summaryrefslogtreecommitdiffstats
path: root/plugins/sudoers/regress/corpus
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:37:38 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:37:38 +0000
commitae581a19fbe896a797450b9d9573fb66f2735227 (patch)
tree56c40be8518a29c9351364d13a9676aa83932dc0 /plugins/sudoers/regress/corpus
parentInitial commit. (diff)
downloadsudo-upstream.tar.xz
sudo-upstream.zip
Adding upstream version 1.9.13p3.upstream/1.9.13p3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'plugins/sudoers/regress/corpus')
-rw-r--r--plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif33
-rw-r--r--plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif6
-rw-r--r--plugins/sudoers/regress/corpus/seed/ldif/sample.ldif295
-rw-r--r--plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif44
-rw-r--r--plugins/sudoers/regress/corpus/seed/policy/policy.11
-rw-r--r--plugins/sudoers/regress/corpus/seed/policy/policy.25
-rw-r--r--plugins/sudoers/regress/corpus/seed/policy/policy.311
-rw-r--r--plugins/sudoers/regress/corpus/seed/policy/policy.436
-rw-r--r--plugins/sudoers/regress/corpus/seed/policy/policy.536
9 files changed, 467 insertions, 0 deletions
diff --git a/plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif b/plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif
new file mode 100644
index 0000000..b8c7b99
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif
@@ -0,0 +1,33 @@
+# defaults, SUDOers, sudo.ws
+dn:: Y249ZGVmYXVsdHMsb3U9U1VET2VycyxkYz1zdWRvLGRjPXdz
+objectClass: top
+objectClass: sudoRole
+cn: defaults
+description: Default sudoOption's go here
+sudoOption:: bG9nX29@1dHB1dA==
+
+# root, SUDOers, sudo.ws
+dn:: Y249cm9vdCxvdT1TVURPZXJzLGRjPXN1ZG8sZGM9_d3M=
+objectClass: top
+objectClass: sudoRole
+cn: root
+sudoUser: root
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoHost: ALL
+sudoCommand: ALL
+sudoOption: !authenticate
+sudoOrder: 10
+
+# %wheel, SUDOers, sudo.ws
+dn:: Y249JXdoZWVsLG91PVNVRE9lcnMsZGM9c3VkbyxkYz13cw!==
+objectClass: top
+objectClass: sudoRole
+cn: %wheel
+sudoUser: %wheel
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoHost: +sudo-hosts
+sudoCommand: ALL
+sudoOption: !authenticate
+sudoOrder: 10
diff --git a/plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif b/plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif
new file mode 100644
index 0000000..78c150a
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif
@@ -0,0 +1,6 @@
+# Exercise the fix for https://github.com/sudo-project/sudo/pull/169
+#
+# If the last byte of the input file was a backslash, the parser would
+# read past the end of the buffer.
+#
+dn: cn= Manager\ \ No newline at end of file
diff --git a/plugins/sudoers/regress/corpus/seed/ldif/sample.ldif b/plugins/sudoers/regress/corpus/seed/ldif/sample.ldif
new file mode 100644
index 0000000..81474a1
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/ldif/sample.ldif
@@ -0,0 +1,295 @@
+# LDIF version of the example sudoers file
+
+# Unable to translate ./examples/sudoers:12:17:
+# Defaults>root !set_logname
+
+# Unable to translate ./examples/sudoers:16:24:
+# Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec
+
+dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: defaults
+description: Default sudoOption's go here
+sudoOption: syslog=auth
+sudoOption: runcwd=~
+
+dn: cn=root,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: root
+sudoUser: root
+sudoHost: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoCommand: ALL
+sudoOrder: 1
+
+dn: cn=%wheel,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: %wheel
+sudoUser: %wheel
+sudoHost: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoCommand: ALL
+sudoOrder: 2
+
+dn: cn=FULLTIMERS,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: FULLTIMERS
+sudoUser: millert
+sudoUser: mikef
+sudoUser: dowdy
+sudoHost: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoOption: !authenticate
+sudoOption: !lecture
+sudoOption: !runchroot=*
+sudoCommand: ALL
+sudoOrder: 3
+
+dn: cn=PARTTIMERS,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: PARTTIMERS
+sudoUser: bostley
+sudoUser: jwfox
+sudoUser: crawl
+sudoHost: ALL
+sudoCommand: ALL
+sudoOrder: 4
+
+dn: cn=jack,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: jack
+sudoUser: jack
+sudoHost: 128.138.243.0
+sudoHost: 128.138.204.0/24
+sudoHost: 128.138.242.0
+sudoCommand: ALL
+sudoOrder: 5
+
+dn: cn=lisa,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: lisa
+sudoUser: lisa
+sudoHost: 128.138.0.0/255.255.0.0
+sudoCommand: ALL
+sudoOrder: 6
+
+dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: operator
+sudoUser: operator
+sudoHost: ALL
+sudoCommand: /usr/sbin/dump
+sudoCommand: /usr/sbin/rdump
+sudoCommand: /usr/sbin/restore
+sudoCommand: /usr/sbin/rrestore
+sudoCommand: /usr/bin/mt
+sudoCommand: sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups
+sudoCommand: /usr/bin/kill
+sudoCommand: /usr/bin/top
+sudoCommand: /usr/sbin/shutdown
+sudoCommand: /usr/sbin/halt
+sudoCommand: /usr/sbin/reboot
+sudoCommand: /usr/sbin/lpc
+sudoCommand: /usr/bin/lprm
+sudoCommand: sudoedit /etc/printcap
+sudoCommand: /usr/oper/bin/
+sudoOrder: 7
+
+dn: cn=joe,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: joe
+sudoUser: joe
+sudoHost: ALL
+sudoCommand: /usr/bin/su operator
+sudoOrder: 8
+
+dn: cn=pete,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: pete
+sudoUser: pete
+sudoHost: boa
+sudoHost: nag
+sudoHost: python
+sudoCommand: /usr/bin/passwd ^[a-zA-Z0-9_]+$
+sudoCommand: !/usr/bin/passwd root
+sudoOrder: 9
+
+dn: cn=bob,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: bob
+sudoUser: bob
+sudoHost: bigtime
+sudoHost: eclipse
+sudoHost: moet
+sudoHost: anchor
+sudoRunAsUser: root
+sudoRunAsUser: operator
+sudoCommand: ALL
+sudoOrder: 10
+
+dn: cn=bob_1,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: bob_1
+sudoUser: bob
+sudoHost: grolsch
+sudoHost: dandelion
+sudoHost: black
+sudoRunAsUser: root
+sudoRunAsUser: operator
+sudoCommand: ALL
+sudoOrder: 11
+
+dn: cn=jim,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: jim
+sudoUser: jim
+sudoHost: +biglab
+sudoCommand: ALL
+sudoOrder: 12
+
+dn: cn=\+secretaries,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: \+secretaries
+sudoUser: +secretaries
+sudoHost: ALL
+sudoCommand: /usr/sbin/lpc
+sudoCommand: /usr/bin/lprm
+sudoCommand: /usr/bin/adduser
+sudoCommand: /usr/bin/rmuser
+sudoOrder: 13
+
+dn: cn=fred,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: fred
+sudoUser: fred
+sudoHost: ALL
+sudoRunAsUser: oracle
+sudoRunAsUser: sybase
+sudoOption: !authenticate
+sudoCommand: ALL
+sudoOrder: 14
+
+dn: cn=john,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: john
+sudoUser: john
+sudoHost: widget
+sudoHost: thalamus
+sudoHost: foobar
+sudoCommand: /usr/bin/su ^[a-zA-Z0-9_]+$
+sudoCommand: !/usr/bin/su root
+sudoOrder: 15
+
+dn: cn=jen,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: jen
+sudoUser: jen
+sudoHost: ALL
+sudoHost: !primary
+sudoHost: !mail
+sudoHost: !www
+sudoHost: !ns
+sudoCommand: ALL
+sudoOrder: 16
+
+dn: cn=jill,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: jill
+sudoUser: jill
+sudoHost: primary
+sudoHost: mail
+sudoHost: www
+sudoHost: ns
+sudoOption: log_year
+sudoOption: logfile=/var/log/sudo.log
+sudoCommand: /usr/bin/
+sudoCommand: !/usr/bin/su
+sudoCommand: !/sbin/sh
+sudoCommand: !/usr/bin/sh
+sudoCommand: !/usr/bin/csh
+sudoCommand: !/usr/bin/ksh
+sudoCommand: !/usr/local/bin/tcsh
+sudoCommand: !/usr/bin/rsh
+sudoCommand: !/usr/local/bin/zsh
+sudoOrder: 17
+
+dn: cn=steve,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: steve
+sudoUser: steve
+sudoHost: 128.138.243.0
+sudoHost: 128.138.204.0/24
+sudoHost: 128.138.242.0
+sudoRunAsUser: operator
+sudoCommand: /usr/local/op_commands/
+sudoOrder: 18
+
+dn: cn=matt,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: matt
+sudoUser: matt
+sudoHost: valkyrie
+sudoCommand: /usr/bin/kill
+sudoCommand: /usr/bin/top
+sudoOrder: 19
+
+dn: cn=WEBADMIN,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: WEBADMIN
+sudoUser: will
+sudoUser: wendy
+sudoUser: wim
+sudoHost: www
+sudoRunAsUser: www
+sudoCommand: ALL
+sudoOrder: 20
+
+dn: cn=WEBADMIN_1,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: WEBADMIN_1
+sudoUser: will
+sudoUser: wendy
+sudoUser: wim
+sudoHost: www
+sudoRunAsUser: root
+sudoCommand: /usr/bin/su www
+sudoOrder: 21
+
+dn: cn=ALL,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: ALL
+sudoUser: ALL
+sudoHost: orion
+sudoHost: perseus
+sudoHost: hercules
+sudoOption: !authenticate
+sudoCommand: /sbin/umount /CDROM
+sudoCommand: /sbin/mount -o nosuid,nodev /dev/cd0a /CDROM
+sudoOrder: 22
+
diff --git a/plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif b/plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif
new file mode 100644
index 0000000..d17e670
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif
@@ -0,0 +1,44 @@
+# defaults, SUDOers, sudo.ws
+dn:: Y249ZGVmYXVsdHMsb3U9U1VET2VycyxkYz1zdWRvLGRjPXdz
+objectClass: top
+objectClass: sudoRole
+cn: defaults
+description: Default sudoOption's go here
+sudoOption:: bG9nX291dHB1dA==
+
+# root, SUDOers, sudo.ws
+dn:: Y249cm9vdCxvdT1TVURPZXJzLGRjPXN1ZG8sZGM9d3M=
+objectClass: top
+objectClass: sudoRole
+cn: root
+sudoUser: root
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoHost: ALL
+sudoCommand: ALL
+sudoOption: !authenticate
+sudoOrder: 10
+
+# %wheel, SUDOers, sudo.ws
+dn:: Y249JXdoZWVsLG91PVNVRE9lcnMsZGM9c3VkbyxkYz13cw==
+objectClass: top
+objectClass: sudoRole
+cn: %wheel
+sudoUser: %wheel
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoHost: +sudo-hosts
+sudoCommand: ALL
+sudoOption: !authenticate
+sudoOrder: 10
+
+# millert, SUDOers, other-domain.com
+dn:: Y249bWlsbGVydCxvdT1TVURPZXJzLGRjPW90aGVyLWRvbWFpbixkYz1jb20=
+objectClass: top
+objectClass: sudoRole
+cn: millert
+sudoUser: millert
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoHost: ALL
+sudoOrder: 5
diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.1 b/plugins/sudoers/regress/corpus/seed/policy/policy.1
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/policy/policy.1
@@ -0,0 +1 @@
+
diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.2 b/plugins/sudoers/regress/corpus/seed/policy/policy.2
new file mode 100644
index 0000000..ea1793d
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/policy/policy.2
@@ -0,0 +1,5 @@
+# Minimal test case
+user=root
+uid=0
+gid=0
+host=localhost
diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.3 b/plugins/sudoers/regress/corpus/seed/policy/policy.3
new file mode 100644
index 0000000..b865e4c
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/policy/policy.3
@@ -0,0 +1,11 @@
+# Reproduce CVE-2021-3156
+run_shell=true
+sudoedit=true
+user=millert
+uid=1000
+gid=1000
+cwd=/home/millert
+host=localhost
+argv=foo
+argv=\
+argv=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.4 b/plugins/sudoers/regress/corpus/seed/policy/policy.4
new file mode 100644
index 0000000..e5e3191
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/policy/policy.4
@@ -0,0 +1,36 @@
+# sudo -u nobody /usr/bin/id
+
+plugin_path=/usr/libexec/sudo/sudoers.so
+runas_user=nobody
+progname=sudo
+network_addrs=127.0.0.1/255.255.255.0
+plugin_dir=/usr/libexec/sudo/
+
+user=millert
+pid=1234
+ppid=1230
+pgid=1234
+tcpgid=1234
+sid=1230
+uid=1000
+euid=0
+gid=1000
+egid=1000
+groups=20,0,1000
+umask=022
+cwd=/home/millert
+tty=/dev/pts/1
+host=sudo.ws
+lines=24
+cols=80
+rlimit_core=infinity,infinity
+rlimit_cpu=infinity,infinity
+rlimit_data=1610612736,34359738368
+rlimit_fsize=infinity,infinity
+rlimit_memlock=2727370752,8182112256
+rlimit_nofile=256,1024
+rlimit_nproc=256,512
+rlimit_rss=8175603712,8182112256
+rlimit_stack=4194304,33554432
+
+argv=/usr/bin/id
diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.5 b/plugins/sudoers/regress/corpus/seed/policy/policy.5
new file mode 100644
index 0000000..bffae4d
--- /dev/null
+++ b/plugins/sudoers/regress/corpus/seed/policy/policy.5
@@ -0,0 +1,36 @@
+# sudoedit /etc/hosts
+
+plugin_path=/usr/libexec/sudo/sudoers.so
+progname=sudoedit
+network_addrs=127.0.0.1/255.255.255.0
+plugin_dir=/usr/libexec/sudo/
+
+user=millert
+pid=1234
+ppid=1230
+pgid=1234
+tcpgid=1234
+sid=1230
+uid=1000
+euid=0
+gid=1000
+egid=1000
+groups=20,0,1000
+umask=022
+cwd=/home/millert
+tty=/dev/pts/1
+host=sudo.ws
+lines=24
+cols=80
+rlimit_core=infinity,infinity
+rlimit_cpu=infinity,infinity
+rlimit_data=1610612736,34359738368
+rlimit_fsize=infinity,infinity
+rlimit_memlock=2727370752,8182112256
+rlimit_nofile=256,1024
+rlimit_nproc=256,512
+rlimit_rss=8175603712,8182112256
+rlimit_stack=4194304,33554432
+
+argv=sudoedit
+argv=/etc/hosts