diff options
Diffstat (limited to 'sudoers/sudoers.xslt')
-rw-r--r-- | sudoers/sudoers.xslt | 574 |
1 files changed, 46 insertions, 528 deletions
diff --git a/sudoers/sudoers.xslt b/sudoers/sudoers.xslt index 4b19e51..ab6bd67 100644 --- a/sudoers/sudoers.xslt +++ b/sudoers/sudoers.xslt @@ -3,12 +3,7 @@ xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:md="http://freeipa.org/xsl/metadata/1.0" - xmlns:ipa10="http://freeipa.org/xml/rng/ipa/1.0" - xmlns:user10="http://freeipa.org/xml/rng/user/1.0" - xmlns:group10="http://freeipa.org/xml/rng/posixGroup/1.0" - xmlns:netgroup10="http://freeipa.org/xml/rng/netgroup/1.0" - xmlns:sudoOptions10="http://freeipa.org/xml/rng/sudo/sudoOptions/1.0" - xmlns:sudoers10="http://freeipa.org/xml/rng/sudo/sudoers/1.0"> + xmlns:sudoers="http://freeipa.org/xml/rng/sudo/sudoers/1.0"> <md:output_file name="/etc/sudoers" owner="root" group="root" permission="440"/> <xsl:output method="text" indent="no"/> @@ -16,551 +11,74 @@ <xsl:template match="/"> <xsl:text># IPA generated /etc/sudoers: DO NOT EDIT

</xsl:text> - <xsl:apply-templates select="ipa10:ipa"/> + <xsl:apply-templates select="sudoers:ipa"/> </xsl:template> - <xsl:template match="ipa10:ipa"> + <xsl:template match="sudoers:ipa"> <xsl:apply-templates> - <xsl:with-param name="users" select="''"/> + <xsl:with-param name="sudoers:sudoers" select="''"/> </xsl:apply-templates> </xsl:template> - <xsl:template match="user10:user"> - <xsl:param name="users"/> - <xsl:variable name="uids"> - <xsl:call-template name="tokenize"> - <xsl:with-param name="s" select="@uids"/> - </xsl:call-template> - </xsl:variable> - - <xsl:variable name="space"> - <xsl:choose> - <xsl:when test="$users = ''"> - </xsl:when> - <xsl:otherwise> - <xsl:text> </xsl:text> - </xsl:otherwise> - </xsl:choose> - </xsl:variable> - <xsl:apply-templates> - <xsl:with-param name="users" select="concat($users, $space, $uids)"/> - </xsl:apply-templates> - - </xsl:template> - - <xsl:template match="group10:posixGroup"> - <xsl:param name="users"/> - <xsl:variable name="gids"> - <xsl:call-template name="tokenize"> - <xsl:with-param name="s" select="@gids"/> - <xsl:with-param name="prefix" select="'%'"/> + <xsl:template match="sudoers:sudoers"> + <xsl:variable name="name"> + <xsl:call-template name="format_name"> + <xsl:with-param name="name" select="@name"/> + <xsl:with-param name="type" select="@type"/> </xsl:call-template> </xsl:variable> - <xsl:variable name="space"> - <xsl:choose> - <xsl:when test="$users = ''"> - </xsl:when> - <xsl:otherwise> - <xsl:text> </xsl:text> - </xsl:otherwise> - </xsl:choose> - </xsl:variable> - - <xsl:apply-templates> - <xsl:with-param name="users" select="concat($users, $space, $gids)"/> + <xsl:apply-templates select="sudoers:command"> + <xsl:with-param name="name" select="$name"/> </xsl:apply-templates> </xsl:template> - <xsl:template match="netgroup10:netgroup"> - <xsl:param name="users"/> - <xsl:variable name="netgroups"> - <xsl:call-template name="tokenize"> - <!--<xsl:with-param name="s" select="@netgroup"/> --> - <xsl:with-param name="s" select="@groupnames"/> - <xsl:with-param name="prefix" select="'+'"/> + <xsl:template match="sudoers:command"> + <xsl:param name="name"/> + <xsl:variable name="command" select="sudoers:path"/> + <xsl:variable name="runas" select="sudoers:runas"/> + <xsl:variable name="tag"> + <xsl:call-template name="format_tag"> + <xsl:with-param name="tag" select="sudoers:tag"/> </xsl:call-template> </xsl:variable> - <xsl:variable name="space"> - <xsl:choose> - <xsl:when test="$users = ''"> - </xsl:when> - <xsl:otherwise> - <xsl:text> </xsl:text> - </xsl:otherwise> - </xsl:choose> - </xsl:variable> - - <xsl:apply-templates> - <xsl:with-param name="users" select="concat($users, $space, $netgroups)"/> - </xsl:apply-templates> - </xsl:template> - - <xsl:template match="sudoOptions10:sudoOptions"> - <xsl:param name="users"/> - - <xsl:call-template name="defaults"> - <xsl:with-param name="users" select="$users"/> - </xsl:call-template> - <xsl:apply-templates> - <xsl:with-param name="users" select="$users"/> - </xsl:apply-templates> - </xsl:template> - - <xsl:template match="sudoers10:sudoers"> - <xsl:param name="users"/> - <!-- Add this if <sudoers> is allowed to carry option (Defaults) attributes - <xsl:call-template name="defaults"/> - --> - <xsl:apply-templates select="sudoers10:command"> - <xsl:with-param name="users" select="$users"/> - </xsl:apply-templates> - </xsl:template> - - <xsl:template match="sudoers10:command"> - <xsl:param name="users"/> - - <xsl:variable name="runas"> - <xsl:choose> - <xsl:when test="sudoers10:runas"> - <xsl:for-each select="sudoers10:runas"> - <xsl:if test="position() > 1"> - <xsl:text>,</xsl:text> - </xsl:if> - <xsl:value-of select="."/> - </xsl:for-each> - </xsl:when> - <xsl:otherwise> - <xsl:value-of select="'ALL'"/> - </xsl:otherwise> - </xsl:choose> - </xsl:variable> - - <xsl:variable name="tags"> - <xsl:choose> - <xsl:when test="sudoers10:tag"> - <xsl:call-template name="tokenize"> - <xsl:with-param name="s" select="sudoers10:tag"/> - <xsl:with-param name="suffix" select="':'"/> - </xsl:call-template> - <!-- Include a trailing space for easier output formatting. --> - <xsl:text> </xsl:text> - </xsl:when> - <xsl:otherwise> - <xsl:value-of select="''"/> - </xsl:otherwise> - </xsl:choose> - </xsl:variable> - - <xsl:variable name="command" select="sudoers10:path"/> - <xsl:variable name="args" select="sudoers10:args"/> - - <!-- - user|%group|+netgroup.USER HOST|+netgroup.HOST = (runas) tags: commands - runas::= user|#uid|%group|+netgroup.USER - --> - <xsl:call-template name="tokenize"> - <xsl:with-param name="s" select="$users"/> - <xsl:with-param name="suffix"> - <xsl:text> </xsl:text> - <xsl:text>ALL</xsl:text> - <xsl:text> = (</xsl:text> - <xsl:value-of select="$runas"/> - <xsl:text>) </xsl:text> - <xsl:value-of select="$tags"/> - <xsl:value-of select="$command"/> - <xsl:text> </xsl:text> - <xsl:value-of select="$args"/> - </xsl:with-param> - <xsl:with-param name="separator" select="'
'"/> - </xsl:call-template> - - <xsl:text>
</xsl:text> - </xsl:template> - - <xsl:template name="defaults"> - <xsl:param name="users"/> - - <xsl:for-each select="@*"> - <xsl:variable name="var" select="name()"/> - <xsl:variable name="val" select="."/> - <xsl:variable name="prefix"> - <xsl:choose> - <xsl:when test="$users = ''"> - <xsl:text>Defaults</xsl:text> - </xsl:when> - <xsl:otherwise> - <xsl:text>Defaults:</xsl:text> - </xsl:otherwise> - </xsl:choose> - </xsl:variable> - - <xsl:call-template name="tokenize"> - <xsl:with-param name="s" select="$users"/> - <xsl:with-param name="prefix"> - <xsl:choose> - <xsl:when test="$users = ''"> - <xsl:text>Defaults</xsl:text> - </xsl:when> - <xsl:otherwise> - <xsl:text>Defaults:</xsl:text> - </xsl:otherwise> - </xsl:choose> - </xsl:with-param> - <xsl:with-param name="suffix"> - <xsl:text> </xsl:text> - - <xsl:choose> - <!-- boolean handling --> - - <xsl:when test="name() = 'always_set_home'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'authenticate'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'env_editor'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'env_reset'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'fqdn'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'ignore_local_sudoers'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'insults'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'log_host'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'log_year'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'long_otp_prompt'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'mail_always'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'mail_badpass'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'mail_no_host'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'mail_no_perms'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'mail_no_user'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'noexec'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'path_info'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'passprompt_override'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'preserve_groups'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'requiretty'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'root_sudo'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'rootpw'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'runaspw'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'set_home'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'set_logname'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'setenv'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'shell_noargs'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'stay_setuid'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'targetpw'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <xsl:when test="name() = 'ttytickets'"> - <xsl:if test=". = 'off'"> - <xsl:text>!</xsl:text> - </xsl:if> - <xsl:value-of select="name()"/> - </xsl:when> - - <!-- boolean/string handling --> - - <xsl:when test="name() = 'syslog'"> - <xsl:choose> - <xsl:when test=". = 'off'"> - <xsl:text>!</xsl:text> - <xsl:value-of select="name()"/> - </xsl:when> - <xsl:otherwise> - <xsl:value-of select="name()"/> - <xsl:text>=</xsl:text> - <xsl:value-of select="."/> - </xsl:otherwise> - </xsl:choose> - </xsl:when> - - <!-- quoted/list handling --> - - <xsl:when test="name() = 'badpass_message'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'mailsub'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'passprompt'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'role'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'mailerflags'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'env_check'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'env_delete'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <xsl:when test="name() = 'env_keep'"> - <xsl:value-of select="$var"/> - <xsl:text>= "</xsl:text> - <xsl:value-of select="$val"/> - <xsl:text>"</xsl:text> - </xsl:when> - - <!-- default handling --> - <xsl:otherwise> - <xsl:value-of select="name()"/> - <xsl:text>=</xsl:text> - <xsl:value-of select="."/> - </xsl:otherwise> - - </xsl:choose> - - <xsl:text>
</xsl:text> - </xsl:with-param> - <xsl:with-param name="separator" select="''"/> - </xsl:call-template> - + <xsl:value-of select="$name"/> + <xsl:text>=</xsl:text> + <xsl:if test="$runas != ''"> + <xsl:text>(</xsl:text> + <xsl:value-of select="$runas"/> + <xsl:text>)</xsl:text> + </xsl:if> + <xsl:text> </xsl:text> + <xsl:value-of select="$tag"/> + <xsl:text> </xsl:text> + <xsl:value-of select="$command"/> <xsl:text>
</xsl:text> - </xsl:for-each> </xsl:template> - <xsl:template name="tokenize"> - <xsl:param name="s" select="."/> - <xsl:param name="delim" select="' '"/> - <xsl:param name="prefix" select="''"/> - <xsl:param name="suffix" select="''"/> - <xsl:param name="separator" select="' '"/> - <xsl:param name="action" select="'output'"/> - <xsl:param name="first" select="true()"/> + <xsl:template name="format_name"> + <xsl:param name="name"/> + <xsl:param name="type"/> <xsl:choose> - <xsl:when test="contains($s, $delim)"> - <xsl:choose> - <xsl:when test="$action = 'output'"> - <xsl:if test="$first != true()"> - <xsl:value-of select="$separator"/> - </xsl:if> - <xsl:value-of select="$prefix"/> - <xsl:value-of select="substring-before($s, $delim)"/> - <xsl:value-of select="$suffix"/> - </xsl:when> - </xsl:choose> - <xsl:call-template name="tokenize"> - <xsl:with-param name="first" select="false()"/> - <xsl:with-param name="s" select="substring-after($s, $delim)"/> - <xsl:with-param name="delim" select="$delim"/> - <xsl:with-param name="prefix" select="$prefix"/> - <xsl:with-param name="suffix" select="$suffix"/> - <xsl:with-param name="separator" select="$separator"/> - <xsl:with-param name="action" select="$action"/> - </xsl:call-template> + <xsl:when test="$type = 'netgroup'"> + <xsl:text>+</xsl:text> + </xsl:when> + <xsl:when test="$type = 'posixGroup'"> + <xsl:text>%</xsl:text> </xsl:when> - <xsl:otherwise> - <xsl:choose> - <xsl:when test="$action = 'output'"> - <xsl:if test="$first != true()"> - <xsl:value-of select="$separator"/> - </xsl:if> - <xsl:value-of select="$prefix"/> - <xsl:value-of select="$s"/> - <xsl:value-of select="$suffix"/> - </xsl:when> - </xsl:choose> - </xsl:otherwise> </xsl:choose> + <xsl:value-of select="$name"/> </xsl:template> + <xsl:template name="format_tag"> + <xsl:param name="tag"/> + + <xsl:if test="$tag != ''"> + <xsl:value-of select="$tag"/> + <xsl:text>:</xsl:text> + </xsl:if> + </xsl:template> </xsl:stylesheet> |