diff options
Diffstat (limited to 'plugins/sudoers/regress/corpus/seed')
9 files changed, 467 insertions, 0 deletions
diff --git a/plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif b/plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif new file mode 100644 index 0000000..b8c7b99 --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif @@ -0,0 +1,33 @@ +# defaults, SUDOers, sudo.ws +dn:: Y249ZGVmYXVsdHMsb3U9U1VET2VycyxkYz1zdWRvLGRjPXdz +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption:: bG9nX29@1dHB1dA== + +# root, SUDOers, sudo.ws +dn:: Y249cm9vdCxvdT1TVURPZXJzLGRjPXN1ZG8sZGM9_d3M= +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoHost: ALL +sudoCommand: ALL +sudoOption: !authenticate +sudoOrder: 10 + +# %wheel, SUDOers, sudo.ws +dn:: Y249JXdoZWVsLG91PVNVRE9lcnMsZGM9c3VkbyxkYz13cw!== +objectClass: top +objectClass: sudoRole +cn: %wheel +sudoUser: %wheel +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoHost: +sudo-hosts +sudoCommand: ALL +sudoOption: !authenticate +sudoOrder: 10 diff --git a/plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif b/plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif new file mode 100644 index 0000000..78c150a --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif @@ -0,0 +1,6 @@ +# Exercise the fix for https://github.com/sudo-project/sudo/pull/169 +# +# If the last byte of the input file was a backslash, the parser would +# read past the end of the buffer. +# +dn: cn= Manager\
\ No newline at end of file diff --git a/plugins/sudoers/regress/corpus/seed/ldif/sample.ldif b/plugins/sudoers/regress/corpus/seed/ldif/sample.ldif new file mode 100644 index 0000000..81474a1 --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/ldif/sample.ldif @@ -0,0 +1,295 @@ +# LDIF version of the example sudoers file + +# Unable to translate ./examples/sudoers:12:17: +# Defaults>root !set_logname + +# Unable to translate ./examples/sudoers:16:24: +# Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: syslog=auth +sudoOption: runcwd=~ + +dn: cn=root,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=%wheel,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %wheel +sudoUser: %wheel +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=FULLTIMERS,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: FULLTIMERS +sudoUser: millert +sudoUser: mikef +sudoUser: dowdy +sudoHost: ALL +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoOption: !authenticate +sudoOption: !lecture +sudoOption: !runchroot=* +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=PARTTIMERS,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: PARTTIMERS +sudoUser: bostley +sudoUser: jwfox +sudoUser: crawl +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 4 + +dn: cn=jack,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: jack +sudoUser: jack +sudoHost: 128.138.243.0 +sudoHost: 128.138.204.0/24 +sudoHost: 128.138.242.0 +sudoCommand: ALL +sudoOrder: 5 + +dn: cn=lisa,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: lisa +sudoUser: lisa +sudoHost: 128.138.0.0/255.255.0.0 +sudoCommand: ALL +sudoOrder: 6 + +dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: operator +sudoUser: operator +sudoHost: ALL +sudoCommand: /usr/sbin/dump +sudoCommand: /usr/sbin/rdump +sudoCommand: /usr/sbin/restore +sudoCommand: /usr/sbin/rrestore +sudoCommand: /usr/bin/mt +sudoCommand: sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/operator/bin/start_backups +sudoCommand: /usr/bin/kill +sudoCommand: /usr/bin/top +sudoCommand: /usr/sbin/shutdown +sudoCommand: /usr/sbin/halt +sudoCommand: /usr/sbin/reboot +sudoCommand: /usr/sbin/lpc +sudoCommand: /usr/bin/lprm +sudoCommand: sudoedit /etc/printcap +sudoCommand: /usr/oper/bin/ +sudoOrder: 7 + +dn: cn=joe,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: joe +sudoUser: joe +sudoHost: ALL +sudoCommand: /usr/bin/su operator +sudoOrder: 8 + +dn: cn=pete,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: pete +sudoUser: pete +sudoHost: boa +sudoHost: nag +sudoHost: python +sudoCommand: /usr/bin/passwd ^[a-zA-Z0-9_]+$ +sudoCommand: !/usr/bin/passwd root +sudoOrder: 9 + +dn: cn=bob,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: bob +sudoUser: bob +sudoHost: bigtime +sudoHost: eclipse +sudoHost: moet +sudoHost: anchor +sudoRunAsUser: root +sudoRunAsUser: operator +sudoCommand: ALL +sudoOrder: 10 + +dn: cn=bob_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: bob_1 +sudoUser: bob +sudoHost: grolsch +sudoHost: dandelion +sudoHost: black +sudoRunAsUser: root +sudoRunAsUser: operator +sudoCommand: ALL +sudoOrder: 11 + +dn: cn=jim,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: jim +sudoUser: jim +sudoHost: +biglab +sudoCommand: ALL +sudoOrder: 12 + +dn: cn=\+secretaries,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \+secretaries +sudoUser: +secretaries +sudoHost: ALL +sudoCommand: /usr/sbin/lpc +sudoCommand: /usr/bin/lprm +sudoCommand: /usr/bin/adduser +sudoCommand: /usr/bin/rmuser +sudoOrder: 13 + +dn: cn=fred,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: fred +sudoUser: fred +sudoHost: ALL +sudoRunAsUser: oracle +sudoRunAsUser: sybase +sudoOption: !authenticate +sudoCommand: ALL +sudoOrder: 14 + +dn: cn=john,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: john +sudoUser: john +sudoHost: widget +sudoHost: thalamus +sudoHost: foobar +sudoCommand: /usr/bin/su ^[a-zA-Z0-9_]+$ +sudoCommand: !/usr/bin/su root +sudoOrder: 15 + +dn: cn=jen,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: jen +sudoUser: jen +sudoHost: ALL +sudoHost: !primary +sudoHost: !mail +sudoHost: !www +sudoHost: !ns +sudoCommand: ALL +sudoOrder: 16 + +dn: cn=jill,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: jill +sudoUser: jill +sudoHost: primary +sudoHost: mail +sudoHost: www +sudoHost: ns +sudoOption: log_year +sudoOption: logfile=/var/log/sudo.log +sudoCommand: /usr/bin/ +sudoCommand: !/usr/bin/su +sudoCommand: !/sbin/sh +sudoCommand: !/usr/bin/sh +sudoCommand: !/usr/bin/csh +sudoCommand: !/usr/bin/ksh +sudoCommand: !/usr/local/bin/tcsh +sudoCommand: !/usr/bin/rsh +sudoCommand: !/usr/local/bin/zsh +sudoOrder: 17 + +dn: cn=steve,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: steve +sudoUser: steve +sudoHost: 128.138.243.0 +sudoHost: 128.138.204.0/24 +sudoHost: 128.138.242.0 +sudoRunAsUser: operator +sudoCommand: /usr/local/op_commands/ +sudoOrder: 18 + +dn: cn=matt,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: matt +sudoUser: matt +sudoHost: valkyrie +sudoCommand: /usr/bin/kill +sudoCommand: /usr/bin/top +sudoOrder: 19 + +dn: cn=WEBADMIN,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: WEBADMIN +sudoUser: will +sudoUser: wendy +sudoUser: wim +sudoHost: www +sudoRunAsUser: www +sudoCommand: ALL +sudoOrder: 20 + +dn: cn=WEBADMIN_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: WEBADMIN_1 +sudoUser: will +sudoUser: wendy +sudoUser: wim +sudoHost: www +sudoRunAsUser: root +sudoCommand: /usr/bin/su www +sudoOrder: 21 + +dn: cn=ALL,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: ALL +sudoUser: ALL +sudoHost: orion +sudoHost: perseus +sudoHost: hercules +sudoOption: !authenticate +sudoCommand: /sbin/umount /CDROM +sudoCommand: /sbin/mount -o nosuid,nodev /dev/cd0a /CDROM +sudoOrder: 22 + diff --git a/plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif b/plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif new file mode 100644 index 0000000..d17e670 --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif @@ -0,0 +1,44 @@ +# defaults, SUDOers, sudo.ws +dn:: Y249ZGVmYXVsdHMsb3U9U1VET2VycyxkYz1zdWRvLGRjPXdz +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption:: bG9nX291dHB1dA== + +# root, SUDOers, sudo.ws +dn:: Y249cm9vdCxvdT1TVURPZXJzLGRjPXN1ZG8sZGM9d3M= +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoHost: ALL +sudoCommand: ALL +sudoOption: !authenticate +sudoOrder: 10 + +# %wheel, SUDOers, sudo.ws +dn:: Y249JXdoZWVsLG91PVNVRE9lcnMsZGM9c3VkbyxkYz13cw== +objectClass: top +objectClass: sudoRole +cn: %wheel +sudoUser: %wheel +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoHost: +sudo-hosts +sudoCommand: ALL +sudoOption: !authenticate +sudoOrder: 10 + +# millert, SUDOers, other-domain.com +dn:: Y249bWlsbGVydCxvdT1TVURPZXJzLGRjPW90aGVyLWRvbWFpbixkYz1jb20= +objectClass: top +objectClass: sudoRole +cn: millert +sudoUser: millert +sudoRunAsUser: ALL +sudoRunAsGroup: ALL +sudoHost: ALL +sudoOrder: 5 diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.1 b/plugins/sudoers/regress/corpus/seed/policy/policy.1 new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/policy/policy.1 @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.2 b/plugins/sudoers/regress/corpus/seed/policy/policy.2 new file mode 100644 index 0000000..ea1793d --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/policy/policy.2 @@ -0,0 +1,5 @@ +# Minimal test case +user=root +uid=0 +gid=0 +host=localhost diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.3 b/plugins/sudoers/regress/corpus/seed/policy/policy.3 new file mode 100644 index 0000000..b865e4c --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/policy/policy.3 @@ -0,0 +1,11 @@ +# Reproduce CVE-2021-3156 +run_shell=true +sudoedit=true +user=millert +uid=1000 +gid=1000 +cwd=/home/millert +host=localhost +argv=foo +argv=\ +argv=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.4 b/plugins/sudoers/regress/corpus/seed/policy/policy.4 new file mode 100644 index 0000000..e5e3191 --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/policy/policy.4 @@ -0,0 +1,36 @@ +# sudo -u nobody /usr/bin/id + +plugin_path=/usr/libexec/sudo/sudoers.so +runas_user=nobody +progname=sudo +network_addrs=127.0.0.1/255.255.255.0 +plugin_dir=/usr/libexec/sudo/ + +user=millert +pid=1234 +ppid=1230 +pgid=1234 +tcpgid=1234 +sid=1230 +uid=1000 +euid=0 +gid=1000 +egid=1000 +groups=20,0,1000 +umask=022 +cwd=/home/millert +tty=/dev/pts/1 +host=sudo.ws +lines=24 +cols=80 +rlimit_core=infinity,infinity +rlimit_cpu=infinity,infinity +rlimit_data=1610612736,34359738368 +rlimit_fsize=infinity,infinity +rlimit_memlock=2727370752,8182112256 +rlimit_nofile=256,1024 +rlimit_nproc=256,512 +rlimit_rss=8175603712,8182112256 +rlimit_stack=4194304,33554432 + +argv=/usr/bin/id diff --git a/plugins/sudoers/regress/corpus/seed/policy/policy.5 b/plugins/sudoers/regress/corpus/seed/policy/policy.5 new file mode 100644 index 0000000..bffae4d --- /dev/null +++ b/plugins/sudoers/regress/corpus/seed/policy/policy.5 @@ -0,0 +1,36 @@ +# sudoedit /etc/hosts + +plugin_path=/usr/libexec/sudo/sudoers.so +progname=sudoedit +network_addrs=127.0.0.1/255.255.255.0 +plugin_dir=/usr/libexec/sudo/ + +user=millert +pid=1234 +ppid=1230 +pgid=1234 +tcpgid=1234 +sid=1230 +uid=1000 +euid=0 +gid=1000 +egid=1000 +groups=20,0,1000 +umask=022 +cwd=/home/millert +tty=/dev/pts/1 +host=sudo.ws +lines=24 +cols=80 +rlimit_core=infinity,infinity +rlimit_cpu=infinity,infinity +rlimit_data=1610612736,34359738368 +rlimit_fsize=infinity,infinity +rlimit_memlock=2727370752,8182112256 +rlimit_nofile=256,1024 +rlimit_nproc=256,512 +rlimit_rss=8175603712,8182112256 +rlimit_stack=4194304,33554432 + +argv=sudoedit +argv=/etc/hosts |