[augeas-devel] Equal sign in commands in sudoers.aug

[Raphaël Pinson]

Hello all,

I'm having an issue with sudoers.aug. I found that the lens currently
doesn't allow "=" in commands, so I added a test for it (which,
logically, fails):

  test Sudoers.spec get "root ALL=(ALL) ALL /usr/bin/mylvmbackup
--configfile=/etc/mylvbackup_amanda.conf\n" =
    { "spec"
      { "user" = "root" }
      { "host_group"
        { "host" = "ALL" }
        { "command" = "ALL /usr/bin/mylvmbackup
--configfile=/etc/mylvbackup_amanda.conf"
          { "runas_user" = "ALL" } } } }


Allowing "=" in the middle of commands means changing:

  let sto_to_com_cmnd = store /([^,=:#()
\t\n\\]([^=,:#()\n\\]|\\\\[=:,\\])*[^,=:#() \t\n\\])|[^,=:#() \t\n\\]/

into

  let sto_to_com_cmnd = store /([^,=:#()
\t\n\\]([^,:#()\n\\]|\\\\[=:,\\])*[^,=:#() \t\n\\])|[^,=:#() \t\n\\]/


That looks easy enough, unfortunately, it leads to an ambiguity, since
commands could be named for example "SETENV" (using aliases for
example), and then augeas wouldn't know how to parse this:

  :A=SETENV:B=C

which could either be parsed as:

  { "host_group"
     { "host" = "A" }
     { "tag" = "SETENV" }
     { "command" = "B=C" } }

or

  { "host_group"
     { "host" = "A" }
     { "command" = "SETENV" } }
  { "host_group"
     { "host" = "B" }
     { "command" = "C" } }


Obviously, the second solution is wrong, because "SETENV" (and
/(NO)?(PASSWD|EXEC|SETENV)/ in general) is a reserved word for tags,
which cannot be used as a command alias.
Now, fixing this ambiguity is doable by saying:

let sto_to_com_cmnd = store (/([^,=:#()
\t\n\\]([^,:#()\n\\]|\\\\[=:,\\])*[^,=:#() \t\n\\])|[^,=:#() \t\n\\]/
- /(NO)?(PASSWD|EXEC|SETENV)/)


This typechecks fine, *but* it requires no less than 14GB of RAM to
typecheck, which is unacceptable.

Does anyone have an idea to implement this without falling into a huge
pit of RAM and CPU usage?


Cheers,

Raphaël