diff options
Diffstat (limited to 'plugins/sudoers/regress/testsudoers')
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/group | 15 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test1.out.ok | 8 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test1.sh | 13 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test2.inc | 1 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test2.out.ok | 10 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test2.sh | 13 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test3.d/root | 1 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test3.out.ok | 10 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test3.sh | 13 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test4.out.ok | 6 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test4.sh | 14 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test5.out.ok | 12 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test5.sh | 32 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test6.out.ok | 10 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test6.sh | 11 | ||||
| -rw-r--r-- | plugins/sudoers/regress/testsudoers/test7.out.ok | 10 | ||||
| -rwxr-xr-x | plugins/sudoers/regress/testsudoers/test7.sh | 11 |
17 files changed, 190 insertions, 0 deletions
diff --git a/plugins/sudoers/regress/testsudoers/group b/plugins/sudoers/regress/testsudoers/group new file mode 100644 index 0000000..e2202d6 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/group @@ -0,0 +1,15 @@ +wheel:*:0:root +daemon:*:1:daemon +kmem:*:2:root +sys:*:3:root +tty:*:4:root +operator:*:5:root +bin:*:7: +wsrc:*:9: +users:*:10: +auth:*:11: +games:*:13: +staff:*:20:root +guest:*:31:root +nogroup:*:32766: +nobody:*:32767: diff --git a/plugins/sudoers/regress/testsudoers/test1.out.ok b/plugins/sudoers/regress/testsudoers/test1.out.ok new file mode 100644 index 0000000..f980873 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test1.out.ok @@ -0,0 +1,8 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + +Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test1.sh b/plugins/sudoers/regress/testsudoers/test1.sh new file mode 100755 index 0000000..fb99a91 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test1.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Test for NULL dereference with "sudo -g group" when the sudoers rule +# has no runas user or group listed. +# This is RedHat bug Bug 667103. +# + +exec 2>&1 +./testsudoers -g bin -P ${TESTDIR}/group root id <<EOF +root ALL = ALL +EOF + +exit 0 diff --git a/plugins/sudoers/regress/testsudoers/test2.inc b/plugins/sudoers/regress/testsudoers/test2.inc new file mode 100644 index 0000000..52ca040 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test2.inc @@ -0,0 +1 @@ +root ALL = ALL diff --git a/plugins/sudoers/regress/testsudoers/test2.out.ok b/plugins/sudoers/regress/testsudoers/test2.out.ok new file mode 100644 index 0000000..eabeb20 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test2.out.ok @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test2.sh b/plugins/sudoers/regress/testsudoers/test2.sh new file mode 100755 index 0000000..d76cfbb --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test2.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Test #include facility +# + +MYUID=`\ls -ln $TESTDIR/test2.inc | awk '{print $3}'` +MYGID=`\ls -ln $TESTDIR/test2.inc | awk '{print $4}'` +exec 2>&1 +./testsudoers -U $MYUID -G $MYGID root id <<EOF +#include $TESTDIR/test2.inc +EOF + +exit 0 diff --git a/plugins/sudoers/regress/testsudoers/test3.d/root b/plugins/sudoers/regress/testsudoers/test3.d/root new file mode 100644 index 0000000..52ca040 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test3.d/root @@ -0,0 +1 @@ +root ALL = ALL diff --git a/plugins/sudoers/regress/testsudoers/test3.out.ok b/plugins/sudoers/regress/testsudoers/test3.out.ok new file mode 100644 index 0000000..eabeb20 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test3.out.ok @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test3.sh b/plugins/sudoers/regress/testsudoers/test3.sh new file mode 100755 index 0000000..c1251b9 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test3.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# Test #include facility +# + +MYUID=`\ls -lnd $TESTDIR/test3.d | awk '{print $3}'` +MYGID=`\ls -lnd $TESTDIR/test3.d | awk '{print $4}'` +exec 2>&1 +./testsudoers -U $MYUID -G $MYGID root id <<EOF +#includedir $TESTDIR/test3.d +EOF + +exit 0 diff --git a/plugins/sudoers/regress/testsudoers/test4.out.ok b/plugins/sudoers/regress/testsudoers/test4.out.ok new file mode 100644 index 0000000..6b27d71 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test4.out.ok @@ -0,0 +1,6 @@ +testsudoers: test2.inc should be owned by uid 1 +Parse error in sudoers near line 1. + +Entries for user root: + +Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test4.sh b/plugins/sudoers/regress/testsudoers/test4.sh new file mode 100755 index 0000000..3eaaa1d --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test4.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# Test sudoers owner check +# + +# Avoid warnings about memory leaks when there is a syntax error +ASAN_OPTIONS=detect_leaks=0; export ASAN_OPTIONS + +exec 2>&1 +./testsudoers -U 1 root id <<EOF +#include $TESTDIR/test2.inc +EOF + +exit 0 diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok new file mode 100644 index 0000000..5e319c9 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test5.out.ok @@ -0,0 +1,12 @@ +testsudoers: test5.inc is world writable +Parse error in sudoers near line 1. + +Entries for user root: + +Command unmatched +testsudoers: test5.inc should be owned by gid 4294967295 +Parse error in sudoers near line 1. + +Entries for user root: + +Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test5.sh b/plugins/sudoers/regress/testsudoers/test5.sh new file mode 100755 index 0000000..9e690a6 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test5.sh @@ -0,0 +1,32 @@ +#!/bin/sh +# +# Test sudoers file mode check +# + +# Avoid warnings about memory leaks when there is a syntax error +ASAN_OPTIONS=detect_leaks=0; export ASAN_OPTIONS + +# Create test file +TESTFILE=`pwd`/regress/testsudoers/test5.inc +cat >$TESTFILE <<EOF +root ALL = ALL +EOF + +MYUID=`\ls -ln $TESTFILE | awk '{print $3}'` +MYGID=`\ls -ln $TESTFILE | awk '{print $4}'` +exec 2>&1 + +# Test world writable +chmod 666 $TESTFILE +./testsudoers -U $MYUID -G $MYGID root id <<EOF +#include $TESTFILE +EOF + +# Test group writable +chmod 664 $TESTFILE +./testsudoers -U $MYUID -G -1 root id <<EOF +#include $TESTFILE +EOF + +rm -f $TESTFILE +exit 0 diff --git a/plugins/sudoers/regress/testsudoers/test6.out.ok b/plugins/sudoers/regress/testsudoers/test6.out.ok new file mode 100644 index 0000000..eabeb20 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test6.out.ok @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test6.sh b/plugins/sudoers/regress/testsudoers/test6.sh new file mode 100755 index 0000000..ee9f93d --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test6.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Verify sudoers matching by uid. +# + +exec 2>&1 +./testsudoers root id <<EOF +#0 ALL = ALL +EOF + +exit 0 diff --git a/plugins/sudoers/regress/testsudoers/test7.out.ok b/plugins/sudoers/regress/testsudoers/test7.out.ok new file mode 100644 index 0000000..eabeb20 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test7.out.ok @@ -0,0 +1,10 @@ +Parses OK. + +Entries for user root: + +ALL = ALL + host matched + runas matched + cmnd allowed + +Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test7.sh b/plugins/sudoers/regress/testsudoers/test7.sh new file mode 100755 index 0000000..4975245 --- /dev/null +++ b/plugins/sudoers/regress/testsudoers/test7.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# +# Verify sudoers matching by gid. +# + +exec 2>&1 +./testsudoers root id <<EOF +%#0 ALL = ALL +EOF + +exit 0 |