#!/usr/bin/perl -w
#
# $Id: parse-sudoers,v 1.4 2007/02/03 16:41:29 jmates Exp $
#
# The author disclaims all copyrights and releases this script into the
# public domain.
#
# Parses sudoers. Quick script, does not follow BNF used by sudo, only
# outputs reformated lines able to parse. Usage:
#
# sudo parse-sudoers /etc/sudoers

use strict;

LINE: while (<>) {
  chomp;

  # comments, blank lines
  if ( m/^\s*#/ or s{^\s*$}{} ) {
    print "$_\n";
    next LINE;
  }

  # extend lines ending with \
  if (s{ \\ \s* $ }{}x) {
    $_ .= <>;
    redo LINE unless eof;
  }

  # match usual "foo bar = etc" entries
  if (m{^ (\S+) \s+ (\S+) \s*=\s* (.*)}x) {
    my ( $first, $second, $rest ) = ( $1, $2, $3 );

    # KLUGE match and sort anything that smells like comma delimited
    # records (commands or usernames, usually)
    if ( defined $rest
      and $rest =~ m{^ (.*?) ([\w./-]+\s*,\s*[\w\s,./-]+) $}x ) {
      $rest = $1 . join ', ', sort split( /\s*,\s*/, $2 );
    }

    $rest ||= '';
    $rest =~ s/\s*$//;

    # TODO output templating to \ long lines would be nice...

    # just normalize for now...
    #print "WAS: $_\n";
    print "$first $second = $rest\n";

  } else {
    # unparsed lines
    print "$_\n";
  }
}