From b0abdd5a17b708614c04dcfa0027c6c2fa43085e Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 28 Jan 2018 19:38:00 -0700 Subject: [PATCH] Document limitations of LDIF conversion. --- doc/cvtsudoers.cat | 14 +++++++++++++- doc/cvtsudoers.man.in | 19 +++++++++++++++++++ doc/cvtsudoers.mdoc.in | 13 +++++++++++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/doc/cvtsudoers.cat b/doc/cvtsudoers.cat index d18ebd343..0571ab36f 100644 --- a/doc/cvtsudoers.cat +++ b/doc/cvtsudoers.cat @@ -8,7 +8,8 @@ SSYYNNOOPPSSIISS DDEESSCCRRIIPPTTIIOONN ccvvttssuuddooeerrss can be used to convert a policy file in _s_u_d_o_e_r_s format to - other formats. The default output format is LDIF. + other formats. The default output format is LDIF. It is only possible + to convert a _s_u_d_o_e_r_s file that is syntactically correct. If no _s_u_d_o_e_r_s___f_i_l_e is specified, or if it is `-', the policy is read from the standard input. By default, the result is written to the standard @@ -30,6 +31,17 @@ DDEESSCCRRIIPPTTIIOONN imported into an LDAP server for use with sudoers.ldap(4). + Conversion to LDIF has the following limitations: + + ++oo Command, host, runas and user-specific + Defaults lines cannot be translated as they + don't have an equivalent in the sudoers LDAP + schema. + + ++oo Command, host, runas and user aliases are not + supported by the sudoers LDAP schema so they + are expanded during the conversion. + --hh, ----hheellpp Display a short help message to the standard output and exit. --oo _o_u_t_p_u_t___f_i_l_e, ----oouuttppuutt=_o_u_t_p_u_t___f_i_l_e diff --git a/doc/cvtsudoers.man.in b/doc/cvtsudoers.man.in index 9a5723bce..dd47964db 100644 --- a/doc/cvtsudoers.man.in +++ b/doc/cvtsudoers.man.in @@ -35,6 +35,9 @@ can be used to convert a policy file in \fIsudoers\fR format to other formats. The default output format is LDIF. +It is only possible to convert a +\fIsudoers\fR +file that is syntactically correct. .PP If no \fIsudoers_file\fR @@ -67,7 +70,23 @@ LDIF LDIF (LDAP Data Interchange Format) files can be imported into an LDAP server for use with sudoers.ldap(@mansectform@). +.sp +Conversion to LDIF has the following limitations: +.PP +.RS 10n .PD 0 +.TP 6n +\fB\(bu\fR +Command, host, runas and user-specific Defaults lines cannot be +translated as they don't have an equivalent in the sudoers LDAP schema. +.PD +.TP 6n +\fB\(bu\fR +Command, host, runas and user aliases are not supported by the +sudoers LDAP schema so they are expanded during the conversion. +.PD 0 +.PP +.RE .PP .RE .PD diff --git a/doc/cvtsudoers.mdoc.in b/doc/cvtsudoers.mdoc.in index 648510a82..4d657f79e 100644 --- a/doc/cvtsudoers.mdoc.in +++ b/doc/cvtsudoers.mdoc.in @@ -32,6 +32,9 @@ can be used to convert a policy file in .Em sudoers format to other formats. The default output format is LDIF. +It is only possible to convert a +.Em sudoers +file that is syntactically correct. .Pp If no .Ar sudoers_file @@ -59,6 +62,16 @@ format. LDIF (LDAP Data Interchange Format) files can be imported into an LDAP server for use with .Xr sudoers.ldap @mansectform@ . +.Pp +Conversion to LDIF has the following limitations: +.Bl -bullet -width 4n +.It +Command, host, runas and user-specific Defaults lines cannot be +translated as they don't have an equivalent in the sudoers LDAP schema. +.It +Command, host, runas and user aliases are not supported by the +sudoers LDAP schema so they are expanded during the conversion. +.El .El .It Fl h , -help Display a short help message to the standard output and exit. -- 2.40.0