From b48192aeffd7c82317d2a97ad5ecef7702c80c1a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 16 Sep 2008 14:29:56 +0200
Subject: [PATCH 1/1] Export all accounts into sudo-passwd, even if they do not
 have a sudo password set.  Set their password to '*' then.

---
 debian/changelog |  7 +++++++
 ud-generate      | 47 ++++++++++++++++++++++-------------------------
 2 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index dda4dda..d4794d1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+userdir-ldap (0.3.42) unstable; urgency=low
+
+  * Export all accounts into sudo-passwd, even if they
+    do not have a sudo password set.  Set their password to '*' then.
+
+ -- Peter Palfrader <weasel@debian.org>  Tue, 16 Sep 2008 14:29:32 +0200
+
 userdir-ldap (0.3.41) unstable; urgency=low
 
   * ud-generate: lower casing the sudopasswd ldap entry prior to parsing
diff --git a/ud-generate b/ud-generate
index d0746de..dd321b8 100755
--- a/ud-generate
+++ b/ud-generate
@@ -216,34 +216,31 @@ def GenShadowSudo(l,File):
       raise "No Users";
 
    for x in PasswdAttrs:
+      Pass = '*'
       if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
          continue;
-      if not x[1].has_key('sudoPassword'):
-         continue
-
-      Pass = None
-      for entry in x[1]['sudoPassword']:
-         Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
-         if Match == None:
-            continue
-         uuid = Match.group(1)
-         status = Match.group(2)
-         hosts = Match.group(3)
-         cryptedpass = Match.group(4)
 
-         if status != 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
-            continue
-         for_all = hosts == "*"
-         for_this_host = CurrentHost in hosts.split(',')
-         if not (for_all or for_this_host):
-            continue
-         Pass = cryptedpass
-         if for_this_host: # this makes sure we take a per-host entry over the for-all entry
-           break
-      if not Pass:
-         continue
-      if len(Pass) > 50:
-         continue
+      if x[1].has_key('sudoPassword'):
+         for entry in x[1]['sudoPassword']:
+            Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+            if Match == None:
+               continue
+            uuid = Match.group(1)
+            status = Match.group(2)
+            hosts = Match.group(3)
+            cryptedpass = Match.group(4)
+
+            if status != 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
+               continue
+            for_all = hosts == "*"
+            for_this_host = CurrentHost in hosts.split(',')
+            if not (for_all or for_this_host):
+               continue
+            Pass = cryptedpass
+            if for_this_host: # this makes sure we take a per-host entry over the for-all entry
+              break
+         if len(Pass) > 50:
+            Pass = '*'
 
       Line = "%s:%s" % (GetAttr(x,"uid"), Pass)
       Line = Sanitize(Line) + "\n";
-- 
2.20.1