1 files changed, 42 insertions, 3 deletions

diff --git a/sudoers/sudoers.xsl b/sudoers/sudoers.xsl
index 70e4cc4..6b79da9 100644
--- a/sudoers/sudoers.xsl
+++ b/sudoers/sudoers.xsl
@@ -24,18 +24,33 @@ MA 02111-1307, USA.
   xmlns:xs="http://www.w3.org/2001/XMLSchema"
   xmlns:xd="http://www.pnp-software.com/XSLTdoc"
   xmlns:md="http://freeipa.org/xsl/metadata/1.0"
-  xmlns:sudoers="http://freeipa.org/xml/rng/sudo/1.0">
+  xmlns:sudoers="http://freeipa.org/xml/rng/sudo/1.0"
+                  xmlns:exsl="http://exslt.org/common"
+                  extension-element-prefixes="exsl">
+
 
   <md:output_handler>
     <md:file md:name="/etc/sudoers" md:owner="root" md:group="root" md:permission="0440"/>
   </md:output_handler>
 
+  <xsl:param name="merge"/>
   <xsl:output method="text" indent="no"/>
   <xsl:strip-space elements="*"/>
 
   <xsl:template match="/">
-    <xsl:text># IPA generated /etc/sudoers: DO NOT EDIT&#xA;&#xA;</xsl:text>
-    <xsl:apply-templates select="sudoers:ipa"/>
+    <xsl:choose>
+      <xsl:when test="$merge!=''">
+        <exsl:document href="-" method="xml" indent="yes">
+          <xsl:call-template name="sudoers:merge">
+            <xsl:with-param name="file_list" select="$merge"/>
+          </xsl:call-template>
+        </exsl:document>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:text># IPA generated /etc/sudoers: DO NOT EDIT&#xA;&#xA;</xsl:text>
+        <xsl:apply-templates select="sudoers:ipa"/>
+      </xsl:otherwise>
+    </xsl:choose>
   </xsl:template>
 
   <xsl:template match="sudoers:ipa">
@@ -276,4 +291,28 @@ MA 02111-1307, USA.
       <xsl:text>:</xsl:text>
     </xsl:if>
   </xsl:template>
+
+
+  <xsl:template name="sudoers:merge">
+    <xsl:param name="file_list"/>
+    <xsl:choose>
+      <xsl:when test="contains($file_list,' ')">
+      <!-- From sudoers(5): Where there are multiple matches, the last match is
+           used (which is not necessarily the most specific match).
+           This means we have to print the content of the files in file_list in
+           reverse order. -->
+        <xsl:call-template name="sudoers:merge">
+          <xsl:with-param name="file_list" select="substring-after($file_list,' ')"/>
+        </xsl:call-template>
+        <xsl:variable name="file">
+          <xsl:value-of select="substring-before($file_list,' ')"/>
+        </xsl:variable>
+        <xsl:copy-of select="document($file)/sudoers:ipa/sudoers:ipaconfig/*"/>
+        <xsl:text>&#x0A;</xsl:text>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:copy-of select="document($file_list)/sudoers:ipa/sudoers:ipaconfig/*"/>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
 </xsl:stylesheet>