Add tests for round-tripping sudoers -> ldif -> sudoers

diff --git a/MANIFEST b/MANIFEST
index c909b72cf08fff89df5441328987cd5e4c6c151f..b8ddce75ad4ca80900257448e9b1fd6c36bcff00 100644 (file)
--- a/MANIFEST
+++ b/MANIFEST
@@ -407,6 +407,7 @@ plugins/sudoers/regress/starttime/check_starttime.c
 plugins/sudoers/regress/sudoers/test1.in
 plugins/sudoers/regress/sudoers/test1.json.ok
 plugins/sudoers/regress/sudoers/test1.ldif.ok
+plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test1.out.ok
 plugins/sudoers/regress/sudoers/test1.toke.ok
 plugins/sudoers/regress/sudoers/test10.in
@@ -432,21 +433,25 @@ plugins/sudoers/regress/sudoers/test13.toke.ok
 plugins/sudoers/regress/sudoers/test14.in
 plugins/sudoers/regress/sudoers/test14.json.ok
 plugins/sudoers/regress/sudoers/test14.ldif.ok
+plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test14.out.ok
 plugins/sudoers/regress/sudoers/test14.toke.ok
 plugins/sudoers/regress/sudoers/test15.in
 plugins/sudoers/regress/sudoers/test15.json.ok
 plugins/sudoers/regress/sudoers/test15.ldif.ok
+plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test15.out.ok
 plugins/sudoers/regress/sudoers/test15.toke.ok
 plugins/sudoers/regress/sudoers/test16.in
 plugins/sudoers/regress/sudoers/test16.json.ok
 plugins/sudoers/regress/sudoers/test16.ldif.ok
+plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test16.out.ok
 plugins/sudoers/regress/sudoers/test16.toke.ok
 plugins/sudoers/regress/sudoers/test17.in
 plugins/sudoers/regress/sudoers/test17.json.ok
 plugins/sudoers/regress/sudoers/test17.ldif.ok
+plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test17.out.ok
 plugins/sudoers/regress/sudoers/test17.toke.ok
 plugins/sudoers/regress/sudoers/test18.in
@@ -457,26 +462,31 @@ plugins/sudoers/regress/sudoers/test18.toke.ok
 plugins/sudoers/regress/sudoers/test19.in
 plugins/sudoers/regress/sudoers/test19.json.ok
 plugins/sudoers/regress/sudoers/test19.ldif.ok
+plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test19.out.ok
 plugins/sudoers/regress/sudoers/test19.toke.ok
 plugins/sudoers/regress/sudoers/test2.in
 plugins/sudoers/regress/sudoers/test2.json.ok
 plugins/sudoers/regress/sudoers/test2.ldif.ok
+plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test2.out.ok
 plugins/sudoers/regress/sudoers/test2.toke.ok
 plugins/sudoers/regress/sudoers/test20.in
 plugins/sudoers/regress/sudoers/test20.json.ok
 plugins/sudoers/regress/sudoers/test20.ldif.ok
+plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test20.out.ok
 plugins/sudoers/regress/sudoers/test20.toke.ok
 plugins/sudoers/regress/sudoers/test21.in
 plugins/sudoers/regress/sudoers/test21.json.ok
 plugins/sudoers/regress/sudoers/test21.ldif.ok
+plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test21.out.ok
 plugins/sudoers/regress/sudoers/test21.toke.ok
 plugins/sudoers/regress/sudoers/test3.in
 plugins/sudoers/regress/sudoers/test3.json.ok
 plugins/sudoers/regress/sudoers/test3.ldif.ok
+plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test3.out.ok
 plugins/sudoers/regress/sudoers/test3.toke.ok
 plugins/sudoers/regress/sudoers/test4.in
@@ -492,6 +502,7 @@ plugins/sudoers/regress/sudoers/test5.toke.ok
 plugins/sudoers/regress/sudoers/test6.in
 plugins/sudoers/regress/sudoers/test6.json.ok
 plugins/sudoers/regress/sudoers/test6.ldif.ok
+plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test6.out.ok
 plugins/sudoers/regress/sudoers/test6.toke.ok
 plugins/sudoers/regress/sudoers/test7.in

diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index 14b4dfbbacaeb2b9dea01ed5f84df6c3f9380491..f09cee65a78c356f7d28a07c4e54ad2b4e2a5853 100644 (file)
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -425,6 +425,7 @@ check: $(TEST_PROGS) visudo testsudoers
                json="regress/sudoers/$${base}.json"; \
                ldif="regress/sudoers/$${base}.ldif"; \
                sudo="regress/sudoers/$${base}.sudo"; \
+               ldif2sudo="regress/sudoers/$${base}.ldif2sudo"; \
                if test -s $$json.ok; then \
                    ASAN_OPTIONS=; \
                else \
@@ -481,6 +482,18 @@ check: $(TEST_PROGS) visudo testsudoers
                    echo "$$dir/$$base: (reparse) FAIL"; \
                    ./visudo -cf $$sudo || true; \
                fi; \
+               if test -s $(srcdir)/$$ldif.ok; then \
+                   ./cvtsudoers -c "" -i ldif -f sudoers $(srcdir)/$$ldif.ok >$$ldif2sudo || true; \
+                   total=`expr $$total + 1`; \
+                   if cmp $$ldif2sudo $(srcdir)/$$ldif2sudo.ok >/dev/null; then \
+                       passed=`expr $$passed + 1`; \
+                       echo "$$dir/$$base (ldif2sudo): OK"; \
+                   else \
+                       failed=`expr $$failed + 1`; \
+                       echo "$$dir/$$base: (ldif2sudo) FAIL"; \
+                       diff $$ldif $(srcdir)/$$ldif.ok || true; \
+                   fi; \
+               fi; \
            done; \
            echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \
            if test $$failed -ne 0; then \

diff --git a/plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..126fe91
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok
@@ -0,0 +1,13 @@
+# sudoRole user1, user1_1
+user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su -, NOLOG_INPUT: NOLOG_OUTPUT:\
+    /usr/bin/id
+
+# sudoRole user2, user2_1
+user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi, NOSETENV: EXEC: PASSWD:\
+    /usr/bin/echo
+
+# sudoRole user3, user3_1
+user3 ALL = MAIL: /bin/sh, NOMAIL: /usr/bin/id
+
+# sudoRole user4, user4_1
+user4 ALL = FOLLOW: sudoedit /etc/motd, NOFOLLOW: sudoedit /home/*/*

diff --git a/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..6bc0156
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok
@@ -0,0 +1,5 @@
+# sudoRole millert
+millert ALL = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1\
+    /bin/ls, sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh,\
+    sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw\
+    /bin/kill

diff --git a/plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..775d59e
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok
@@ -0,0 +1,2 @@
+# sudoRole user
+user ALL = sudoedit /etc/motd

diff --git a/plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..775d59e
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok
@@ -0,0 +1,2 @@
+# sudoRole user
+user ALL = sudoedit /etc/motd

diff --git a/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..6bc2a36
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok
@@ -0,0 +1,29 @@
+Defaults command_timeout=2d8h10m59s
+
+# sudoRole user0
+user0 ALL = /usr/bin/id, /usr/bin/who, /bin/ls
+
+# sudoRole user1
+user1 ALL = /usr/bin/id
+
+# sudoRole user2
+user2 ALL = /usr/bin/id
+
+# sudoRole user3
+user3 ALL = /usr/bin/id
+
+# sudoRole user4
+user4 ALL = /usr/bin/id
+
+# sudoRole user5
+user5 ALL = /usr/bin/id
+
+# sudoRole user6
+user6 ALL = /usr/bin/id
+
+# sudoRole user7
+user7 ALL = /usr/bin/id
+
+# sudoRole user8
+user8 ALL = /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id,\
+    /usr/bin/id

diff --git a/plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..fc202e4
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok
@@ -0,0 +1,29 @@
+# sudoRole user0
+user0 ALL = NOTBEFORE=20170301083000Z /usr/bin/id, /bin/ls
+
+# sudoRole user1
+user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, /bin/ls
+
+# sudoRole user2
+user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id
+
+# sudoRole user3
+user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id
+
+# sudoRole user4
+user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id
+
+# sudoRole user5
+user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id
+
+# sudoRole user6
+user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id
+
+# sudoRole user7
+user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id
+
+# sudoRole user8
+user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id
+
+# sudoRole user9
+user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id

diff --git a/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..7039523
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok
@@ -0,0 +1,38 @@
+# sudoRole foo
+foo hosta = (root) ALL
+
+# sudoRole foo.bar
+foo.bar hostb = (root) ALL
+
+# sudoRole foo"
+foo\" hostc = (root) ALL
+
+# sudoRole foo:bar
+foo\:bar hostd = (root) ALL
+
+# sudoRole foo:bar"
+foo\:bar\" hoste = (root) ALL
+
+# sudoRole %baz
+%baz hosta = (root) ALL
+
+# sudoRole %baz.biz
+%baz.biz hostb = (root) ALL
+
+# sudoRole %:C/non UNIX 0 c
+"%:C/non UNIX 0 c" hostc = (root) ALL
+
+# sudoRole %:C/non\'UNIX\'1 c
+"%:C/non\'UNIX\'1 c" hostd = (root) ALL
+
+# sudoRole %:C/non"UNIX"0 c
+"%:C/non\"UNIX\"0 c" hoste = (root) ALL
+
+# sudoRole %:C/non_UNIX_0 c
+"%:C/non_UNIX_0 c" hostf = (root) ALL
+
+# sudoRole %:C/non\'UNIX_3 c
+"%:C/non\'UNIX_3 c" hostg = (root) ALL
+
+# sudoRole +netgr
++netgr hosth = (root) ALL

diff --git a/plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..e1c743c
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok
@@ -0,0 +1,22 @@
+Defaults lecture
+Defaults !lecture
+Defaults lecture=never
+Defaults lecture=once
+Defaults lecture=always
+Defaults listpw
+Defaults !listpw
+Defaults listpw=never
+Defaults listpw=any
+Defaults listpw=all
+Defaults listpw=always
+Defaults verifypw
+Defaults !verifypw
+Defaults verifypw=never
+Defaults verifypw=any
+Defaults verifypw=all
+Defaults verifypw=always
+Defaults fdexec
+Defaults !fdexec
+Defaults fdexec=never
+Defaults fdexec=digest_only
+Defaults fdexec=always

diff --git a/plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..56e09ff
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok
@@ -0,0 +1,33 @@
+Defaults syslog
+Defaults !syslog
+Defaults syslog=auth
+Defaults syslog=daemon
+Defaults syslog=user
+Defaults syslog=local0
+Defaults syslog=local1
+Defaults syslog=local2
+Defaults syslog=local3
+Defaults syslog=local4
+Defaults syslog=local5
+Defaults syslog=local6
+Defaults syslog=local7
+Defaults !syslog_goodpri
+Defaults syslog_goodpri=alert
+Defaults syslog_goodpri=crit
+Defaults syslog_goodpri=debug
+Defaults syslog_goodpri=emerg
+Defaults syslog_goodpri=err
+Defaults syslog_goodpri=info
+Defaults syslog_goodpri=notice
+Defaults syslog_goodpri=warning
+Defaults syslog_goodpri=none
+Defaults !syslog_badpri
+Defaults syslog_badpri=alert
+Defaults syslog_badpri=crit
+Defaults syslog_badpri=debug
+Defaults syslog_badpri=emerg
+Defaults syslog_badpri=err
+Defaults syslog_badpri=info
+Defaults syslog_badpri=notice
+Defaults syslog_badpri=warning
+Defaults syslog_badpri=none

diff --git a/plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok
new file mode 100644 (file)
index 0000000..bfe40bb
--- /dev/null
+++ b/plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok
@@ -0,0 +1,5 @@
+# sudoRole #0, #0_1, #0_2, #0_3
+#0 ALL = ALL, (#0 : #0) ALL, ALL, (#0 : #0) ALL
+
+# sudoRole %#0, %#0_1
+%#0 ALL = ALL, ALL