diff options
Diffstat (limited to 'plugins/sudoers/regress/sudoers')
169 files changed, 5552 insertions, 0 deletions
diff --git a/plugins/sudoers/regress/sudoers/test1.in b/plugins/sudoers/regress/sudoers/test1.in new file mode 100644 index 0000000..d87c872 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test1.in @@ -0,0 +1,12 @@ +# +# Verify that all command tags are parsed OK. +# See https://bugzilla.sudo.ws/show_bug.cgi?id=437 +# +user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su -:\ + ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id +user2 ALL = NOPASSWD: NOEXEC: SETENV: /usr/bin/vi:\ + ALL = PASSWD: EXEC: NOSETENV: /usr/bin/echo +user3 ALL = MAIL: /bin/sh:\ + ALL = NOMAIL: /usr/bin/id +user4 ALL = FOLLOW: sudoedit /etc/motd:\ + ALL = NOFOLLOW: sudoedit /home/*/* diff --git a/plugins/sudoers/regress/sudoers/test1.json.ok b/plugins/sudoers/regress/sudoers/test1.json.ok new file mode 100644 index 0000000..9523e4a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test1.json.ok @@ -0,0 +1,154 @@ +{ + "User_Specs": [ + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "log_input": true }, + { "log_output": true } + ], + "Commands": [ + { "command": "/usr/bin/su -" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "log_input": false }, + { "log_output": false } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "authenticate": false }, + { "noexec": true }, + { "setenv": true } + ], + "Commands": [ + { "command": "/usr/bin/vi" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "authenticate": true }, + { "noexec": false }, + { "setenv": false } + ], + "Commands": [ + { "command": "/usr/bin/echo" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "send_mail": true } + ], + "Commands": [ + { "command": "/bin/sh" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "send_mail": false } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user4" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "sudoedit_follow": true } + ], + "Commands": [ + { "command": "sudoedit /etc/motd" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user4" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "sudoedit_follow": false } + ], + "Commands": [ + { "command": "sudoedit /home/*/*" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test1.ldif.ok b/plugins/sudoers/regress/sudoers/test1.ldif.ok new file mode 100644 index 0000000..7f3fcfc --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test1.ldif.ok @@ -0,0 +1,88 @@ +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoOption: log_input +sudoOption: log_output +sudoCommand: /usr/bin/su - +sudoOrder: 1 + +dn: cn=user1_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1_1 +sudoUser: user1 +sudoHost: ALL +sudoOption: !log_input +sudoOption: !log_output +sudoCommand: /usr/bin/id +sudoOrder: 2 + +dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2 +sudoUser: user2 +sudoHost: ALL +sudoOption: !authenticate +sudoOption: noexec +sudoOption: setenv +sudoCommand: /usr/bin/vi +sudoOrder: 3 + +dn: cn=user2_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2_1 +sudoUser: user2 +sudoHost: ALL +sudoOption: authenticate +sudoOption: !noexec +sudoOption: !setenv +sudoCommand: /usr/bin/echo +sudoOrder: 4 + +dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3 +sudoUser: user3 +sudoHost: ALL +sudoOption: mail_all_cmnds +sudoCommand: /bin/sh +sudoOrder: 5 + +dn: cn=user3_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3_1 +sudoUser: user3 +sudoHost: ALL +sudoOption: !mail_all_cmnds +sudoOption: !mail_always +sudoOption: !mail_no_perms +sudoCommand: /usr/bin/id +sudoOrder: 6 + +dn: cn=user4,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user4 +sudoUser: user4 +sudoHost: ALL +sudoOption: sudoedit_follow +sudoCommand: sudoedit /etc/motd +sudoOrder: 7 + +dn: cn=user4_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user4_1 +sudoUser: user4 +sudoHost: ALL +sudoOption: !sudoedit_follow +sudoCommand: sudoedit /home/*/* +sudoOrder: 8 + diff --git a/plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok new file mode 100644 index 0000000..126fe91 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok @@ -0,0 +1,13 @@ +# sudoRole user1, user1_1 +user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su -, NOLOG_INPUT: NOLOG_OUTPUT:\ + /usr/bin/id + +# sudoRole user2, user2_1 +user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi, NOSETENV: EXEC: PASSWD:\ + /usr/bin/echo + +# sudoRole user3, user3_1 +user3 ALL = MAIL: /bin/sh, NOMAIL: /usr/bin/id + +# sudoRole user4, user4_1 +user4 ALL = FOLLOW: sudoedit /etc/motd, NOFOLLOW: sudoedit /home/*/* diff --git a/plugins/sudoers/regress/sudoers/test1.out.ok b/plugins/sudoers/regress/sudoers/test1.out.ok new file mode 100644 index 0000000..3d6bab4 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test1.out.ok @@ -0,0 +1,6 @@ +Parses OK + +user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su - : ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id +user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi : ALL = NOSETENV: EXEC: PASSWD: /usr/bin/echo +user3 ALL = MAIL: /bin/sh : ALL = NOMAIL: /usr/bin/id +user4 ALL = FOLLOW: sudoedit /etc/motd : ALL = NOFOLLOW: sudoedit /home/*/* diff --git a/plugins/sudoers/regress/sudoers/test1.toke.ok b/plugins/sudoers/regress/sudoers/test1.toke.ok new file mode 100644 index 0000000..28c8592 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test1.toke.ok @@ -0,0 +1,8 @@ +# +# +# +# +WORD(6) ALL = LOG_INPUT LOG_OUTPUT COMMAND ARG : ALL = NOLOG_INPUT NOLOG_OUTPUT COMMAND +WORD(6) ALL = NOPASSWD NOEXEC SETENV COMMAND : ALL = PASSWD EXEC NOSETENV COMMAND +WORD(6) ALL = MAIL COMMAND : ALL = NOMAIL COMMAND +WORD(6) ALL = FOLLOW COMMAND ARG : ALL = NOFOLLOW COMMAND ARG diff --git a/plugins/sudoers/regress/sudoers/test10.in b/plugins/sudoers/regress/sudoers/test10.in new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.in @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test10.json.ok b/plugins/sudoers/regress/sudoers/test10.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.json.ok diff --git a/plugins/sudoers/regress/sudoers/test10.ldif.ok b/plugins/sudoers/regress/sudoers/test10.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test10.out.ok b/plugins/sudoers/regress/sudoers/test10.out.ok new file mode 100644 index 0000000..5af5c53 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.out.ok @@ -0,0 +1,2 @@ +Parses OK + diff --git a/plugins/sudoers/regress/sudoers/test10.toke.ok b/plugins/sudoers/regress/sudoers/test10.toke.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test10.toke.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test11.in b/plugins/sudoers/regress/sudoers/test11.in new file mode 100644 index 0000000..5ffba7b --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.in @@ -0,0 +1 @@ +bogus diff --git a/plugins/sudoers/regress/sudoers/test11.json.ok b/plugins/sudoers/regress/sudoers/test11.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.json.ok diff --git a/plugins/sudoers/regress/sudoers/test11.ldif.ok b/plugins/sudoers/regress/sudoers/test11.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test11.out.ok b/plugins/sudoers/regress/sudoers/test11.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test11.toke.ok b/plugins/sudoers/regress/sudoers/test11.toke.ok new file mode 100644 index 0000000..bfef7a7 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test11.toke.ok @@ -0,0 +1,2 @@ +WORD(6) +<*>
\ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test12.in b/plugins/sudoers/regress/sudoers/test12.in new file mode 100644 index 0000000..23bda4a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.in @@ -0,0 +1 @@ +user ALL = (ALL) diff --git a/plugins/sudoers/regress/sudoers/test12.json.ok b/plugins/sudoers/regress/sudoers/test12.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.json.ok diff --git a/plugins/sudoers/regress/sudoers/test12.ldif.ok b/plugins/sudoers/regress/sudoers/test12.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test12.out.ok b/plugins/sudoers/regress/sudoers/test12.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test12.toke.ok b/plugins/sudoers/regress/sudoers/test12.toke.ok new file mode 100644 index 0000000..0d79959 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test12.toke.ok @@ -0,0 +1,2 @@ +WORD(6) ALL = ( ALL ) +<*>
\ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test13.in b/plugins/sudoers/regress/sudoers/test13.in new file mode 100644 index 0000000..b8002bc --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.in @@ -0,0 +1 @@ +user ALL = (ALL)
\ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test13.json.ok b/plugins/sudoers/regress/sudoers/test13.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.json.ok diff --git a/plugins/sudoers/regress/sudoers/test13.ldif.ok b/plugins/sudoers/regress/sudoers/test13.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test13.out.ok b/plugins/sudoers/regress/sudoers/test13.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test13.toke.ok b/plugins/sudoers/regress/sudoers/test13.toke.ok new file mode 100644 index 0000000..0d79959 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test13.toke.ok @@ -0,0 +1,2 @@ +WORD(6) ALL = ( ALL ) +<*>
\ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test14.in b/plugins/sudoers/regress/sudoers/test14.in new file mode 100644 index 0000000..bdbac68 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.in @@ -0,0 +1,6 @@ +Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls +Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh + +millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill + +operator ALL = sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff --git a/plugins/sudoers/regress/sudoers/test14.json.ok b/plugins/sudoers/regress/sudoers/test14.json.ok new file mode 100644 index 0000000..7e0e3c3 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.json.ok @@ -0,0 +1,62 @@ +{ + "Command_Aliases": { + "LS": [ + { + "command": "/bin/ls", + "sha224": "d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1", + "sha224": "d7910e1967342b4605cb73a550944044c631cd3514001900966962ac" + } + ], + "SH": [ + { + "command": "/bin/sh", + "sha256": "hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=", + "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" + } + ] + }, + "User_Specs": [ + { + "User_List": [ + { "username": "millert" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "cmndalias": "LS" }, + { "cmndalias": "SH" }, + { + "command": "/bin/kill", + "sha512": "srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw" + } + ] + } + ] + }, + { + "User_List": [ + { "username": "operator" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { + "command": "ALL", + "sha384": "knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu", + "sha256": "1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4=" + } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test14.ldif.ok b/plugins/sudoers/regress/sudoers/test14.ldif.ok new file mode 100644 index 0000000..4d26c5d --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.ldif.ok @@ -0,0 +1,20 @@ +dn: cn=millert,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: millert +sudoUser: millert +sudoHost: ALL +sudoCommand: sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls +sudoCommand: sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh +sudoCommand: sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill +sudoOrder: 1 + +dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: operator +sudoUser: operator +sudoHost: ALL +sudoCommand: sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL +sudoOrder: 2 + diff --git a/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok new file mode 100644 index 0000000..c742a95 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok @@ -0,0 +1,12 @@ +# sudoRole millert +millert ALL = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1,\ + sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls,\ + sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=,\ + sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh,\ + sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw\ + /bin/kill + +# sudoRole operator +operator ALL =\ + sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu,\ + sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff --git a/plugins/sudoers/regress/sudoers/test14.out.ok b/plugins/sudoers/regress/sudoers/test14.out.ok new file mode 100644 index 0000000..658f74d --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.out.ok @@ -0,0 +1,7 @@ +Parses OK + +Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls +Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh + +millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill +operator ALL = sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL diff --git a/plugins/sudoers/regress/sudoers/test14.toke.ok b/plugins/sudoers/regress/sudoers/test14.toke.ok new file mode 100644 index 0000000..edf8099 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test14.toke.ok @@ -0,0 +1,6 @@ +CMNDALIAS ALIAS = SHA224_TOK : DIGEST , SHA224_TOK : DIGEST COMMAND +CMNDALIAS ALIAS = SHA256_TOK : DIGEST , SHA256_TOK : DIGEST COMMAND + +WORD(6) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND + +WORD(6) ALL = SHA384_TOK : DIGEST , SHA256_TOK : DIGEST ALL diff --git a/plugins/sudoers/regress/sudoers/test15.in b/plugins/sudoers/regress/sudoers/test15.in new file mode 100644 index 0000000..11bcb13 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test15.in @@ -0,0 +1,2 @@ +# Test parsing of sudoedit rule +user ALL = sudoedit /etc/motd diff --git a/plugins/sudoers/regress/sudoers/test15.json.ok b/plugins/sudoers/regress/sudoers/test15.json.ok new file mode 100644 index 0000000..ff1795a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test15.json.ok @@ -0,0 +1,19 @@ +{ + "User_Specs": [ + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "sudoedit /etc/motd" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test15.ldif.ok b/plugins/sudoers/regress/sudoers/test15.ldif.ok new file mode 100644 index 0000000..ac35ba0 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test15.ldif.ok @@ -0,0 +1,9 @@ +dn: cn=user,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user +sudoUser: user +sudoHost: ALL +sudoCommand: sudoedit /etc/motd +sudoOrder: 1 + diff --git a/plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok new file mode 100644 index 0000000..775d59e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok @@ -0,0 +1,2 @@ +# sudoRole user +user ALL = sudoedit /etc/motd diff --git a/plugins/sudoers/regress/sudoers/test15.out.ok b/plugins/sudoers/regress/sudoers/test15.out.ok new file mode 100644 index 0000000..b230cf2 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test15.out.ok @@ -0,0 +1,3 @@ +Parses OK + +user ALL = sudoedit /etc/motd diff --git a/plugins/sudoers/regress/sudoers/test15.toke.ok b/plugins/sudoers/regress/sudoers/test15.toke.ok new file mode 100644 index 0000000..08bb2b8 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test15.toke.ok @@ -0,0 +1,2 @@ +# +WORD(6) ALL = COMMAND ARG diff --git a/plugins/sudoers/regress/sudoers/test16.in b/plugins/sudoers/regress/sudoers/test16.in new file mode 100644 index 0000000..d2a79ea --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test16.in @@ -0,0 +1,3 @@ +# Test parsing of sudoedit rule in a Cmnd_Alias +Cmnd_Alias EDIT = sudoedit /etc/motd +user ALL = EDIT diff --git a/plugins/sudoers/regress/sudoers/test16.json.ok b/plugins/sudoers/regress/sudoers/test16.json.ok new file mode 100644 index 0000000..7c42654 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test16.json.ok @@ -0,0 +1,24 @@ +{ + "Command_Aliases": { + "EDIT": [ + { "command": "sudoedit /etc/motd" } + ] + }, + "User_Specs": [ + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "cmndalias": "EDIT" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test16.ldif.ok b/plugins/sudoers/regress/sudoers/test16.ldif.ok new file mode 100644 index 0000000..ac35ba0 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test16.ldif.ok @@ -0,0 +1,9 @@ +dn: cn=user,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user +sudoUser: user +sudoHost: ALL +sudoCommand: sudoedit /etc/motd +sudoOrder: 1 + diff --git a/plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok new file mode 100644 index 0000000..775d59e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok @@ -0,0 +1,2 @@ +# sudoRole user +user ALL = sudoedit /etc/motd diff --git a/plugins/sudoers/regress/sudoers/test16.out.ok b/plugins/sudoers/regress/sudoers/test16.out.ok new file mode 100644 index 0000000..7b8c918 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test16.out.ok @@ -0,0 +1,5 @@ +Parses OK + +Cmnd_Alias EDIT = sudoedit /etc/motd + +user ALL = EDIT diff --git a/plugins/sudoers/regress/sudoers/test16.toke.ok b/plugins/sudoers/regress/sudoers/test16.toke.ok new file mode 100644 index 0000000..debc4c7 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test16.toke.ok @@ -0,0 +1,3 @@ +# +CMNDALIAS ALIAS = COMMAND ARG +WORD(6) ALL = ALIAS diff --git a/plugins/sudoers/regress/sudoers/test17.in b/plugins/sudoers/regress/sudoers/test17.in new file mode 100644 index 0000000..37d066c --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test17.in @@ -0,0 +1,13 @@ +# Test parsing of command_timeout and TIMEOUT syntax +Defaults command_timeout=2d8h10m59s +user0 ALL = TIMEOUT=7D4H10M30S /usr/bin/id, /usr/bin/who, TIMEOUT=0 /bin/ls +user1 ALL = TIMEOUT=7d4h10m30s /usr/bin/id +user2 ALL = TIMEOUT=4h10m30s /usr/bin/id +user3 ALL = TIMEOUT=10m30s /usr/bin/id +user4 ALL = TIMEOUT=14d /usr/bin/id +user5 ALL = TIMEOUT=5m /usr/bin/id +user6 ALL = TIMEOUT=30s /usr/bin/id +user7 ALL = TIMEOUT=45 /usr/bin/id +user8 ALL = TIMEOUT=7d4h10m30s /usr/bin/id, TIMEOUT=4h10m30s /usr/bin/id, \ + TIMEOUT=10m30s /usr/bin/id, TIMEOUT=14d /usr/bin/id, \ + TIMEOUT=5m /usr/bin/id, TIMEOUT=30s /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test17.json.ok b/plugins/sudoers/regress/sudoers/test17.json.ok new file mode 100644 index 0000000..2f39a37 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test17.json.ok @@ -0,0 +1,180 @@ +{ + "Defaults": [ + { + "Options": [ + { "command_timeout": "2d8h10m59s" } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "username": "user0" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 619830 } + ], + "Commands": [ + { "command": "/usr/bin/id" }, + { "command": "/usr/bin/who" }, + { "command": "/bin/ls" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 619830 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 15030 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 630 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user4" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 1209600 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user5" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 300 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user6" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 30 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user7" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 45 } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user8" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "command_timeout": 619830 } + ], + "Commands": [ + { "command": "/usr/bin/id" }, + { "command": "/usr/bin/id" }, + { "command": "/usr/bin/id" }, + { "command": "/usr/bin/id" }, + { "command": "/usr/bin/id" }, + { "command": "/usr/bin/id" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test17.ldif.ok b/plugins/sudoers/regress/sudoers/test17.ldif.ok new file mode 100644 index 0000000..bdc784c --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test17.ldif.ok @@ -0,0 +1,104 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: command_timeout=2d8h10m59s + +dn: cn=user0,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user0 +sudoUser: user0 +sudoHost: ALL +sudoOption: command_timeout=619830 +sudoCommand: /usr/bin/id +sudoCommand: /usr/bin/who +sudoCommand: /bin/ls +sudoOrder: 1 + +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoOption: command_timeout=619830 +sudoCommand: /usr/bin/id +sudoOrder: 2 + +dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2 +sudoUser: user2 +sudoHost: ALL +sudoOption: command_timeout=15030 +sudoCommand: /usr/bin/id +sudoOrder: 3 + +dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3 +sudoUser: user3 +sudoHost: ALL +sudoOption: command_timeout=630 +sudoCommand: /usr/bin/id +sudoOrder: 4 + +dn: cn=user4,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user4 +sudoUser: user4 +sudoHost: ALL +sudoOption: command_timeout=1209600 +sudoCommand: /usr/bin/id +sudoOrder: 5 + +dn: cn=user5,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user5 +sudoUser: user5 +sudoHost: ALL +sudoOption: command_timeout=300 +sudoCommand: /usr/bin/id +sudoOrder: 6 + +dn: cn=user6,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user6 +sudoUser: user6 +sudoHost: ALL +sudoOption: command_timeout=30 +sudoCommand: /usr/bin/id +sudoOrder: 7 + +dn: cn=user7,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user7 +sudoUser: user7 +sudoHost: ALL +sudoOption: command_timeout=45 +sudoCommand: /usr/bin/id +sudoOrder: 8 + +dn: cn=user8,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user8 +sudoUser: user8 +sudoHost: ALL +sudoOption: command_timeout=619830 +sudoCommand: /usr/bin/id +sudoCommand: /usr/bin/id +sudoCommand: /usr/bin/id +sudoCommand: /usr/bin/id +sudoCommand: /usr/bin/id +sudoCommand: /usr/bin/id +sudoOrder: 9 + diff --git a/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok new file mode 100644 index 0000000..608f52f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok @@ -0,0 +1,29 @@ +Defaults command_timeout=2d8h10m59s + +# sudoRole user0 +user0 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/who, /bin/ls + +# sudoRole user1 +user1 ALL = TIMEOUT=619830 /usr/bin/id + +# sudoRole user2 +user2 ALL = TIMEOUT=15030 /usr/bin/id + +# sudoRole user3 +user3 ALL = TIMEOUT=630 /usr/bin/id + +# sudoRole user4 +user4 ALL = TIMEOUT=1209600 /usr/bin/id + +# sudoRole user5 +user5 ALL = TIMEOUT=300 /usr/bin/id + +# sudoRole user6 +user6 ALL = TIMEOUT=30 /usr/bin/id + +# sudoRole user7 +user7 ALL = TIMEOUT=45 /usr/bin/id + +# sudoRole user8 +user8 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id,\ + /usr/bin/id, /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test17.out.ok b/plugins/sudoers/regress/sudoers/test17.out.ok new file mode 100644 index 0000000..f0c8086 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test17.out.ok @@ -0,0 +1,13 @@ +Parses OK + +Defaults command_timeout=2d8h10m59s + +user0 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/who, /bin/ls +user1 ALL = TIMEOUT=619830 /usr/bin/id +user2 ALL = TIMEOUT=15030 /usr/bin/id +user3 ALL = TIMEOUT=630 /usr/bin/id +user4 ALL = TIMEOUT=1209600 /usr/bin/id +user5 ALL = TIMEOUT=300 /usr/bin/id +user6 ALL = TIMEOUT=30 /usr/bin/id +user7 ALL = TIMEOUT=45 /usr/bin/id +user8 ALL = TIMEOUT=619830 /usr/bin/id, TIMEOUT=15030 /usr/bin/id, TIMEOUT=630 /usr/bin/id, TIMEOUT=1209600 /usr/bin/id, TIMEOUT=300 /usr/bin/id, TIMEOUT=30 /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test17.toke.ok b/plugins/sudoers/regress/sudoers/test17.toke.ok new file mode 100644 index 0000000..d0a82ca --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test17.toke.ok @@ -0,0 +1,11 @@ +# +DEFAULTS DEFVAR = WORD(2) +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND , COMMAND , CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND diff --git a/plugins/sudoers/regress/sudoers/test18.in b/plugins/sudoers/regress/sudoers/test18.in new file mode 100644 index 0000000..8d94ec7 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test18.in @@ -0,0 +1,8 @@ +# Test command_timeout and TIMEOUT syntax errors +Defaults command_timeout=2d8h10m59ss +Defaults:root command_timeout=15f +user0 ALL = TIMEOUT=7dd4h10m30s /usr/bin/id, /usr/bin/who, TIMEOUT=0 /bin/ls +user1 ALL = TIMEOUT=7d4h10mm30s /usr/bin/id +user2 ALL = TIMEOUT=4hg10m30s /usr/bin/id +user3 ALL = TIMEOUT=10m30ss /usr/bin/id +user4 ALL = TIMEOUT=14g /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test18.json.ok b/plugins/sudoers/regress/sudoers/test18.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test18.json.ok diff --git a/plugins/sudoers/regress/sudoers/test18.ldif.ok b/plugins/sudoers/regress/sudoers/test18.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test18.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test18.out.ok b/plugins/sudoers/regress/sudoers/test18.out.ok new file mode 100644 index 0000000..03f9ef6 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test18.out.ok @@ -0,0 +1,3 @@ + +Defaults command_timeout=2d8h10m59ss +Defaults:root command_timeout=15f diff --git a/plugins/sudoers/regress/sudoers/test18.toke.ok b/plugins/sudoers/regress/sudoers/test18.toke.ok new file mode 100644 index 0000000..7c800a8 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test18.toke.ok @@ -0,0 +1,10 @@ +# +DEFAULTS DEFVAR = WORD(2) +DEFAULTS_USER WORD(6) DEFVAR = WORD(2) +WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND , COMMAND , CMND_TIMEOUT = WORD(6) COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND +WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND +sudoers:2:26: value "2d8h10m59ss" is invalid for option "command_timeout" +sudoers:3:31: value "15f" is invalid for option "command_timeout" diff --git a/plugins/sudoers/regress/sudoers/test19.in b/plugins/sudoers/regress/sudoers/test19.in new file mode 100644 index 0000000..5f637a7 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test19.in @@ -0,0 +1,12 @@ +# Test parsing of NOTBEFORE and NOTAFTER syntax +# Local time zone parsing is checked in visudo/test10.sh +user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, /bin/ls +user1 ALL = NOTBEFORE=201702140830Z /usr/bin/id, NOTAFTER=20170301083000Z /bin/ls +user2 ALL = NOTBEFORE=201702140830.3Z /usr/bin/id +user3 ALL = NOTBEFORE=2017021408Z /usr/bin/id +user4 ALL = NOTBEFORE=2017021408.4Z /usr/bin/id +user5 ALL = NOTBEFORE=20170214083000.5Z /usr/bin/id +user6 ALL = NOTBEFORE=20170214083000\,5Z /usr/bin/id +user7 ALL = NOTBEFORE=20170214033000-0500 /usr/bin/id +user8 ALL = NOTBEFORE=20170214033000.0-0500 /usr/bin/id +user9 ALL = NOTBEFORE=20170214033000\,0-0500 /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test19.json.ok b/plugins/sudoers/regress/sudoers/test19.json.ok new file mode 100644 index 0000000..c9a1bfd --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test19.json.ok @@ -0,0 +1,187 @@ +{ + "User_Specs": [ + { + "User_List": [ + { "username": "user0" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" }, + { "notafter": "20170301083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" }, + { "command": "/bin/ls" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" }, + { "command": "/bin/ls" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083018Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214080000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user4" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214082400Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user5" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user6" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user7" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user8" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user9" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "notbefore": "20170214083000Z" } + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test19.ldif.ok b/plugins/sudoers/regress/sudoers/test19.ldif.ok new file mode 100644 index 0000000..362aa9e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test19.ldif.ok @@ -0,0 +1,103 @@ +dn: cn=user0,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user0 +sudoUser: user0 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoNotAfter: 20170301083000Z +sudoCommand: /usr/bin/id +sudoCommand: /bin/ls +sudoOrder: 1 + +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoCommand: /usr/bin/id +sudoCommand: /bin/ls +sudoOrder: 2 + +dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2 +sudoUser: user2 +sudoHost: ALL +sudoNotBefore: 20170214083018Z +sudoCommand: /usr/bin/id +sudoOrder: 3 + +dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3 +sudoUser: user3 +sudoHost: ALL +sudoNotBefore: 20170214080000Z +sudoCommand: /usr/bin/id +sudoOrder: 4 + +dn: cn=user4,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user4 +sudoUser: user4 +sudoHost: ALL +sudoNotBefore: 20170214082400Z +sudoCommand: /usr/bin/id +sudoOrder: 5 + +dn: cn=user5,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user5 +sudoUser: user5 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoCommand: /usr/bin/id +sudoOrder: 6 + +dn: cn=user6,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user6 +sudoUser: user6 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoCommand: /usr/bin/id +sudoOrder: 7 + +dn: cn=user7,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user7 +sudoUser: user7 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoCommand: /usr/bin/id +sudoOrder: 8 + +dn: cn=user8,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user8 +sudoUser: user8 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoCommand: /usr/bin/id +sudoOrder: 9 + +dn: cn=user9,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user9 +sudoUser: user9 +sudoHost: ALL +sudoNotBefore: 20170214083000Z +sudoCommand: /usr/bin/id +sudoOrder: 10 + diff --git a/plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok new file mode 100644 index 0000000..1aef1bc --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok @@ -0,0 +1,30 @@ +# sudoRole user0 +user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id,\ + /bin/ls + +# sudoRole user1 +user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, /bin/ls + +# sudoRole user2 +user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id + +# sudoRole user3 +user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id + +# sudoRole user4 +user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id + +# sudoRole user5 +user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id + +# sudoRole user6 +user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id + +# sudoRole user7 +user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id + +# sudoRole user8 +user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id + +# sudoRole user9 +user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test19.out.ok b/plugins/sudoers/regress/sudoers/test19.out.ok new file mode 100644 index 0000000..dacfefd --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test19.out.ok @@ -0,0 +1,12 @@ +Parses OK + +user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, /bin/ls +user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, NOTAFTER=20170301083000Z /bin/ls +user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id +user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id +user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id +user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id +user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id diff --git a/plugins/sudoers/regress/sudoers/test19.toke.ok b/plugins/sudoers/regress/sudoers/test19.toke.ok new file mode 100644 index 0000000..04461d9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test19.toke.ok @@ -0,0 +1,12 @@ +# +# +WORD(6) ALL = NOTBEFORE = WORD(6) NOTAFTER = WORD(6) COMMAND , COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND , NOTAFTER = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND +WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND diff --git a/plugins/sudoers/regress/sudoers/test2.in b/plugins/sudoers/regress/sudoers/test2.in new file mode 100644 index 0000000..b81ae54 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test2.in @@ -0,0 +1,63 @@ +# Check quoted user name in User_Alias +User_Alias UA1 = "foo" +User_Alias UA2 = "foo.bar" +User_Alias UA3 = "foo\"" +User_Alias UA4 = "foo:bar" +User_Alias UA5 = "foo:bar\"" + +# Check quoted group name in User_Alias +User_Alias UA6 = "%baz" +User_Alias UA7 = "%baz.biz" + +# Check quoted non-Unix group name in User_Alias +User_Alias UA8 = "%:C/non UNIX 0 c" +User_Alias UA9 = "%:C/non\'UNIX\'1 c" +User_Alias UA10 = "%:C/non\"UNIX\"0 c" +User_Alias UA11 = "%:C/non_UNIX_0 c" +User_Alias UA12 = "%:C/non\'UNIX_3 c" + +# Check quoted user name in Runas_Alias +Runas_Alias RA1 = "foo" +Runas_Alias RA2 = "foo\"" +Runas_Alias RA3 = "foo:bar" +Runas_Alias RA4 = "foo:bar\"" + +# Check quoted host name in Defaults +Defaults@"somehost" set_home +Defaults@"quoted\"" set_home + +# Check quoted user name in Defaults +Defaults:"you" set_home +Defaults:"us\"" set_home +Defaults:"%them" set_home +Defaults:"%: non UNIX 0 c" set_home +Defaults:"+net" set_home + +# Check quoted runas name in Defaults +Defaults>"someone" set_home +Defaults>"some one" set_home + +# Check quoted command in Defaults +# XXX - not currently supported +#Defaults!"/bin/ls -l" set_home +#Defaults!"/bin/ls -l \"foo\"" set_home + +# Check quoted user, runas and host name in Cmnd_Spec +"foo" "hosta" = ("root") ALL +"foo.bar" "hostb" = ("root") ALL +"foo\"" "hostc" = ("root") ALL +"foo:bar" "hostd" = ("root") ALL +"foo:bar\"" "hoste" = ("root") ALL + +# Check quoted group/netgroup name in Cmnd_Spec +"%baz" "hosta" = ("root") ALL +"%baz.biz" "hostb" = ("root") ALL +"%:C/non UNIX 0 c" "hostc" = ("root") ALL +"%:C/non\'UNIX\'1 c" "hostd" = ("root") ALL +"%:C/non\"UNIX\"0 c" "hoste" = ("root") ALL +"%:C/non_UNIX_0 c" "hostf" = ("root") ALL +"%:C/non\'UNIX_3 c" "hostg" = ("root") ALL +"+netgr" "hosth" = ("root") ALL + +# Check that quotes don't need escaping in command and args +user ALL = /bin/ls "", /bin/echo " ", /bin/foo"bar "" diff --git a/plugins/sudoers/regress/sudoers/test2.json.ok b/plugins/sudoers/regress/sudoers/test2.json.ok new file mode 100644 index 0000000..46e4c48 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test2.json.ok @@ -0,0 +1,420 @@ +{ + "Defaults": [ + { + "Binding": [ + { "hostname": "somehost" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "hostname": "quoted\"" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "username": "you" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "username": "us\"" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "usergroup": "them" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "nonunixgroup": " non UNIX 0 c" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "netgroup": "net" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "username": "someone" } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "username": "some one" } + ], + "Options": [ + { "set_home": true } + ] + } + ], + "User_Aliases": { + "UA1": [ + { "username": "foo" } + ], + "UA10": [ + { "nonunixgroup": "C/non\"UNIX\"0 c" } + ], + "UA11": [ + { "nonunixgroup": "C/non_UNIX_0 c" } + ], + "UA12": [ + { "nonunixgroup": "C/non\\'UNIX_3 c" } + ], + "UA2": [ + { "username": "foo.bar" } + ], + "UA3": [ + { "username": "foo\"" } + ], + "UA4": [ + { "username": "foo:bar" } + ], + "UA5": [ + { "username": "foo:bar\"" } + ], + "UA6": [ + { "usergroup": "baz" } + ], + "UA7": [ + { "usergroup": "baz.biz" } + ], + "UA8": [ + { "nonunixgroup": "C/non UNIX 0 c" } + ], + "UA9": [ + { "nonunixgroup": "C/non\\'UNIX\\'1 c" } + ] + }, + "Runas_Aliases": { + "RA1": [ + { "username": "foo" } + ], + "RA2": [ + { "username": "foo\"" } + ], + "RA3": [ + { "username": "foo:bar" } + ], + "RA4": [ + { "username": "foo:bar\"" } + ] + }, + "User_Specs": [ + { + "User_List": [ + { "username": "foo" } + ], + "Host_List": [ + { "hostname": "hosta" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "foo.bar" } + ], + "Host_List": [ + { "hostname": "hostb" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "foo\"" } + ], + "Host_List": [ + { "hostname": "hostc" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "foo:bar" } + ], + "Host_List": [ + { "hostname": "hostd" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "foo:bar\"" } + ], + "Host_List": [ + { "hostname": "hoste" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergroup": "baz" } + ], + "Host_List": [ + { "hostname": "hosta" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergroup": "baz.biz" } + ], + "Host_List": [ + { "hostname": "hostb" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "nonunixgroup": "C/non UNIX 0 c" } + ], + "Host_List": [ + { "hostname": "hostc" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "nonunixgroup": "C/non\\'UNIX\\'1 c" } + ], + "Host_List": [ + { "hostname": "hostd" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "nonunixgroup": "C/non\"UNIX\"0 c" } + ], + "Host_List": [ + { "hostname": "hoste" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "nonunixgroup": "C/non_UNIX_0 c" } + ], + "Host_List": [ + { "hostname": "hostf" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "nonunixgroup": "C/non\\'UNIX_3 c" } + ], + "Host_List": [ + { "hostname": "hostg" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "netgroup": "netgr" } + ], + "Host_List": [ + { "hostname": "hosth" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "/bin/ls \"\"" }, + { "command": "/bin/echo \" \"" }, + { "command": "/bin/foo\"bar \"\"" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test2.ldif.ok b/plugins/sudoers/regress/sudoers/test2.ldif.ok new file mode 100644 index 0000000..31d708f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test2.ldif.ok @@ -0,0 +1,168 @@ +# Unable to translate stdin:26:29: +# Defaults@somehost set_home + +# Unable to translate stdin:27:29: +# Defaults@quoted\" set_home + +# Unable to translate stdin:30:24: +# Defaults:you set_home + +# Unable to translate stdin:31:25: +# Defaults:us\" set_home + +# Unable to translate stdin:32:26: +# Defaults:%them set_home + +# Unable to translate stdin:33:36: +# Defaults:"%: non UNIX 0 c" set_home + +# Unable to translate stdin:34:25: +# Defaults:+net set_home + +# Unable to translate stdin:37:28: +# Defaults>someone set_home + +# Unable to translate stdin:38:29: +# Defaults>"some one" set_home + +dn: cn=foo,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: foo +sudoUser: foo +sudoHost: hosta +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=foo.bar,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: foo.bar +sudoUser: foo.bar +sudoHost: hostb +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=foo\",ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: foo\" +sudoUser: foo" +sudoHost: hostc +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=foo:bar,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: foo:bar +sudoUser: foo:bar +sudoHost: hostd +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 4 + +dn: cn=foo:bar\",ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: foo:bar\" +sudoUser: foo:bar" +sudoHost: hoste +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 5 + +dn: cn=%baz,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %baz +sudoUser: %baz +sudoHost: hosta +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 6 + +dn: cn=%baz.biz,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %baz.biz +sudoUser: %baz.biz +sudoHost: hostb +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 7 + +dn: cn=%:C/non UNIX 0 c,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %:C/non UNIX 0 c +sudoUser: %:C/non UNIX 0 c +sudoHost: hostc +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 8 + +dn: cn=%:C/non\\'UNIX\\'1 c,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %:C/non\\'UNIX\\'1 c +sudoUser: %:C/non\'UNIX\'1 c +sudoHost: hostd +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 9 + +dn: cn=%:C/non\"UNIX\"0 c,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %:C/non\"UNIX\"0 c +sudoUser: %:C/non"UNIX"0 c +sudoHost: hoste +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 10 + +dn: cn=%:C/non_UNIX_0 c,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %:C/non_UNIX_0 c +sudoUser: %:C/non_UNIX_0 c +sudoHost: hostf +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 11 + +dn: cn=%:C/non\\'UNIX_3 c,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %:C/non\\'UNIX_3 c +sudoUser: %:C/non\'UNIX_3 c +sudoHost: hostg +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 12 + +dn: cn=\+netgr,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \+netgr +sudoUser: +netgr +sudoHost: hosth +sudoRunAsUser: root +sudoCommand: ALL +sudoOrder: 13 + +dn: cn=user,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user +sudoUser: user +sudoHost: ALL +sudoCommand: /bin/ls "" +sudoCommand: /bin/echo " " +sudoCommand: /bin/foo"bar "" +sudoOrder: 14 + diff --git a/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok new file mode 100644 index 0000000..0277437 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok @@ -0,0 +1,41 @@ +# sudoRole foo +foo hosta = (root) ALL + +# sudoRole foo.bar +foo.bar hostb = (root) ALL + +# sudoRole foo" +foo\" hostc = (root) ALL + +# sudoRole foo:bar +foo\:bar hostd = (root) ALL + +# sudoRole foo:bar" +foo\:bar\" hoste = (root) ALL + +# sudoRole %baz +%baz hosta = (root) ALL + +# sudoRole %baz.biz +%baz.biz hostb = (root) ALL + +# sudoRole %:C/non UNIX 0 c +"%:C/non UNIX 0 c" hostc = (root) ALL + +# sudoRole %:C/non\'UNIX\'1 c +"%:C/non\'UNIX\'1 c" hostd = (root) ALL + +# sudoRole %:C/non"UNIX"0 c +"%:C/non\"UNIX\"0 c" hoste = (root) ALL + +# sudoRole %:C/non_UNIX_0 c +"%:C/non_UNIX_0 c" hostf = (root) ALL + +# sudoRole %:C/non\'UNIX_3 c +"%:C/non\'UNIX_3 c" hostg = (root) ALL + +# sudoRole +netgr ++netgr hosth = (root) ALL + +# sudoRole user +user ALL = /bin/ls "", /bin/echo " ", /bin/foo"bar "" diff --git a/plugins/sudoers/regress/sudoers/test2.out.ok b/plugins/sudoers/regress/sudoers/test2.out.ok new file mode 100644 index 0000000..99171b9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test2.out.ok @@ -0,0 +1,43 @@ +Parses OK + +Defaults@somehost set_home +Defaults@quoted\" set_home +Defaults:you set_home +Defaults:us\" set_home +Defaults:%them set_home +Defaults:"%: non UNIX 0 c" set_home +Defaults:+net set_home +Defaults>someone set_home +Defaults>"some one" set_home + +Runas_Alias RA1 = foo +Runas_Alias RA2 = foo\" +Runas_Alias RA3 = foo\:bar +Runas_Alias RA4 = foo\:bar\" +User_Alias UA1 = foo +User_Alias UA10 = "%:C/non\"UNIX\"0 c" +User_Alias UA11 = "%:C/non_UNIX_0 c" +User_Alias UA12 = "%:C/non\'UNIX_3 c" +User_Alias UA2 = foo.bar +User_Alias UA3 = foo\" +User_Alias UA4 = foo\:bar +User_Alias UA5 = foo\:bar\" +User_Alias UA6 = %baz +User_Alias UA7 = %baz.biz +User_Alias UA8 = "%:C/non UNIX 0 c" +User_Alias UA9 = "%:C/non\'UNIX\'1 c" + +foo hosta = (root) ALL +foo.bar hostb = (root) ALL +foo\" hostc = (root) ALL +foo\:bar hostd = (root) ALL +foo\:bar\" hoste = (root) ALL +%baz hosta = (root) ALL +%baz.biz hostb = (root) ALL +"%:C/non UNIX 0 c" hostc = (root) ALL +"%:C/non\'UNIX\'1 c" hostd = (root) ALL +"%:C/non\"UNIX\"0 c" hoste = (root) ALL +"%:C/non_UNIX_0 c" hostf = (root) ALL +"%:C/non\'UNIX_3 c" hostg = (root) ALL ++netgr hosth = (root) ALL +user ALL = /bin/ls "", /bin/echo " ", /bin/foo"bar "" diff --git a/plugins/sudoers/regress/sudoers/test2.toke.ok b/plugins/sudoers/regress/sudoers/test2.toke.ok new file mode 100644 index 0000000..4c4b88d --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test2.toke.ok @@ -0,0 +1,63 @@ +# +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) + +# +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP + +# +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP +USERALIAS ALIAS = BEGINSTR STRBODY BACKSLASH STRBODY BACKSLASH STRBODY ENDSTR USERGROUP +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR USERGROUP +USERALIAS ALIAS = BEGINSTR STRBODY BACKSLASH STRBODY ENDSTR USERGROUP + +# +RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +RUNASALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) + +# +DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR +DEFAULTS_HOST BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR + +# +DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR +DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR +DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR +DEFAULTS_USER BEGINSTR STRBODY ENDSTR USERGROUP DEFVAR +DEFAULTS_USER BEGINSTR STRBODY ENDSTR NETGROUP DEFVAR + +# +DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR +DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR + +# +# +# +# + +# +BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR WORD(4) BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL + +# +BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY BACKSLASH STRBODY BACKSLASH STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY BACKSLASH STRBODY ENDSTR USERGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL +BEGINSTR STRBODY ENDSTR NETGROUP BEGINSTR STRBODY ENDSTR WORD(4) = ( BEGINSTR STRBODY ENDSTR WORD(4) ) ALL + +# +WORD(6) ALL = COMMAND ARG , COMMAND ARG ARG , COMMAND ARG diff --git a/plugins/sudoers/regress/sudoers/test20.in b/plugins/sudoers/regress/sudoers/test20.in new file mode 100644 index 0000000..c24f88a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test20.in @@ -0,0 +1,26 @@ +# Test parsing of tuples +Defaults lecture +Defaults !lecture +Defaults lecture=never +Defaults lecture=once +Defaults lecture=always + +Defaults listpw +Defaults !listpw +Defaults listpw=never +Defaults listpw=any +Defaults listpw=all +Defaults listpw=always + +Defaults verifypw +Defaults !verifypw +Defaults verifypw=never +Defaults verifypw=any +Defaults verifypw=all +Defaults verifypw=always + +Defaults fdexec +Defaults !fdexec +Defaults fdexec=never +Defaults fdexec=digest_only +Defaults fdexec=always diff --git a/plugins/sudoers/regress/sudoers/test20.json.ok b/plugins/sudoers/regress/sudoers/test20.json.ok new file mode 100644 index 0000000..f2f1d55 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test20.json.ok @@ -0,0 +1,114 @@ +{ + "Defaults": [ + { + "Options": [ + { "lecture": true } + ] + }, + { + "Options": [ + { "lecture": false } + ] + }, + { + "Options": [ + { "lecture": "never" } + ] + }, + { + "Options": [ + { "lecture": "once" } + ] + }, + { + "Options": [ + { "lecture": "always" } + ] + }, + { + "Options": [ + { "listpw": true } + ] + }, + { + "Options": [ + { "listpw": false } + ] + }, + { + "Options": [ + { "listpw": "never" } + ] + }, + { + "Options": [ + { "listpw": "any" } + ] + }, + { + "Options": [ + { "listpw": "all" } + ] + }, + { + "Options": [ + { "listpw": "always" } + ] + }, + { + "Options": [ + { "verifypw": true } + ] + }, + { + "Options": [ + { "verifypw": false } + ] + }, + { + "Options": [ + { "verifypw": "never" } + ] + }, + { + "Options": [ + { "verifypw": "any" } + ] + }, + { + "Options": [ + { "verifypw": "all" } + ] + }, + { + "Options": [ + { "verifypw": "always" } + ] + }, + { + "Options": [ + { "fdexec": true } + ] + }, + { + "Options": [ + { "fdexec": false } + ] + }, + { + "Options": [ + { "fdexec": "never" } + ] + }, + { + "Options": [ + { "fdexec": "digest_only" } + ] + }, + { + "Options": [ + { "fdexec": "always" } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test20.ldif.ok b/plugins/sudoers/regress/sudoers/test20.ldif.ok new file mode 100644 index 0000000..de01cde --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test20.ldif.ok @@ -0,0 +1,28 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: lecture +sudoOption: !lecture +sudoOption: lecture=never +sudoOption: lecture=once +sudoOption: lecture=always +sudoOption: listpw +sudoOption: !listpw +sudoOption: listpw=never +sudoOption: listpw=any +sudoOption: listpw=all +sudoOption: listpw=always +sudoOption: verifypw +sudoOption: !verifypw +sudoOption: verifypw=never +sudoOption: verifypw=any +sudoOption: verifypw=all +sudoOption: verifypw=always +sudoOption: fdexec +sudoOption: !fdexec +sudoOption: fdexec=never +sudoOption: fdexec=digest_only +sudoOption: fdexec=always + diff --git a/plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok new file mode 100644 index 0000000..e1c743c --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok @@ -0,0 +1,22 @@ +Defaults lecture +Defaults !lecture +Defaults lecture=never +Defaults lecture=once +Defaults lecture=always +Defaults listpw +Defaults !listpw +Defaults listpw=never +Defaults listpw=any +Defaults listpw=all +Defaults listpw=always +Defaults verifypw +Defaults !verifypw +Defaults verifypw=never +Defaults verifypw=any +Defaults verifypw=all +Defaults verifypw=always +Defaults fdexec +Defaults !fdexec +Defaults fdexec=never +Defaults fdexec=digest_only +Defaults fdexec=always diff --git a/plugins/sudoers/regress/sudoers/test20.out.ok b/plugins/sudoers/regress/sudoers/test20.out.ok new file mode 100644 index 0000000..260be81 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test20.out.ok @@ -0,0 +1,24 @@ +Parses OK + +Defaults lecture +Defaults !lecture +Defaults lecture=never +Defaults lecture=once +Defaults lecture=always +Defaults listpw +Defaults !listpw +Defaults listpw=never +Defaults listpw=any +Defaults listpw=all +Defaults listpw=always +Defaults verifypw +Defaults !verifypw +Defaults verifypw=never +Defaults verifypw=any +Defaults verifypw=all +Defaults verifypw=always +Defaults fdexec +Defaults !fdexec +Defaults fdexec=never +Defaults fdexec=digest_only +Defaults fdexec=always diff --git a/plugins/sudoers/regress/sudoers/test20.toke.ok b/plugins/sudoers/regress/sudoers/test20.toke.ok new file mode 100644 index 0000000..1847149 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test20.toke.ok @@ -0,0 +1,26 @@ +# +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) + +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) + +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) + +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) diff --git a/plugins/sudoers/regress/sudoers/test21.in b/plugins/sudoers/regress/sudoers/test21.in new file mode 100644 index 0000000..65416cf --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test21.in @@ -0,0 +1,36 @@ +# Test parsing of syslog settings +Defaults syslog +Defaults !syslog +Defaults syslog=auth +Defaults syslog=daemon +Defaults syslog=user +Defaults syslog=local0 +Defaults syslog=local1 +Defaults syslog=local2 +Defaults syslog=local3 +Defaults syslog=local4 +Defaults syslog=local5 +Defaults syslog=local6 +Defaults syslog=local7 + +Defaults !syslog_goodpri +Defaults syslog_goodpri=alert +Defaults syslog_goodpri=crit +Defaults syslog_goodpri=debug +Defaults syslog_goodpri=emerg +Defaults syslog_goodpri=err +Defaults syslog_goodpri=info +Defaults syslog_goodpri=notice +Defaults syslog_goodpri=warning +Defaults syslog_goodpri=none + +Defaults !syslog_badpri +Defaults syslog_badpri=alert +Defaults syslog_badpri=crit +Defaults syslog_badpri=debug +Defaults syslog_badpri=emerg +Defaults syslog_badpri=err +Defaults syslog_badpri=info +Defaults syslog_badpri=notice +Defaults syslog_badpri=warning +Defaults syslog_badpri=none diff --git a/plugins/sudoers/regress/sudoers/test21.json.ok b/plugins/sudoers/regress/sudoers/test21.json.ok new file mode 100644 index 0000000..7896965 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test21.json.ok @@ -0,0 +1,169 @@ +{ + "Defaults": [ + { + "Options": [ + { "syslog": true } + ] + }, + { + "Options": [ + { "syslog": false } + ] + }, + { + "Options": [ + { "syslog": "auth" } + ] + }, + { + "Options": [ + { "syslog": "daemon" } + ] + }, + { + "Options": [ + { "syslog": "user" } + ] + }, + { + "Options": [ + { "syslog": "local0" } + ] + }, + { + "Options": [ + { "syslog": "local1" } + ] + }, + { + "Options": [ + { "syslog": "local2" } + ] + }, + { + "Options": [ + { "syslog": "local3" } + ] + }, + { + "Options": [ + { "syslog": "local4" } + ] + }, + { + "Options": [ + { "syslog": "local5" } + ] + }, + { + "Options": [ + { "syslog": "local6" } + ] + }, + { + "Options": [ + { "syslog": "local7" } + ] + }, + { + "Options": [ + { "syslog_goodpri": false } + ] + }, + { + "Options": [ + { "syslog_goodpri": "alert" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "crit" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "debug" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "emerg" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "err" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "info" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "notice" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "warning" } + ] + }, + { + "Options": [ + { "syslog_goodpri": "none" } + ] + }, + { + "Options": [ + { "syslog_badpri": false } + ] + }, + { + "Options": [ + { "syslog_badpri": "alert" } + ] + }, + { + "Options": [ + { "syslog_badpri": "crit" } + ] + }, + { + "Options": [ + { "syslog_badpri": "debug" } + ] + }, + { + "Options": [ + { "syslog_badpri": "emerg" } + ] + }, + { + "Options": [ + { "syslog_badpri": "err" } + ] + }, + { + "Options": [ + { "syslog_badpri": "info" } + ] + }, + { + "Options": [ + { "syslog_badpri": "notice" } + ] + }, + { + "Options": [ + { "syslog_badpri": "warning" } + ] + }, + { + "Options": [ + { "syslog_badpri": "none" } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test21.ldif.ok b/plugins/sudoers/regress/sudoers/test21.ldif.ok new file mode 100644 index 0000000..b3bede8 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test21.ldif.ok @@ -0,0 +1,39 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: syslog +sudoOption: !syslog +sudoOption: syslog=auth +sudoOption: syslog=daemon +sudoOption: syslog=user +sudoOption: syslog=local0 +sudoOption: syslog=local1 +sudoOption: syslog=local2 +sudoOption: syslog=local3 +sudoOption: syslog=local4 +sudoOption: syslog=local5 +sudoOption: syslog=local6 +sudoOption: syslog=local7 +sudoOption: !syslog_goodpri +sudoOption: syslog_goodpri=alert +sudoOption: syslog_goodpri=crit +sudoOption: syslog_goodpri=debug +sudoOption: syslog_goodpri=emerg +sudoOption: syslog_goodpri=err +sudoOption: syslog_goodpri=info +sudoOption: syslog_goodpri=notice +sudoOption: syslog_goodpri=warning +sudoOption: syslog_goodpri=none +sudoOption: !syslog_badpri +sudoOption: syslog_badpri=alert +sudoOption: syslog_badpri=crit +sudoOption: syslog_badpri=debug +sudoOption: syslog_badpri=emerg +sudoOption: syslog_badpri=err +sudoOption: syslog_badpri=info +sudoOption: syslog_badpri=notice +sudoOption: syslog_badpri=warning +sudoOption: syslog_badpri=none + diff --git a/plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok new file mode 100644 index 0000000..56e09ff --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok @@ -0,0 +1,33 @@ +Defaults syslog +Defaults !syslog +Defaults syslog=auth +Defaults syslog=daemon +Defaults syslog=user +Defaults syslog=local0 +Defaults syslog=local1 +Defaults syslog=local2 +Defaults syslog=local3 +Defaults syslog=local4 +Defaults syslog=local5 +Defaults syslog=local6 +Defaults syslog=local7 +Defaults !syslog_goodpri +Defaults syslog_goodpri=alert +Defaults syslog_goodpri=crit +Defaults syslog_goodpri=debug +Defaults syslog_goodpri=emerg +Defaults syslog_goodpri=err +Defaults syslog_goodpri=info +Defaults syslog_goodpri=notice +Defaults syslog_goodpri=warning +Defaults syslog_goodpri=none +Defaults !syslog_badpri +Defaults syslog_badpri=alert +Defaults syslog_badpri=crit +Defaults syslog_badpri=debug +Defaults syslog_badpri=emerg +Defaults syslog_badpri=err +Defaults syslog_badpri=info +Defaults syslog_badpri=notice +Defaults syslog_badpri=warning +Defaults syslog_badpri=none diff --git a/plugins/sudoers/regress/sudoers/test21.out.ok b/plugins/sudoers/regress/sudoers/test21.out.ok new file mode 100644 index 0000000..136ec64 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test21.out.ok @@ -0,0 +1,35 @@ +Parses OK + +Defaults syslog +Defaults !syslog +Defaults syslog=auth +Defaults syslog=daemon +Defaults syslog=user +Defaults syslog=local0 +Defaults syslog=local1 +Defaults syslog=local2 +Defaults syslog=local3 +Defaults syslog=local4 +Defaults syslog=local5 +Defaults syslog=local6 +Defaults syslog=local7 +Defaults !syslog_goodpri +Defaults syslog_goodpri=alert +Defaults syslog_goodpri=crit +Defaults syslog_goodpri=debug +Defaults syslog_goodpri=emerg +Defaults syslog_goodpri=err +Defaults syslog_goodpri=info +Defaults syslog_goodpri=notice +Defaults syslog_goodpri=warning +Defaults syslog_goodpri=none +Defaults !syslog_badpri +Defaults syslog_badpri=alert +Defaults syslog_badpri=crit +Defaults syslog_badpri=debug +Defaults syslog_badpri=emerg +Defaults syslog_badpri=err +Defaults syslog_badpri=info +Defaults syslog_badpri=notice +Defaults syslog_badpri=warning +Defaults syslog_badpri=none diff --git a/plugins/sudoers/regress/sudoers/test21.toke.ok b/plugins/sudoers/regress/sudoers/test21.toke.ok new file mode 100644 index 0000000..871584b --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test21.toke.ok @@ -0,0 +1,36 @@ +# +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) + +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) + +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) diff --git a/plugins/sudoers/regress/sudoers/test22.in b/plugins/sudoers/regress/sudoers/test22.in new file mode 100644 index 0000000..ecf2fd9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test22.in @@ -0,0 +1,6 @@ +# Test parsing of empty Runas_List + +user1 ALL = ( : ) ALL +user2 ALL = (:) ALL +user3 ALL = ( ) ALL +user4 ALL = () ALL diff --git a/plugins/sudoers/regress/sudoers/test22.json.ok b/plugins/sudoers/regress/sudoers/test22.json.ok new file mode 100644 index 0000000..22141a1 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test22.json.ok @@ -0,0 +1,88 @@ +{ + "User_Specs": [ + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user4" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test22.ldif.ok b/plugins/sudoers/regress/sudoers/test22.ldif.ok new file mode 100644 index 0000000..14c3df4 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test22.ldif.ok @@ -0,0 +1,40 @@ +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoRunAsUser: +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2 +sudoUser: user2 +sudoHost: ALL +sudoRunAsUser: +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3 +sudoUser: user3 +sudoHost: ALL +sudoRunAsUser: +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=user4,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user4 +sudoUser: user4 +sudoHost: ALL +sudoRunAsUser: +sudoCommand: ALL +sudoOrder: 4 + diff --git a/plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok new file mode 100644 index 0000000..e0c98e0 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok @@ -0,0 +1,11 @@ +# sudoRole user1 +user1 ALL = () ALL + +# sudoRole user2 +user2 ALL = () ALL + +# sudoRole user3 +user3 ALL = () ALL + +# sudoRole user4 +user4 ALL = () ALL diff --git a/plugins/sudoers/regress/sudoers/test22.out.ok b/plugins/sudoers/regress/sudoers/test22.out.ok new file mode 100644 index 0000000..7117e18 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test22.out.ok @@ -0,0 +1,6 @@ +Parses OK + +user1 ALL = (root) ALL +user2 ALL = (root) ALL +user3 ALL = (root) ALL +user4 ALL = (root) ALL diff --git a/plugins/sudoers/regress/sudoers/test22.toke.ok b/plugins/sudoers/regress/sudoers/test22.toke.ok new file mode 100644 index 0000000..9eeb964 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test22.toke.ok @@ -0,0 +1,6 @@ +# + +WORD(6) ALL = ( : ) ALL +WORD(6) ALL = ( : ) ALL +WORD(6) ALL = ( ) ALL +WORD(6) ALL = ( ) ALL diff --git a/plugins/sudoers/regress/sudoers/test23.in b/plugins/sudoers/regress/sudoers/test23.in new file mode 100644 index 0000000..5e03d9e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test23.in @@ -0,0 +1,11 @@ +# Test parsing of env_check, env_delete and env_keep +Defaults env_check = "COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check += "TERM TZ" + +Defaults env_delete = "IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete += "NLSPATH PATH_LOCALE LD_* _RLD*" + +Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep -= _XKB_CHARSET +Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep += XDG_SESSION_COOKIE diff --git a/plugins/sudoers/regress/sudoers/test23.json.ok b/plugins/sudoers/regress/sudoers/test23.json.ok new file mode 100644 index 0000000..5e8b0da --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test23.json.ok @@ -0,0 +1,102 @@ +{ + "Defaults": [ + { + "Options": [ + { + "operation": "list_assign", + "env_check": [ + "COLORTERM", + "LANG", + "LANGUAGE", + "LC_*", + "LINGUAS" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_check": [ + "TERM", + "TZ" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_assign", + "env_delete": [ + "IFS", + "CDPATH", + "LOCALDOMAIN", + "RES_OPTIONS", + "HOSTALIASES" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_delete": [ + "NLSPATH", + "PATH_LOCALE", + "LD_*", + "_RLD*" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "LANG", + "LANGUAGE", + "LINGUAS", + "LC_*", + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_remove", + "env_keep": [ + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "XAPPLRESDIR", + "XFILESEARCHPATH", + "XUSERFILESEARCHPATH" + ] + } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "XDG_SESSION_COOKIE" + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test23.ldif.ok b/plugins/sudoers/regress/sudoers/test23.ldif.ok new file mode 100644 index 0000000..97c1fbd --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test23.ldif.ok @@ -0,0 +1,14 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: env_check=COLORTERM LANG LANGUAGE LC_* LINGUAS +sudoOption: env_check+=TERM TZ +sudoOption: env_delete=IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES +sudoOption: env_delete+=NLSPATH PATH_LOCALE LD_* _RLD* +sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET +sudoOption: env_keep-=_XKB_CHARSET +sudoOption: env_keep+=XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH +sudoOption: env_keep+=XDG_SESSION_COOKIE + diff --git a/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok new file mode 100644 index 0000000..bb9f2e9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok @@ -0,0 +1,8 @@ +Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check+="TERM TZ" +Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep-=_XKB_CHARSET +Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep+=XDG_SESSION_COOKIE diff --git a/plugins/sudoers/regress/sudoers/test23.out.ok b/plugins/sudoers/regress/sudoers/test23.out.ok new file mode 100644 index 0000000..fe6e415 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test23.out.ok @@ -0,0 +1,10 @@ +Parses OK + +Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" +Defaults env_check+="TERM TZ" +Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" +Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_keep-=_XKB_CHARSET +Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" +Defaults env_keep+=XDG_SESSION_COOKIE diff --git a/plugins/sudoers/regress/sudoers/test23.toke.ok b/plugins/sudoers/regress/sudoers/test23.toke.ok new file mode 100644 index 0000000..3d7cd84 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test23.toke.ok @@ -0,0 +1,11 @@ +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) + +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) + +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR -= WORD(2) +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR += WORD(2) diff --git a/plugins/sudoers/regress/sudoers/test24.in b/plugins/sudoers/regress/sudoers/test24.in new file mode 100644 index 0000000..3fc3bbc --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test24.in @@ -0,0 +1,6 @@ +# Test parsing of CHROOT and CWD syntax +Defaults runcwd=~ +Defaults runchroot=/ +# +user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh +user1 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls diff --git a/plugins/sudoers/regress/sudoers/test24.json.ok b/plugins/sudoers/regress/sudoers/test24.json.ok new file mode 100644 index 0000000..964359c --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test24.json.ok @@ -0,0 +1,61 @@ +{ + "Defaults": [ + { + "Options": [ + { "runcwd": "~" } + ] + }, + { + "Options": [ + { "runchroot": "/" } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "username": "user0" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + "runchroot": "/var/www", + "runcwd": "/htdocs" + ], + "Commands": [ + { "command": "/bin/ksh" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + "runcwd": "~root" + ], + "Commands": [ + { "command": "/usr/bin/id" } + ] + }, + { + "Options": [ + "runcwd": "/tmp" + ], + "Commands": [ + { "command": "/bin/ls" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test24.ldif.ok b/plugins/sudoers/regress/sudoers/test24.ldif.ok new file mode 100644 index 0000000..aeb5f7a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test24.ldif.ok @@ -0,0 +1,39 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: runcwd=~ +sudoOption: runchroot=/ + +dn: cn=user0,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user0 +sudoUser: user0 +sudoHost: ALL +sudoOption: runchroot=/var/www +sudoOption: runcwd=/htdocs +sudoCommand: /bin/ksh +sudoOrder: 1 + +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoOption: runcwd=~root +sudoCommand: /usr/bin/id +sudoOrder: 2 + +dn: cn=user1_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1_1 +sudoUser: user1 +sudoHost: ALL +sudoOption: runcwd=/tmp +sudoCommand: /bin/ls +sudoOrder: 3 + diff --git a/plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok new file mode 100644 index 0000000..4c09657 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok @@ -0,0 +1,8 @@ +Defaults runcwd=~ +Defaults runchroot=/ + +# sudoRole user0 +user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh + +# sudoRole user1, user1_1 +user1 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls diff --git a/plugins/sudoers/regress/sudoers/test24.out.ok b/plugins/sudoers/regress/sudoers/test24.out.ok new file mode 100644 index 0000000..530b700 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test24.out.ok @@ -0,0 +1,7 @@ +Parses OK + +Defaults runcwd=~ +Defaults runchroot=/ + +user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh +user1 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls diff --git a/plugins/sudoers/regress/sudoers/test24.toke.ok b/plugins/sudoers/regress/sudoers/test24.toke.ok new file mode 100644 index 0000000..47842f4 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test24.toke.ok @@ -0,0 +1,6 @@ +# +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +# +WORD(6) ALL = CHROOT = WORD(5) CWD = WORD(5) COMMAND +WORD(6) ALL = CWD = WORD(5) COMMAND , CWD = WORD(5) COMMAND diff --git a/plugins/sudoers/regress/sudoers/test25.in b/plugins/sudoers/regress/sudoers/test25.in new file mode 100644 index 0000000..fe35587 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test25.in @@ -0,0 +1,3 @@ +# Test continuation character when there is nothing to continue +# Used to leak "~ron" when run under address sanitizer +foo ALL = CWD=~ron /bin/ls \ diff --git a/plugins/sudoers/regress/sudoers/test25.json.ok b/plugins/sudoers/regress/sudoers/test25.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test25.json.ok diff --git a/plugins/sudoers/regress/sudoers/test25.ldif.ok b/plugins/sudoers/regress/sudoers/test25.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test25.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test25.out.ok b/plugins/sudoers/regress/sudoers/test25.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test25.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test25.toke.ok b/plugins/sudoers/regress/sudoers/test25.toke.ok new file mode 100644 index 0000000..e58461e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test25.toke.ok @@ -0,0 +1,3 @@ +# +# +WORD(6) ALL = CWD = WORD(5) COMMAND <*>
\ No newline at end of file diff --git a/plugins/sudoers/regress/sudoers/test26.in b/plugins/sudoers/regress/sudoers/test26.in new file mode 100644 index 0000000..842f2b4 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.in @@ -0,0 +1,128 @@ +# Defaults settings that trigger callbacks +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags="-t", mailfrom="sudo@sudo.ws", mailto="root@localhost", mailsub="*** Sudo information for %h ***" + +# All other Defaults settings +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir="/var/lib/sudo/lectured" +Defaults timestampdir="/run/sudo/ts" +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path="/usr/bin:/usr/sbin:/bin:/sbin" +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check += "TERMCAP" +Defaults !env_delete +Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +#Defaults role +#Defaults type +Defaults env_file="/etc/environment" +Defaults restricted_env_file="/etc/environment.sudo" +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +#Defaults group_plugin +Defaults iolog_dir="/var/log/sudo-io" +Defaults iolog_file="%{seq}" +Defaults set_utmp +Defaults utmp_runas +#Defaults privs +#Defaults limitprivs +Defaults !exec_background +Defaults pam_service="sudo" +Defaults pam_login_service="sudo-login" +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.json.ok b/plugins/sudoers/regress/sudoers/test26.json.ok new file mode 100644 index 0000000..4fabe5f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.json.ok @@ -0,0 +1,626 @@ +{ + "Defaults": [ + { + "Options": [ + { "fqdn": true } + ] + }, + { + "Options": [ + { "runas_default": "root" } + ] + }, + { + "Options": [ + { "tty_tickets": true } + ] + }, + { + "Options": [ + { "umask": "022" } + ] + }, + { + "Options": [ + { "runchroot": "/" } + ] + }, + { + "Options": [ + { "logfile": "/var/log/sudo" } + ] + }, + { + "Options": [ + { "log_format": "json" } + ] + }, + { + "Options": [ + { "syslog": "auth" }, + { "syslog_badpri": "alert" }, + { "syslog_goodpri": "notice" } + ] + }, + { + "Options": [ + { "syslog_maxlen": "2048" } + ] + }, + { + "Options": [ + { "loglinelen": false }, + { "log_year": true }, + { "log_host": true } + ] + }, + { + "Options": [ + { "mailerpath": false }, + { "mailerflags": "-t" }, + { "mailfrom": "sudo@sudo.ws" }, + { "mailto": "root@localhost" }, + { "mailsub": "*** Sudo information for %h ***" } + ] + }, + { + "Options": [ + { "long_otp_prompt": true } + ] + }, + { + "Options": [ + { "ignore_dot": true } + ] + }, + { + "Options": [ + { "mail_always": false } + ] + }, + { + "Options": [ + { "mail_badpass": false } + ] + }, + { + "Options": [ + { "mail_no_user": false } + ] + }, + { + "Options": [ + { "mail_no_host": false } + ] + }, + { + "Options": [ + { "mail_no_perms": false } + ] + }, + { + "Options": [ + { "mail_all_cmnds": false } + ] + }, + { + "Options": [ + { "lecture": "always" } + ] + }, + { + "Options": [ + { "lecture_file": "/etc/sudo.lecture" } + ] + }, + { + "Options": [ + { "authenticate": true } + ] + }, + { + "Options": [ + { "root_sudo": true } + ] + }, + { + "Options": [ + { "shell_noargs": true } + ] + }, + { + "Options": [ + { "set_home": true } + ] + }, + { + "Options": [ + { "always_set_home": true } + ] + }, + { + "Options": [ + { "path_info": true } + ] + }, + { + "Options": [ + { "insults": true } + ] + }, + { + "Options": [ + { "requiretty": false } + ] + }, + { + "Options": [ + { "env_editor": true } + ] + }, + { + "Options": [ + { "rootpw": false } + ] + }, + { + "Options": [ + { "runaspw": false } + ] + }, + { + "Options": [ + { "targetpw": false } + ] + }, + { + "Options": [ + { "use_loginclass": true } + ] + }, + { + "Options": [ + { "set_logname": true } + ] + }, + { + "Options": [ + { "stay_setuid": false } + ] + }, + { + "Options": [ + { "preserve_groups": false } + ] + }, + { + "Options": [ + { "timestamp_timeout": ".5" } + ] + }, + { + "Options": [ + { "passwd_timeout": "5" } + ] + }, + { + "Options": [ + { "passwd_tries": "3" } + ] + }, + { + "Options": [ + { "badpass_message": "Take off, eh!" } + ] + }, + { + "Options": [ + { "lecture_status_dir": "/var/lib/sudo/lectured" } + ] + }, + { + "Options": [ + { "timestampdir": "/run/sudo/ts" } + ] + }, + { + "Options": [ + { "timestampowner": "root" } + ] + }, + { + "Options": [ + { "exempt_group": "sudo" } + ] + }, + { + "Options": [ + { "passprompt": "%p's sudo password: " } + ] + }, + { + "Options": [ + { "passprompt_override": true } + ] + }, + { + "Options": [ + { "secure_path": "/usr/bin:/usr/sbin:/bin:/sbin" } + ] + }, + { + "Options": [ + { "editor": "/usr/bin/vi" } + ] + }, + { + "Options": [ + { "listpw": "any" } + ] + }, + { + "Options": [ + { "verifypw": "all" } + ] + }, + { + "Options": [ + { "noexec": true } + ] + }, + { + "Options": [ + { "ignore_local_sudoers": true } + ] + }, + { + "Options": [ + { "closefrom": "3" } + ] + }, + { + "Options": [ + { "closefrom_override": true } + ] + }, + { + "Options": [ + { "setenv": false } + ] + }, + { + "Options": [ + { "env_reset": true } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_check": [ + "TERMCAP" + ] + } + ] + }, + { + "Options": [ + { "env_delete": false } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "LANG", + "LANGUAGE", + "LINGUAS", + "LC_*", + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { "env_file": "/etc/environment" } + ] + }, + { + "Options": [ + { "restricted_env_file": "/etc/environment.sudo" } + ] + }, + { + "Options": [ + { "sudoers_locale": "C" } + ] + }, + { + "Options": [ + { "visiblepw": false } + ] + }, + { + "Options": [ + { "pwfeedback": true } + ] + }, + { + "Options": [ + { "fast_glob": true } + ] + }, + { + "Options": [ + { "umask_override": true } + ] + }, + { + "Options": [ + { "log_input": true } + ] + }, + { + "Options": [ + { "log_output": true } + ] + }, + { + "Options": [ + { "compress_io": true } + ] + }, + { + "Options": [ + { "use_pty": true } + ] + }, + { + "Options": [ + { "iolog_dir": "/var/log/sudo-io" } + ] + }, + { + "Options": [ + { "iolog_file": "%{seq}" } + ] + }, + { + "Options": [ + { "set_utmp": true } + ] + }, + { + "Options": [ + { "utmp_runas": true } + ] + }, + { + "Options": [ + { "exec_background": false } + ] + }, + { + "Options": [ + { "pam_service": "sudo" } + ] + }, + { + "Options": [ + { "pam_login_service": "sudo-login" } + ] + }, + { + "Options": [ + { "pam_setcred": true } + ] + }, + { + "Options": [ + { "pam_session": true } + ] + }, + { + "Options": [ + { "pam_acct_mgmt": true } + ] + }, + { + "Options": [ + { "maxseq": "2176782336" } + ] + }, + { + "Options": [ + { "use_netgroups": true } + ] + }, + { + "Options": [ + { "sudoedit_checkdir": true } + ] + }, + { + "Options": [ + { "sudoedit_follow": false } + ] + }, + { + "Options": [ + { "always_query_group_plugin": true } + ] + }, + { + "Options": [ + { "netgroup_tuple": true } + ] + }, + { + "Options": [ + { "ignore_audit_errors": true } + ] + }, + { + "Options": [ + { "ignore_iolog_errors": true } + ] + }, + { + "Options": [ + { "ignore_logfile_errors": true } + ] + }, + { + "Options": [ + { "match_group_by_gid": false } + ] + }, + { + "Options": [ + { "iolog_user": "root" } + ] + }, + { + "Options": [ + { "iolog_group": "root" } + ] + }, + { + "Options": [ + { "iolog_mode": "0600" } + ] + }, + { + "Options": [ + { "fdexec": "digest_only" } + ] + }, + { + "Options": [ + { "ignore_unknown_defaults": false } + ] + }, + { + "Options": [ + { "command_timeout": "7d8h30m10s" } + ] + }, + { + "Options": [ + { "user_command_timeouts": true } + ] + }, + { + "Options": [ + { "iolog_flush": true } + ] + }, + { + "Options": [ + { "syslog_pid": true } + ] + }, + { + "Options": [ + { "timestamp_type": "tty" } + ] + }, + { + "Options": [ + { "authfail_message": "Learn to type!" } + ] + }, + { + "Options": [ + { "case_insensitive_user": true } + ] + }, + { + "Options": [ + { "case_insensitive_group": true } + ] + }, + { + "Options": [ + { "log_allowed": true } + ] + }, + { + "Options": [ + { "log_denied": true } + ] + }, + { + "Options": [ + { "log_servers": false } + ] + }, + { + "Options": [ + { "log_server_timeout": "10" } + ] + }, + { + "Options": [ + { "log_server_keepalive": true } + ] + }, + { + "Options": [ + { "log_server_cabundle": false } + ] + }, + { + "Options": [ + { "log_server_peer_cert": false } + ] + }, + { + "Options": [ + { "log_server_peer_key": false } + ] + }, + { + "Options": [ + { "log_server_verify": false } + ] + }, + { + "Options": [ + { "runas_allow_unknown_id": true } + ] + }, + { + "Options": [ + { "runas_check_shell": true } + ] + }, + { + "Options": [ + { "pam_ruser": true } + ] + }, + { + "Options": [ + { "pam_rhost": true } + ] + }, + { + "Options": [ + { "runcwd": "~" } + ] + }, + { + "Options": [ + { "selinux": false } + ] + }, + { + "Options": [ + { "admin_flag": false } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test26.ldif.ok b/plugins/sudoers/regress/sudoers/test26.ldif.ok new file mode 100644 index 0000000..912e265 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.ldif.ok @@ -0,0 +1,134 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: fqdn +sudoOption: runas_default=root +sudoOption: tty_tickets +sudoOption: umask=022 +sudoOption: runchroot=/ +sudoOption: logfile=/var/log/sudo +sudoOption: log_format=json +sudoOption: syslog=auth +sudoOption: syslog_badpri=alert +sudoOption: syslog_goodpri=notice +sudoOption: syslog_maxlen=2048 +sudoOption: !loglinelen +sudoOption: log_year +sudoOption: log_host +sudoOption: !mailerpath +sudoOption: mailerflags=-t +sudoOption: mailfrom=sudo@sudo.ws +sudoOption: mailto=root@localhost +sudoOption: mailsub=*** Sudo information for %h *** +sudoOption: long_otp_prompt +sudoOption: ignore_dot +sudoOption: !mail_always +sudoOption: !mail_badpass +sudoOption: !mail_no_user +sudoOption: !mail_no_host +sudoOption: !mail_no_perms +sudoOption: !mail_all_cmnds +sudoOption: lecture=always +sudoOption: lecture_file=/etc/sudo.lecture +sudoOption: authenticate +sudoOption: root_sudo +sudoOption: shell_noargs +sudoOption: set_home +sudoOption: always_set_home +sudoOption: path_info +sudoOption: insults +sudoOption: !requiretty +sudoOption: env_editor +sudoOption: !rootpw +sudoOption: !runaspw +sudoOption: !targetpw +sudoOption: use_loginclass +sudoOption: set_logname +sudoOption: !stay_setuid +sudoOption: !preserve_groups +sudoOption: timestamp_timeout=.5 +sudoOption: passwd_timeout=5 +sudoOption: passwd_tries=3 +sudoOption: badpass_message=Take off, eh! +sudoOption: lecture_status_dir=/var/lib/sudo/lectured +sudoOption: timestampdir=/run/sudo/ts +sudoOption: timestampowner=root +sudoOption: exempt_group=sudo +sudoOption: passprompt=%p's sudo password: +sudoOption: passprompt_override +sudoOption: secure_path=/usr/bin:/usr/sbin:/bin:/sbin +sudoOption: editor=/usr/bin/vi +sudoOption: listpw=any +sudoOption: verifypw=all +sudoOption: noexec +sudoOption: ignore_local_sudoers +sudoOption: closefrom=3 +sudoOption: closefrom_override +sudoOption: !setenv +sudoOption: env_reset +sudoOption: env_check+=TERMCAP +sudoOption: !env_delete +sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET +sudoOption: env_file=/etc/environment +sudoOption: restricted_env_file=/etc/environment.sudo +sudoOption: sudoers_locale=C +sudoOption: !visiblepw +sudoOption: pwfeedback +sudoOption: fast_glob +sudoOption: umask_override +sudoOption: log_input +sudoOption: log_output +sudoOption: compress_io +sudoOption: use_pty +sudoOption: iolog_dir=/var/log/sudo-io +sudoOption: iolog_file=%{seq} +sudoOption: set_utmp +sudoOption: utmp_runas +sudoOption: !exec_background +sudoOption: pam_service=sudo +sudoOption: pam_login_service=sudo-login +sudoOption: pam_setcred +sudoOption: pam_session +sudoOption: pam_acct_mgmt +sudoOption: maxseq=2176782336 +sudoOption: use_netgroups +sudoOption: sudoedit_checkdir +sudoOption: !sudoedit_follow +sudoOption: always_query_group_plugin +sudoOption: netgroup_tuple +sudoOption: ignore_audit_errors +sudoOption: ignore_iolog_errors +sudoOption: ignore_logfile_errors +sudoOption: !match_group_by_gid +sudoOption: iolog_user=root +sudoOption: iolog_group=root +sudoOption: iolog_mode=0600 +sudoOption: fdexec=digest_only +sudoOption: !ignore_unknown_defaults +sudoOption: command_timeout=7d8h30m10s +sudoOption: user_command_timeouts +sudoOption: iolog_flush +sudoOption: syslog_pid +sudoOption: timestamp_type=tty +sudoOption: authfail_message=Learn to type! +sudoOption: case_insensitive_user +sudoOption: case_insensitive_group +sudoOption: log_allowed +sudoOption: log_denied +sudoOption: !log_servers +sudoOption: log_server_timeout=10 +sudoOption: log_server_keepalive +sudoOption: !log_server_cabundle +sudoOption: !log_server_peer_cert +sudoOption: !log_server_peer_key +sudoOption: !log_server_verify +sudoOption: runas_allow_unknown_id +sudoOption: runas_check_shell +sudoOption: pam_ruser +sudoOption: pam_rhost +sudoOption: runcwd=~ +sudoOption: !selinux +sudoOption: !admin_flag + diff --git a/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok new file mode 100644 index 0000000..706c6fd --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok @@ -0,0 +1,128 @@ +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth +Defaults syslog_badpri=alert +Defaults syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen +Defaults log_year +Defaults log_host +Defaults !mailerpath +Defaults mailerflags=-t +Defaults mailfrom=sudo@sudo.ws +Defaults mailto=root@localhost +Defaults mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password:" +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.out.ok b/plugins/sudoers/regress/sudoers/test26.out.ok new file mode 100644 index 0000000..e9f07fb --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.out.ok @@ -0,0 +1,122 @@ +Parses OK + +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags=-t, mailfrom=sudo@sudo.ws, mailto=root@localhost, mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.toke.ok b/plugins/sudoers/regress/sudoers/test26.toke.ok new file mode 100644 index 0000000..9e125fe --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.toke.ok @@ -0,0 +1,128 @@ +# +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) , DEFVAR = WORD(2) , DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR , DEFVAR , DEFVAR +DEFAULTS !DEFVAR , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) + +# +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +# +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +# +# +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR diff --git a/plugins/sudoers/regress/sudoers/test27.in b/plugins/sudoers/regress/sudoers/test27.in new file mode 100644 index 0000000..9e6c28f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.in @@ -0,0 +1,13 @@ +# Query the group plugin too (if there is one) +Defaults always_query_group_plugin + +# Test RunasGroup with and without RunasUser +root ALL = ( root : wheel ) ALL +millert ALL = ( : wheel ) ALL +%sudo ALL = ( : ALL ) ALL + +# Test RunasUser with %group syntax +operator ALL = ( %wheel ) ALL + +# Test netgroup for user and host ++netusers +nethosts = ( +netrunas ) ALL diff --git a/plugins/sudoers/regress/sudoers/test27.json.ok b/plugins/sudoers/regress/sudoers/test27.json.ok new file mode 100644 index 0000000..81700cf --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.json.ok @@ -0,0 +1,119 @@ +{ + "Defaults": [ + { + "Options": [ + { "always_query_group_plugin": true } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "username": "root" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "millert" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergroup": "sudo" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasgroups": [ + { "usergroup": "ALL" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "operator" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "netgroup": "netusers" } + ], + "Host_List": [ + { "netgroup": "nethosts" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "netgroup": "netrunas" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test27.ldif.ok b/plugins/sudoers/regress/sudoers/test27.ldif.ok new file mode 100644 index 0000000..b91a78d --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.ldif.ok @@ -0,0 +1,58 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: always_query_group_plugin + +dn: cn=root,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoHost: ALL +sudoRunAsUser: root +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=millert,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: millert +sudoUser: millert +sudoHost: ALL +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=%sudo,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %sudo +sudoUser: %sudo +sudoHost: ALL +sudoRunAsGroup: ALL +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: operator +sudoUser: operator +sudoHost: ALL +sudoRunAsUser: %wheel +sudoCommand: ALL +sudoOrder: 4 + +dn: cn=\+netusers,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \+netusers +sudoUser: +netusers +sudoHost: +nethosts +sudoRunAsUser: +netrunas +sudoCommand: ALL +sudoOrder: 5 + diff --git a/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok new file mode 100644 index 0000000..a73f459 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok @@ -0,0 +1,16 @@ +Defaults always_query_group_plugin + +# sudoRole root +root ALL = (root : wheel) ALL + +# sudoRole millert +millert ALL = ( : wheel) ALL + +# sudoRole %sudo +%sudo ALL = ( : ALL) ALL + +# sudoRole operator +operator ALL = (%wheel) ALL + +# sudoRole +netusers ++netusers +nethosts = (+netrunas) ALL diff --git a/plugins/sudoers/regress/sudoers/test27.out.ok b/plugins/sudoers/regress/sudoers/test27.out.ok new file mode 100644 index 0000000..e8a08da --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.out.ok @@ -0,0 +1,9 @@ +Parses OK + +Defaults always_query_group_plugin + +root ALL = (root : wheel) ALL +millert ALL = ( : wheel) ALL +%sudo ALL = ( : ALL) ALL +operator ALL = (%wheel) ALL ++netusers +nethosts = (+netrunas) ALL diff --git a/plugins/sudoers/regress/sudoers/test27.toke.ok b/plugins/sudoers/regress/sudoers/test27.toke.ok new file mode 100644 index 0000000..e7b3eb6 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.toke.ok @@ -0,0 +1,13 @@ +# +DEFAULTS DEFVAR + +# +WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL +WORD(6) ALL = ( : WORD(6) ) ALL +USERGROUP ALL = ( : ALL ) ALL + +# +WORD(6) ALL = ( USERGROUP ) ALL + +# +NETGROUP NETGROUP = ( NETGROUP ) ALL diff --git a/plugins/sudoers/regress/sudoers/test28.in b/plugins/sudoers/regress/sudoers/test28.in new file mode 100644 index 0000000..e546aed --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test28.in @@ -0,0 +1,36 @@ +# Test passprompt_regex +Defaults passprompt_regex="(?i)password: *" + +# Test simple command with regex args +user ALL = /bin/ls ^/etc/(hosts|motd|issue)$ + +# Test wildcard command with regex args +user ALL = /usr/bin/c* ^/etc/(hosts|motd|issue)$ + +# Test regex command with no args +user ALL = ^/usr/bin/(who|w|id|whoami)$ + +# Test regex command with empty args +user ALL = ^/usr/bin/(who|w|id|whoami)$ "" + +# Test regex command with simple args +user ALL = ^/usr/bin/(who|w|id|whoami)$ root + +# Test regex command with wildcard args +user ALL = ^/usr/bin/(who|w|id|whoami)$ -* + +# Test regex command with regex args +user ALL = ^/usr/bin/(who|w|id|whoami)$ ^(-[ahi] ?)+$ + +# Test sudoedit with regex args +user ALL = sudoedit ^/etc/(hosts|motd|issue)$ + +# Test regex command with escapted '$', no args +user ALL = ^/usr/bin/\$tree$ + +# Combined entry +user host1 = /bin/ls ^/etc/(hosts|motd|issue)$, \ + /usr/bin/c* ^/etc/(hosts|motd|issue)$ : \ + host2 = ^/usr/bin/(who|w|id|whoami)$ "", \ + ^/usr/bin/(who|w|id|whoami)$ root : \ + host3 = /bin/echo ^\$foo$ diff --git a/plugins/sudoers/regress/sudoers/test28.json.ok b/plugins/sudoers/regress/sudoers/test28.json.ok new file mode 100644 index 0000000..4fa4145 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test28.json.ok @@ -0,0 +1,199 @@ +{ + "Defaults": [ + { + "Options": [ + { + "operation": "list_assign", + "passprompt_regex": [ + "(?i)password:", + "*" + ] + } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "/bin/ls ^/etc/(hosts|motd|issue)$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "/usr/bin/c* ^/etc/(hosts|motd|issue)$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/(who|w|id|whoami)$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/(who|w|id|whoami)$ \"\"" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/(who|w|id|whoami)$ root" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/(who|w|id|whoami)$ -*" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/(who|w|id|whoami)$ ^(-[ahi] ?)+$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "sudoedit ^/etc/(hosts|motd|issue)$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/\\$tree$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "host1" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "/bin/ls ^/etc/(hosts|motd|issue)$" }, + { "command": "/usr/bin/c* ^/etc/(hosts|motd|issue)$" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "host2" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "^/usr/bin/(who|w|id|whoami)$ \"\"" }, + { "command": "^/usr/bin/(who|w|id|whoami)$ root" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user" } + ], + "Host_List": [ + { "hostname": "host3" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "/bin/echo ^\\$foo$" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test28.ldif.ok b/plugins/sudoers/regress/sudoers/test28.ldif.ok new file mode 100644 index 0000000..1ecc586 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test28.ldif.ok @@ -0,0 +1,117 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: passprompt_regex=(?i)password: * + +dn: cn=user,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user +sudoUser: user +sudoHost: ALL +sudoCommand: /bin/ls ^/etc/(hosts|motd|issue)$ +sudoOrder: 1 + +dn: cn=user_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_1 +sudoUser: user +sudoHost: ALL +sudoCommand: /usr/bin/c* ^/etc/(hosts|motd|issue)$ +sudoOrder: 2 + +dn: cn=user_2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_2 +sudoUser: user +sudoHost: ALL +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ +sudoOrder: 3 + +dn: cn=user_3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_3 +sudoUser: user +sudoHost: ALL +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ "" +sudoOrder: 4 + +dn: cn=user_4,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_4 +sudoUser: user +sudoHost: ALL +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ root +sudoOrder: 5 + +dn: cn=user_5,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_5 +sudoUser: user +sudoHost: ALL +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ -* +sudoOrder: 6 + +dn: cn=user_6,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_6 +sudoUser: user +sudoHost: ALL +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ ^(-[ahi] ?)+$ +sudoOrder: 7 + +dn: cn=user_7,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_7 +sudoUser: user +sudoHost: ALL +sudoCommand: sudoedit ^/etc/(hosts|motd|issue)$ +sudoOrder: 8 + +dn: cn=user_8,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_8 +sudoUser: user +sudoHost: ALL +sudoCommand: ^/usr/bin/\$tree$ +sudoOrder: 9 + +dn: cn=user_9,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_9 +sudoUser: user +sudoHost: host1 +sudoCommand: /bin/ls ^/etc/(hosts|motd|issue)$ +sudoCommand: /usr/bin/c* ^/etc/(hosts|motd|issue)$ +sudoOrder: 10 + +dn: cn=user_10,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_10 +sudoUser: user +sudoHost: host2 +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ "" +sudoCommand: ^/usr/bin/(who|w|id|whoami)$ root +sudoOrder: 11 + +dn: cn=user_11,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user_11 +sudoUser: user +sudoHost: host3 +sudoCommand: /bin/echo ^\$foo$ +sudoOrder: 12 + diff --git a/plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok new file mode 100644 index 0000000..0b642fe --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok @@ -0,0 +1,12 @@ +Defaults passprompt_regex="(?i)password: *" + +# sudoRole user, user_1, user_2, user_3, user_4, user_5, user_6, user_7, +# user_8, user_9, user_10, user_11 +user ALL = /bin/ls ^/etc/(hosts|motd|issue)$, /usr/bin/c*\ + ^/etc/(hosts|motd|issue)$, ^/usr/bin/(who|w|id|whoami)$,\ + ^/usr/bin/(who|w|id|whoami)$ "", ^/usr/bin/(who|w|id|whoami)$ root,\ + ^/usr/bin/(who|w|id|whoami)$ -*, ^/usr/bin/(who|w|id|whoami)$ ^(-[ahi]\ + ?)+$, sudoedit ^/etc/(hosts|motd|issue)$, ^/usr/bin/\$tree$ : host1 =\ + /bin/ls ^/etc/(hosts|motd|issue)$, /usr/bin/c* ^/etc/(hosts|motd|issue)$ :\ + host2 = ^/usr/bin/(who|w|id|whoami)$ "", ^/usr/bin/(who|w|id|whoami)$ root\ + : host3 = /bin/echo ^\$foo$ diff --git a/plugins/sudoers/regress/sudoers/test28.out.ok b/plugins/sudoers/regress/sudoers/test28.out.ok new file mode 100644 index 0000000..443573c --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test28.out.ok @@ -0,0 +1,14 @@ +Parses OK + +Defaults passprompt_regex="(?i)password: *" + +user ALL = /bin/ls ^/etc/(hosts|motd|issue)$ +user ALL = /usr/bin/c* ^/etc/(hosts|motd|issue)$ +user ALL = ^/usr/bin/(who|w|id|whoami)$ +user ALL = ^/usr/bin/(who|w|id|whoami)$ "" +user ALL = ^/usr/bin/(who|w|id|whoami)$ root +user ALL = ^/usr/bin/(who|w|id|whoami)$ -* +user ALL = ^/usr/bin/(who|w|id|whoami)$ ^(-[ahi] ?)+$ +user ALL = sudoedit ^/etc/(hosts|motd|issue)$ +user ALL = ^/usr/bin/\$tree$ +user host1 = /bin/ls ^/etc/(hosts|motd|issue)$, /usr/bin/c* ^/etc/(hosts|motd|issue)$ : host2 = ^/usr/bin/(who|w|id|whoami)$ "", ^/usr/bin/(who|w|id|whoami)$ root : host3 = /bin/echo ^\$foo$ diff --git a/plugins/sudoers/regress/sudoers/test28.toke.ok b/plugins/sudoers/regress/sudoers/test28.toke.ok new file mode 100644 index 0000000..03918b9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test28.toke.ok @@ -0,0 +1,32 @@ +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) + +# +WORD(6) ALL = COMMAND ARG REGEX + +# +WORD(6) ALL = COMMAND ARG REGEX + +# +WORD(6) ALL = COMMAND + +# +WORD(6) ALL = COMMAND ARG + +# +WORD(6) ALL = COMMAND ARG + +# +WORD(6) ALL = COMMAND ARG + +# +WORD(6) ALL = COMMAND ARG REGEX + +# +WORD(6) ALL = COMMAND ARG REGEX + +# +WORD(6) ALL = COMMAND + +# +WORD(6) WORD(6) = COMMAND ARG REGEX , COMMAND ARG REGEX : WORD(6) = COMMAND ARG , COMMAND ARG : WORD(6) = COMMAND ARG REGEX QUOTEDCHAR diff --git a/plugins/sudoers/regress/sudoers/test29.in b/plugins/sudoers/regress/sudoers/test29.in new file mode 100644 index 0000000..34092cd --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test29.in @@ -0,0 +1,11 @@ +# Test lexer regex syntax errors +# We don't test regcomp() errors since regerror() strings are not +# standardized. + +user ALL = /bin/ls ^/etc/(hosts|motd|issue + +user ALL = ^/bin/ls + +user ALL = ^/bin/ls$ ^error + +user ALL = ^/bin/ls$ ^error # comment diff --git a/plugins/sudoers/regress/sudoers/test29.json.ok b/plugins/sudoers/regress/sudoers/test29.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test29.json.ok diff --git a/plugins/sudoers/regress/sudoers/test29.ldif.ok b/plugins/sudoers/regress/sudoers/test29.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test29.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test29.out.ok b/plugins/sudoers/regress/sudoers/test29.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test29.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test29.toke.ok b/plugins/sudoers/regress/sudoers/test29.toke.ok new file mode 100644 index 0000000..ce3a4a9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test29.toke.ok @@ -0,0 +1,11 @@ +# +# +# + +WORD(6) ALL = COMMAND ARG REGEX ERROR <*> + +WORD(6) ALL = WORD(6) <*> + +WORD(6) ALL = COMMAND ARG REGEX ERROR <*> + +WORD(6) ALL = COMMAND ARG REGEX ERROR <*> # diff --git a/plugins/sudoers/regress/sudoers/test3.in b/plugins/sudoers/regress/sudoers/test3.in new file mode 100644 index 0000000..82fcd83 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test3.in @@ -0,0 +1,6 @@ +# Test whitespace in User_List as part of a per-user Defaults entry +User_Alias FOO = foo, bar +Defaults:FOO env_reset +Defaults:foo,bar env_reset +Defaults:foo,\ bar env_reset +Defaults:foo, bar env_reset diff --git a/plugins/sudoers/regress/sudoers/test3.json.ok b/plugins/sudoers/regress/sudoers/test3.json.ok new file mode 100644 index 0000000..fc69eb1 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test3.json.ok @@ -0,0 +1,45 @@ +{ + "Defaults": [ + { + "Binding": [ + { "useralias": "FOO" } + ], + "Options": [ + { "env_reset": true } + ] + }, + { + "Binding": [ + { "username": "foo" }, + { "username": "bar" } + ], + "Options": [ + { "env_reset": true } + ] + }, + { + "Binding": [ + { "username": "foo" }, + { "username": " bar" } + ], + "Options": [ + { "env_reset": true } + ] + }, + { + "Binding": [ + { "username": "foo" }, + { "username": "bar" } + ], + "Options": [ + { "env_reset": true } + ] + } + ], + "User_Aliases": { + "FOO": [ + { "username": "foo" }, + { "username": "bar" } + ] + } +} diff --git a/plugins/sudoers/regress/sudoers/test3.ldif.ok b/plugins/sudoers/regress/sudoers/test3.ldif.ok new file mode 100644 index 0000000..783cde5 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test3.ldif.ok @@ -0,0 +1,12 @@ +# Unable to translate stdin:3:23: +# Defaults:foo, bar env_reset + +# Unable to translate stdin:4:27: +# Defaults:foo, bar env_reset + +# Unable to translate stdin:5:29: +# Defaults:foo, " bar" env_reset + +# Unable to translate stdin:6:28: +# Defaults:foo, bar env_reset + diff --git a/plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok diff --git a/plugins/sudoers/regress/sudoers/test3.out.ok b/plugins/sudoers/regress/sudoers/test3.out.ok new file mode 100644 index 0000000..7f620c4 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test3.out.ok @@ -0,0 +1,8 @@ +Parses OK + +Defaults:FOO env_reset +Defaults:foo, bar env_reset +Defaults:foo, " bar" env_reset +Defaults:foo, bar env_reset + +User_Alias FOO = foo, bar diff --git a/plugins/sudoers/regress/sudoers/test3.toke.ok b/plugins/sudoers/regress/sudoers/test3.toke.ok new file mode 100644 index 0000000..028f333 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test3.toke.ok @@ -0,0 +1,6 @@ +# +USERALIAS ALIAS = WORD(6) , WORD(6) +DEFAULTS_USER ALIAS DEFVAR +DEFAULTS_USER WORD(6) , WORD(6) DEFVAR +DEFAULTS_USER WORD(6) , WORD(6) DEFVAR +DEFAULTS_USER WORD(6) , WORD(6) DEFVAR diff --git a/plugins/sudoers/regress/sudoers/test30.in b/plugins/sudoers/regress/sudoers/test30.in new file mode 100644 index 0000000..c89d739 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.in @@ -0,0 +1,10 @@ +# Test parsing of "list" pseudo-command. +# It should be allowed as a command but also as a user or host. + +user1 ALL = list + +list ALL = ALL + +user2 ALL = (list : list) ALL + +user3 list = ALL diff --git a/plugins/sudoers/regress/sudoers/test30.json.ok b/plugins/sudoers/regress/sudoers/test30.json.ok new file mode 100644 index 0000000..e95f2c6 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.json.ok @@ -0,0 +1,79 @@ +{ + "User_Specs": [ + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Commands": [ + { "command": "list" } + ] + } + ] + }, + { + "User_List": [ + { "username": "list" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "list" } + ], + "runasgroups": [ + { "usergroup": "list" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "list" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test30.ldif.ok b/plugins/sudoers/regress/sudoers/test30.ldif.ok new file mode 100644 index 0000000..2c1913f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.ldif.ok @@ -0,0 +1,38 @@ +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoCommand: list +sudoOrder: 1 + +dn: cn=list,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: list +sudoUser: list +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2 +sudoUser: user2 +sudoHost: ALL +sudoRunAsUser: list +sudoRunAsGroup: list +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3 +sudoUser: user3 +sudoHost: list +sudoCommand: ALL +sudoOrder: 4 + diff --git a/plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok new file mode 100644 index 0000000..8e7b68e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok @@ -0,0 +1,11 @@ +# sudoRole user1 +user1 ALL = list + +# sudoRole list +list ALL = ALL + +# sudoRole user2 +user2 ALL = (list : list) ALL + +# sudoRole user3 +user3 list = ALL diff --git a/plugins/sudoers/regress/sudoers/test30.out.ok b/plugins/sudoers/regress/sudoers/test30.out.ok new file mode 100644 index 0000000..95fc8ff --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.out.ok @@ -0,0 +1,6 @@ +Parses OK + +user1 ALL = list +list ALL = ALL +user2 ALL = (list : list) ALL +user3 list = ALL diff --git a/plugins/sudoers/regress/sudoers/test30.sudo.ok b/plugins/sudoers/regress/sudoers/test30.sudo.ok new file mode 100644 index 0000000..1f34b03 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.sudo.ok @@ -0,0 +1,7 @@ +user1 ALL = list + +list ALL = ALL + +user2 ALL = (list : list) ALL + +user3 list = ALL diff --git a/plugins/sudoers/regress/sudoers/test30.toke.ok b/plugins/sudoers/regress/sudoers/test30.toke.ok new file mode 100644 index 0000000..a6a05ef --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test30.toke.ok @@ -0,0 +1,10 @@ +# +# + +WORD(6) ALL = WORD(6) + +WORD(6) ALL = ALL + +WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL + +WORD(6) WORD(6) = ALL diff --git a/plugins/sudoers/regress/sudoers/test4.in b/plugins/sudoers/regress/sudoers/test4.in new file mode 100644 index 0000000..b8df454 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test4.in @@ -0,0 +1,7 @@ +# Test line continuation with anchored matches +User_Alias FOO = foo \ +: BAR = bar + +# This used to pass for sudo < 1.8.1 (though it should not have) +User_Alias FOO = foo \ +User_Alias BAR = bar diff --git a/plugins/sudoers/regress/sudoers/test4.json.ok b/plugins/sudoers/regress/sudoers/test4.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test4.json.ok diff --git a/plugins/sudoers/regress/sudoers/test4.ldif.ok b/plugins/sudoers/regress/sudoers/test4.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test4.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test4.out.ok b/plugins/sudoers/regress/sudoers/test4.out.ok new file mode 100644 index 0000000..de27db3 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test4.out.ok @@ -0,0 +1,3 @@ + +User_Alias BAR = bar +User_Alias FOO = foo diff --git a/plugins/sudoers/regress/sudoers/test4.toke.ok b/plugins/sudoers/regress/sudoers/test4.toke.ok new file mode 100644 index 0000000..a808e5a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test4.toke.ok @@ -0,0 +1,5 @@ +# +USERALIAS ALIAS = WORD(6) : ALIAS = WORD(6) + +# +USERALIAS ALIAS = WORD(6) ERROR <*> ALIAS = WORD(6) diff --git a/plugins/sudoers/regress/sudoers/test5.in b/plugins/sudoers/regress/sudoers/test5.in new file mode 100644 index 0000000..354f589 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test5.in @@ -0,0 +1,3 @@ +# Test empty string in User_Alias and Command_Spec +User_Alias FOO = "" +"" ALL = ALL diff --git a/plugins/sudoers/regress/sudoers/test5.json.ok b/plugins/sudoers/regress/sudoers/test5.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test5.json.ok diff --git a/plugins/sudoers/regress/sudoers/test5.ldif.ok b/plugins/sudoers/regress/sudoers/test5.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test5.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test5.out.ok b/plugins/sudoers/regress/sudoers/test5.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test5.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test5.toke.ok b/plugins/sudoers/regress/sudoers/test5.toke.ok new file mode 100644 index 0000000..9376455 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test5.toke.ok @@ -0,0 +1,3 @@ +# +USERALIAS ALIAS = BEGINSTR ENDSTR ERROR <*> +BEGINSTR ENDSTR ERROR <*> ALL = ALL diff --git a/plugins/sudoers/regress/sudoers/test6.in b/plugins/sudoers/regress/sudoers/test6.in new file mode 100644 index 0000000..e804571 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test6.in @@ -0,0 +1,15 @@ +# Check that uids work in per-user and per-runas Defaults +Defaults:#123 set_home +Defaults>#123 set_home +Defaults:"#123" set_home +Defaults>"#123" set_home + +# Check that uids work in a Command_Spec +#0 ALL = ALL +#0 ALL = (#0 : #0) ALL +"#0" ALL = ALL +"#0" ALL = ("#0" : "#0") ALL + +# Check that gids work in a Command_Spec +%#0 ALL = ALL +"%#0" ALL = ALL diff --git a/plugins/sudoers/regress/sudoers/test6.json.ok b/plugins/sudoers/regress/sudoers/test6.json.ok new file mode 100644 index 0000000..be1f80f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test6.json.ok @@ -0,0 +1,158 @@ +{ + "Defaults": [ + { + "Binding": [ + { "userid": 123 } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "userid": 123 } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "userid": 123 } + ], + "Options": [ + { "set_home": true } + ] + }, + { + "Binding": [ + { "userid": 123 } + ], + "Options": [ + { "set_home": true } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "userid": 0 } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "userid": 0 } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "userid": 0 } + ], + "runasgroups": [ + { "usergroup": "#0" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "userid": 0 } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "userid": 0 } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "userid": 0 } + ], + "runasgroups": [ + { "usergroup": "#0" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergid": 0 } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergid": 0 } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test6.ldif.ok b/plugins/sudoers/regress/sudoers/test6.ldif.ok new file mode 100644 index 0000000..046b334 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test6.ldif.ok @@ -0,0 +1,70 @@ +# Unable to translate stdin:2:23: +# Defaults:#123 set_home + +# Unable to translate stdin:3:23: +# Defaults>#123 set_home + +# Unable to translate stdin:4:25: +# Defaults:#123 set_home + +# Unable to translate stdin:5:25: +# Defaults>#123 set_home + +dn: cn=\#0,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \#0 +sudoUser: #0 +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=\#0_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \#0_1 +sudoUser: #0 +sudoHost: ALL +sudoRunAsUser: #0 +sudoRunAsGroup: #0 +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=\#0_2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \#0_2 +sudoUser: #0 +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=\#0_3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: \#0_3 +sudoUser: #0 +sudoHost: ALL +sudoRunAsUser: #0 +sudoRunAsGroup: #0 +sudoCommand: ALL +sudoOrder: 4 + +dn: cn=%\#0,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %\#0 +sudoUser: %#0 +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 5 + +dn: cn=%\#0_1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %\#0_1 +sudoUser: %#0 +sudoHost: ALL +sudoCommand: ALL +sudoOrder: 6 + diff --git a/plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok new file mode 100644 index 0000000..bfe40bb --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok @@ -0,0 +1,5 @@ +# sudoRole #0, #0_1, #0_2, #0_3 +#0 ALL = ALL, (#0 : #0) ALL, ALL, (#0 : #0) ALL + +# sudoRole %#0, %#0_1 +%#0 ALL = ALL, ALL diff --git a/plugins/sudoers/regress/sudoers/test6.out.ok b/plugins/sudoers/regress/sudoers/test6.out.ok new file mode 100644 index 0000000..73b8fe0 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test6.out.ok @@ -0,0 +1,13 @@ +Parses OK + +Defaults:#123 set_home +Defaults>#123 set_home +Defaults:#123 set_home +Defaults>#123 set_home + +#0 ALL = ALL +#0 ALL = (#0 : #0) ALL +#0 ALL = ALL +#0 ALL = (#0 : #0) ALL +%#0 ALL = ALL +%#0 ALL = ALL diff --git a/plugins/sudoers/regress/sudoers/test6.toke.ok b/plugins/sudoers/regress/sudoers/test6.toke.ok new file mode 100644 index 0000000..db8e1c5 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test6.toke.ok @@ -0,0 +1,15 @@ +# +DEFAULTS_USER WORD(6) DEFVAR +DEFAULTS_RUNAS WORD(6) DEFVAR +DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR +DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR + +# +WORD(6) ALL = ALL +WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL +BEGINSTR STRBODY ENDSTR WORD(4) ALL = ALL +BEGINSTR STRBODY ENDSTR WORD(4) ALL = ( BEGINSTR STRBODY ENDSTR WORD(4) : BEGINSTR STRBODY ENDSTR WORD(4) ) ALL + +# +USERGROUP ALL = ALL +BEGINSTR STRBODY ENDSTR USERGROUP ALL = ALL diff --git a/plugins/sudoers/regress/sudoers/test7.in b/plugins/sudoers/regress/sudoers/test7.in new file mode 100644 index 0000000..7b241d0 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test7.in @@ -0,0 +1,7 @@ +# These should all be syntax errors +User_Alias FOO1 = "%" +User_Alias FOO2 = "%:" +User_Alias FOO3 = "+" +User_Alias FOO4 = % +User_Alias FOO5 = %: +User_Alias FOO6 = + diff --git a/plugins/sudoers/regress/sudoers/test7.json.ok b/plugins/sudoers/regress/sudoers/test7.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test7.json.ok diff --git a/plugins/sudoers/regress/sudoers/test7.ldif.ok b/plugins/sudoers/regress/sudoers/test7.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test7.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test7.out.ok b/plugins/sudoers/regress/sudoers/test7.out.ok new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test7.out.ok @@ -0,0 +1 @@ + diff --git a/plugins/sudoers/regress/sudoers/test7.toke.ok b/plugins/sudoers/regress/sudoers/test7.toke.ok new file mode 100644 index 0000000..a5bf018 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test7.toke.ok @@ -0,0 +1,7 @@ +# +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> +USERALIAS ALIAS = ERROR <*> +USERALIAS ALIAS = ERROR <*> +USERALIAS ALIAS = ERROR <*> diff --git a/plugins/sudoers/regress/sudoers/test8.in b/plugins/sudoers/regress/sudoers/test8.in new file mode 100644 index 0000000..d25e834 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test8.in @@ -0,0 +1,8 @@ +# Test quoted strings +User_Alias UA1 = "xy" +User_Alias UA2 = "x\ +y" +User_Alias UA3 = x\"y + +# A newline in the middle of a string is an error +User_Alias UA4 = "x diff --git a/plugins/sudoers/regress/sudoers/test8.json.ok b/plugins/sudoers/regress/sudoers/test8.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test8.json.ok diff --git a/plugins/sudoers/regress/sudoers/test8.ldif.ok b/plugins/sudoers/regress/sudoers/test8.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test8.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test8.out.ok b/plugins/sudoers/regress/sudoers/test8.out.ok new file mode 100644 index 0000000..e62f97f --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test8.out.ok @@ -0,0 +1,4 @@ + +User_Alias UA1 = xy +User_Alias UA2 = xy +User_Alias UA3 = x\"y diff --git a/plugins/sudoers/regress/sudoers/test8.toke.ok b/plugins/sudoers/regress/sudoers/test8.toke.ok new file mode 100644 index 0000000..1bc46cb --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test8.toke.ok @@ -0,0 +1,7 @@ +# +USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) +USERALIAS ALIAS = BEGINSTR STRBODY STRBODY ENDSTR WORD(4) +USERALIAS ALIAS = WORD(6) + +# +USERALIAS ALIAS = BEGINSTR STRBODY ERROR <*> diff --git a/plugins/sudoers/regress/sudoers/test9.in b/plugins/sudoers/regress/sudoers/test9.in new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test9.in diff --git a/plugins/sudoers/regress/sudoers/test9.json.ok b/plugins/sudoers/regress/sudoers/test9.json.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test9.json.ok diff --git a/plugins/sudoers/regress/sudoers/test9.ldif.ok b/plugins/sudoers/regress/sudoers/test9.ldif.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test9.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test9.out.ok b/plugins/sudoers/regress/sudoers/test9.out.ok new file mode 100644 index 0000000..5af5c53 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test9.out.ok @@ -0,0 +1,2 @@ +Parses OK + diff --git a/plugins/sudoers/regress/sudoers/test9.toke.ok b/plugins/sudoers/regress/sudoers/test9.toke.ok new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test9.toke.ok |