[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [augeas-devel] sudoers lens not working





On Fri, Mar 20, 2009 at 2:26 PM, Frank Sweetser <fs wpi edu> wrote:
Robin Lee Powell wrote:

> That means that augeas can't parse it.  Look under
> "/augeas/files/etc/sudoers/" to see why, although I've gotta say
> that Augeas' parse errors are generally entirely unhelpful:
>
> augtool> ls /augeas/files/etc/sudoers/error/
> pos = 2587
> message = Short iteration

Okay, now we're getting somewhere!  I get a similar message with a different
offset:

augtool> ls /augeas/files/etc/sudoers/error/
pos = 1848
message = Short iteration

> It's the one thing I don't like about it.  At least give me a line
> number.  :(

Sometimes the old tools are still the best >
[root trapeze etc]# dd if=/etc/sudoers bs=1 skip=1848 | head -10
Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
                  LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
                  LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
                  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
                  LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
                  _XKB_CHARSET XAUTHORITY"

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).

If I remove the escapes and put it all on one line, everything works
perfectly, so I guess that the lens can't handle the multiline string.


That's right. I manage to get the lens to understand multiline configuration, but not multiline strings. The problem (from my understanding) lies in the fact that Augeas is not an imperative parser. Let me explain.

The official sudoers parser is imperative and removes "\\\n" before even trying to parse the file, so it doesn't even have to understand it.
The Augeas lens can't work this way, because it tries to parse the whole file as a big string and match it against a huge regexp which describes the sudoers format. The lens understands that "\\\n" can be used as a separator between fields, but it has no idea what to do with it inside fields.

I'm actually guessing that even something like

Def\
aults  env_k\
eep = "COLORS DISPLAY HOSTNAME"

might work with the official parser, while Augeas has absolutely no way (at least as it is today) to understand that "Def\\\naults" actually stands for a multiline "Defaults" entry.


Is this expected behaviour, or should I file a bug report?

As it is, it is the expected behaviour of the lens because I found no workaround for this. You could file a bug, although there is absolutely no garantee that I can fix this. In the best situation I can think of, I could add "\" and "\n" as authorized characters within value fields, so they would appear as such in the value.



Raphaël






--
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
   GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

_______________________________________________


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]