#!/bin/ksh
# $Id: sudomap.ksh,v 1.5 2008/12/05 20:08:35 ksb Exp $
# $Source: /usr/msrc/usr/local/bin/sudop/RCS/sudomap.ksh,v $
#
# Map sudo paths to op rules by reading the policy on the local host,
# access.cf might have a default marked line to implement another tactic.
#

PROGNAME=`basename $0`

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/etc:/usr/local/bin:/usr/local/sbin:/usr/local/etc:/etc"
export PATH

OPT_G=""
OPT_U=""
while [ -n "$1" ] ; do
	case _"$1" in
	_-g)	OPT_G=${2?'-g: missing groupname'}
		shift
		;;
	_-u)	OPT_U=${2?'-u: missing username'}
		shift
		;;
	_-l)
		exec mk -s -l0 -a -mSudop -d'-list' `ls *.cf | tr '\n' ' '`
		;;
	_-*)
		echo "$PROGNAME: unrecognized option: $1"
		exit 1
		;;
	_*)
		break
		;;
	esac
	shift
done

COMMAND="$1"
shift

# The output from a single mk call is send straight back to sudop
exec mk ${OPT_U:+ -DUSER="$OPT_U"}${OPT_G:+ -DGROUP="$OPT_G"} -s -l0 -A -mSudop -d"$COMMAND" \
		`ls *.cf | grep -v '^access.cf$' | sed -e 's/^/-t/' | tr '\n' ' '` access.cf
exit 0