From 44fc165e7c01bdab1c03fd95d08d13a190c78f75 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 2 Mar 2018 10:59:19 -0700
Subject: [PATCH] Don't emit an empty sudoRole for global defaults if there are
 none.

---
 plugins/sudoers/cvtsudoers_ldif.c             | 9 ++++++++-
 plugins/sudoers/regress/sudoers/test2.ldif.ok | 6 ------
 plugins/sudoers/regress/sudoers/test3.ldif.ok | 6 ------
 plugins/sudoers/regress/sudoers/test6.ldif.ok | 6 ------
 4 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c
index f44d6e71f..33a865438 100644
--- a/plugins/sudoers/cvtsudoers_ldif.c
+++ b/plugins/sudoers/cvtsudoers_ldif.c
@@ -94,9 +94,16 @@ print_options_ldif(FILE *fp, struct defaults_list *options)
 static bool
 print_global_defaults_ldif(FILE *fp, const char *base)
 {
+    unsigned int count = 0;
+    struct defaults *opt;
     debug_decl(print_global_defaults_ldif, SUDOERS_DEBUG_UTIL)
 
-    if (TAILQ_EMPTY(&defaults))
+    TAILQ_FOREACH(opt, &defaults, entries) {
+	/* Skip bound Defaults (unsupported). */
+	if (opt->type == DEFAULTS)
+	    count++;
+    }
+    if (count == 0)
 	debug_return_bool(true);
 
     fprintf(fp, "dn: cn=defaults,%s\n", base);
diff --git a/plugins/sudoers/regress/sudoers/test2.ldif.ok b/plugins/sudoers/regress/sudoers/test2.ldif.ok
index 4c47b478e..9823707a9 100644
--- a/plugins/sudoers/regress/sudoers/test2.ldif.ok
+++ b/plugins/sudoers/regress/sudoers/test2.ldif.ok
@@ -1,9 +1,3 @@
-dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws
-objectClass: top
-objectClass: sudoRole
-cn: defaults
-description: Default sudoOption's go here
-
 dn: cn=foo,ou=SUDOers,dc=sudo,dc=ws
 objectClass: top
 objectClass: sudoRole
diff --git a/plugins/sudoers/regress/sudoers/test3.ldif.ok b/plugins/sudoers/regress/sudoers/test3.ldif.ok
index 2184f2b17..e69de29bb 100644
--- a/plugins/sudoers/regress/sudoers/test3.ldif.ok
+++ b/plugins/sudoers/regress/sudoers/test3.ldif.ok
@@ -1,6 +0,0 @@
-dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws
-objectClass: top
-objectClass: sudoRole
-cn: defaults
-description: Default sudoOption's go here
-
diff --git a/plugins/sudoers/regress/sudoers/test6.ldif.ok b/plugins/sudoers/regress/sudoers/test6.ldif.ok
index 6703fa2a1..5ca28d10a 100644
--- a/plugins/sudoers/regress/sudoers/test6.ldif.ok
+++ b/plugins/sudoers/regress/sudoers/test6.ldif.ok
@@ -1,9 +1,3 @@
-dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws
-objectClass: top
-objectClass: sudoRole
-cn: defaults
-description: Default sudoOption's go here
-
 dn: cn=\#0,ou=SUDOers,dc=sudo,dc=ws
 objectClass: top
 objectClass: sudoRole
-- 
2.50.1