *fp, struct userspec *us, struct cvtsudoers_config *con
 
 	    print_cmndspec_ldif(fp, cs, &next, &priv->defaults);
 
-	    fprintf(fp, "sudoOrder: %d\n\n", conf->sudo_order);
-	    conf->sudo_order += conf->order_increment;
+	    if (conf->sudo_order != 0) {
+		fprintf(fp, "sudoOrder: %d\n\n", conf->sudo_order);
+		conf->sudo_order += conf->order_increment;
+	    }
 	}
     }