version 1.2, 2007/07/26 16:10:16 |
version 1.3, 2008/11/14 11:58:08 |
|
|
# Converts a sudoers file to LDIF format in prepration for loading into |
# Converts a sudoers file to LDIF format in prepration for loading into |
# the LDAP server. |
# the LDAP server. |
# |
# |
# $Sudo: sudoers2ldif,v 1.2.2.1 2007/06/28 14:45:19 millert Exp $ |
# $Sudo: sudoers2ldif,v 1.5 2007/12/08 00:09:28 millert Exp $ |
# |
# |
|
|
# BUGS: |
# BUGS: |
|
|
# Does not yet escape + at the beginning of a dn |
# Does not yet escape + at the beginning of a dn |
# Does not yet handle line wraps correctly |
# Does not yet handle line wraps correctly |
# Does not yet handle multiple roles with same name (needs tiebreaker) |
# Does not yet handle multiple roles with same name (needs tiebreaker) |
# Sudoers entries can have multiple Runas entries that override former ones, |
# |
# with LDAP sudoRunas applies to all commands in a sudoRole |
# CAVEATS: |
|
# Sudoers entries can have multiple RunAs entries that override former ones, |
|
# with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole |
|
|
|
my %RA; |
my %UA; |
my %UA; |
my %HA; |
my %HA; |
my %CA; |
my %CA; |
|
|
$p2=~s/\s+$//; # remove trailing whitespace |
$p2=~s/\s+$//; # remove trailing whitespace |
$p3=~s/\s+$//; # remove trailing whitespace |
$p3=~s/\s+$//; # remove trailing whitespace |
|
|
if ($p1 eq "User_Alias") { |
if ($p1 eq "User_Alias") { |
$UA{$p2}=$p3; |
$UA{$p2}=$p3; |
|
} elsif ($p1 eq "Runas_Alias") { |
|
$RA{$p2}=$p3; |
} elsif ($p1 eq "Host_Alias") { |
} elsif ($p1 eq "Host_Alias") { |
$HA{$p2}=$p3; |
$HA{$p2}=$p3; |
} elsif ($p1 eq "Cmnd_Alias") { |
} elsif ($p1 eq "Cmnd_Alias") { |
|
|
# will clobber options |
# will clobber options |
print "sudoUser: $_\n" foreach expand(\%UA,@users); |
print "sudoUser: $_\n" foreach expand(\%UA,@users); |
print "sudoHost: $_\n" foreach expand(\%HA,@hosts); |
print "sudoHost: $_\n" foreach expand(\%HA,@hosts); |
my $runas = undef; |
|
foreach (@cmds) { |
foreach (@cmds) { |
if (s/^\(([^\)]+)\)\s*//) { |
if (s/^\(([^\)]+)\)\s*//) { |
print "sudoRunas: $_\n" foreach expand(\%UA, split(/,\s*/, $1)); |
my @runas = split(/:\s*/, $1); |
|
if (defined($runas[0])) { |
|
print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0])); |
|
} |
|
if (defined($runas[1])) { |
|
print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1])); |
|
} |
} |
} |
} |
} |
print "sudoCommand: $_\n" foreach expand(\%CA,@cmds); |
print "sudoCommand: $_\n" foreach expand(\%CA,@cmds); |