From ed3a1eb42b1147ed5aad892492a7ce443a824202 Mon Sep 17 00:00:00 2001
From: Luchi <39198766+luchihoratiu@users.noreply.github.com>
Date: Wed, 2 Dec 2020 10:01:41 +0200
Subject: [PATCH] Allow AD groups in '/etc/sudoers' (#696)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Before this commit, `/etc/sudoers` files containing AD users or groups
could not be parsed with the sudoers lens because it was containing `\\`
in said users/groups name. Running `visudo -c` shows that a sudoers file
containing these is valid so this case was added in the affected regex.

Co-authored-by: Raphaël Pinson <raphael.pinson@camptocamp.com>
---
 lenses/sudoers.aug            |  2 +-
 lenses/tests/test_sudoers.aug | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lenses/sudoers.aug b/lenses/sudoers.aug
index da613c7ce..cc803108e 100644
--- a/lenses/sudoers.aug
+++ b/lenses/sudoers.aug
@@ -127,7 +127,7 @@ let sto_to_com_host = store /[^,=:#() \t\n\\]+/
 Escaped spaces and NIS domains and allowed*)
 let sto_to_com_user =
       let nis_re = /([A-Z]([-A-Z0-9]|(\\\\[ \t]))*+\\\\\\\\)/
-   in let user_re = /[%+@a-z]([-A-Za-z0-9._+]|(\\\\[ \t]))*/ - /@include(dir)?/
+   in let user_re = /[%+@a-z]([-A-Za-z0-9._+]|(\\\\[ \t])|\\\\\\\\[A-Za-z0-9])*/ - /@include(dir)?/
    in let alias_re = /[A-Z_]+/
    in store ((nis_re? . user_re) | alias_re)
 
diff --git a/lenses/tests/test_sudoers.aug b/lenses/tests/test_sudoers.aug
index 1073dae95..336ba7587 100644
--- a/lenses/tests/test_sudoers.aug
+++ b/lenses/tests/test_sudoers.aug
@@ -9,6 +9,7 @@ test test_user get "root
 +secre-taries
 @my\ admin\ group
 EXAMPLE\\\\cslack
+%ad.domain.com\\\\sudo-users
 MY\ EX-AMPLE\ 9\\\\cslack\ group
 " =
   { "user" = "root" }
@@ -16,6 +17,7 @@ MY\ EX-AMPLE\ 9\\\\cslack\ group
   { "user" = "+secre-taries" }
   { "user" = "@my\\ admin\\ group" }
   { "user" = "EXAMPLE\\\\cslack" }
+  { "user" = "%ad.domain.com\\\\sudo-users" }
   { "user" = "MY\\ EX-AMPLE\\ 9\\\\cslack\\ group" }
 
 let conf = "
@@ -309,6 +311,18 @@ test Sudoers.spec get "%sudo_users ALL=(ALL) ALL\n" =
     }
   }
 
+(* Test: Sudoers.spec
+     allow ad group names with backslashes *)
+test Sudoers.spec get "%ad.domain.com\\\\sudo-users ALL=(ALL) ALL\n" =
+  { "spec"
+    { "user" = "%ad.domain.com\\\\sudo-users" }
+    { "host_group"
+      { "host" = "ALL" }
+      { "command" = "ALL"
+        { "runas_user" = "ALL" } }
+    }
+  }
+
 (* Test: Sudoers.spec
      Ticket #376: allow uppercase characters in user names *)
 test Sudoers.spec get "%GrOup ALL = (ALL) ALL\n" =