add simplistic support for sudoRunas; note that if a sudoers entry contains multiple Runas users, all will apply to the sudoRole

sudoers2ldif

@@ -10,11 +10,12 @@ use strict;
 
 # BUGS:
 #   Does not yet handle multiple lines with : in them
-#   Does not yet handle runas (xxx) syntax.
 #   Does not yet remove quotation marks from options
 #   Does not yet escape + at the beginning of a dn
 #   Does not yet handle line wraps correctly
 #   Does not yet handle multiple roles with same name (needs tiebreaker)
+#   Sudoers entries can have multiple Runas entries that override former ones,
+#	with LDAP sudoRunas applies to all commands in a sudoRole
 
 my %UA;
 my %HA;
@@ -79,6 +80,12 @@ while (<>){
       # will clobber options
       print "sudoUser: $_\n"   foreach expand(\%UA,@users);
       print "sudoHost: $_\n"   foreach expand(\%HA,@hosts);
+      my $runas = undef;
+      foreach (@cmds) {
+	if (s/^\(([^\)]+)\)\s*//) {
+	  print "sudoRunas: $_\n" foreach expand(\%UA, split(/,\s*/, $1));
+	}
+      }
       print "sudoCommand: $_\n" foreach expand(\%CA,@cmds);
       print "sudoOption: $_\n" foreach @options;
       print "\n";