plugins/sudoers/redblack.c
plugins/sudoers/redblack.h
plugins/sudoers/regress/check_symbols/check_symbols.c
+plugins/sudoers/regress/cvtsudoers/sudoers
+plugins/sudoers/regress/cvtsudoers/sudoers.defs
+plugins/sudoers/regress/cvtsudoers/test1.out.ok
+plugins/sudoers/regress/cvtsudoers/test1.sh
+plugins/sudoers/regress/cvtsudoers/test10.out.ok
+plugins/sudoers/regress/cvtsudoers/test10.sh
+plugins/sudoers/regress/cvtsudoers/test11.out.ok
+plugins/sudoers/regress/cvtsudoers/test11.sh
+plugins/sudoers/regress/cvtsudoers/test12.out.ok
+plugins/sudoers/regress/cvtsudoers/test12.sh
+plugins/sudoers/regress/cvtsudoers/test13.out.ok
+plugins/sudoers/regress/cvtsudoers/test13.sh
+plugins/sudoers/regress/cvtsudoers/test14.out.ok
+plugins/sudoers/regress/cvtsudoers/test14.sh
+plugins/sudoers/regress/cvtsudoers/test15.out.ok
+plugins/sudoers/regress/cvtsudoers/test15.sh
+plugins/sudoers/regress/cvtsudoers/test16.out.ok
+plugins/sudoers/regress/cvtsudoers/test16.sh
+plugins/sudoers/regress/cvtsudoers/test17.out.ok
+plugins/sudoers/regress/cvtsudoers/test17.sh
+plugins/sudoers/regress/cvtsudoers/test18.out.ok
+plugins/sudoers/regress/cvtsudoers/test18.sh
+plugins/sudoers/regress/cvtsudoers/test19.out.ok
+plugins/sudoers/regress/cvtsudoers/test19.sh
+plugins/sudoers/regress/cvtsudoers/test2.out.ok
+plugins/sudoers/regress/cvtsudoers/test2.sh
+plugins/sudoers/regress/cvtsudoers/test20.conf
+plugins/sudoers/regress/cvtsudoers/test20.out.ok
+plugins/sudoers/regress/cvtsudoers/test20.sh
+plugins/sudoers/regress/cvtsudoers/test21.conf
+plugins/sudoers/regress/cvtsudoers/test21.out.ok
+plugins/sudoers/regress/cvtsudoers/test21.sh
+plugins/sudoers/regress/cvtsudoers/test3.out.ok
+plugins/sudoers/regress/cvtsudoers/test3.sh
+plugins/sudoers/regress/cvtsudoers/test4.out.ok
+plugins/sudoers/regress/cvtsudoers/test4.sh
+plugins/sudoers/regress/cvtsudoers/test5.out.ok
+plugins/sudoers/regress/cvtsudoers/test5.sh
+plugins/sudoers/regress/cvtsudoers/test6.out.ok
+plugins/sudoers/regress/cvtsudoers/test6.sh
+plugins/sudoers/regress/cvtsudoers/test7.out.ok
+plugins/sudoers/regress/cvtsudoers/test7.sh
+plugins/sudoers/regress/cvtsudoers/test8.out.ok
+plugins/sudoers/regress/cvtsudoers/test8.sh
+plugins/sudoers/regress/cvtsudoers/test9.out.ok
+plugins/sudoers/regress/cvtsudoers/test9.sh
plugins/sudoers/regress/env_match/check_env_pattern.c
plugins/sudoers/regress/env_match/data
plugins/sudoers/regress/iolog_path/check_iolog_path.c
/usr/sbin/rrestore, /usr/bin/mt, \
sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
/home/operator/bin/start_backups
-Cmnd_Alias KILL = /usr/bin/kill
+Cmnd_Alias KILL = /usr/bin/kill, /usr/bin/top
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
cppcheck:
cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c
-check: $(TEST_PROGS) visudo testsudoers
+check: $(TEST_PROGS) visudo testsudoers cvtsudoers
@if test X"$(cross_compiling)" != X"yes"; then \
LC_ALL=C; export LC_ALL; \
unset LANG || LANG=; \
if test $$failed -ne 0; then \
rval=`expr $$rval + $$failed`; \
fi; \
- for dir in testsudoers visudo; do \
+ for dir in testsudoers visudo cvtsudoers; do \
mkdir -p regress/$$dir; \
passed=0; failed=0; total=0; \
for t in $(srcdir)/regress/$$dir/*.sh; do \
--- /dev/null
+#
+# Sample /etc/sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+
+##
+# Override built-in defaults
+##
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS noexec
+
+##
+# User alias specification
+##
+User_Alias FULLTIMERS = millert, mikef, dowdy
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+User_Alias WEBMASTERS = will, wendy, wim
+
+##
+# Runas alias specification
+##
+Runas_Alias OP = root, operator
+Runas_Alias DB = oracle, sybase
+
+##
+# Host alias specification
+##
+Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
+ SGI = grolsch, dandelion, black:\
+ ALPHA = widget, thalamus, foobar:\
+ HPPA = boa, nag, python
+Host_Alias CUNETS = 128.138.0.0/255.255.0.0
+Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+Host_Alias SERVERS = master, mail, www, ns
+Host_Alias CDROM = orion, perseus, hercules
+
+##
+# Cmnd alias specification
+##
+Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+ /usr/sbin/rrestore, /usr/bin/mt, \
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+ /home/operator/bin/start_backups
+Cmnd_Alias KILL = /usr/bin/kill, /usr/bin/top
+Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias HALT = /usr/sbin/halt
+Cmnd_Alias REBOOT = /usr/sbin/reboot
+Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+ /usr/local/bin/tcsh, /usr/bin/rsh, \
+ /usr/local/bin/zsh
+Cmnd_Alias SU = /usr/bin/su
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+ /usr/bin/chfn
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+##
+# User specification
+##
+
+# root and users in group wheel can run anything on any machine as any user
+root ALL = (ALL) ALL
+%wheel ALL = (ALL) ALL
+
+# full time sysadmins can run anything on any machine without a password
+FULLTIMERS ALL = NOPASSWD: ALL
+
+# part time sysadmins may run anything but need a password
+PARTTIMERS ALL = ALL
+
+# jack may run anything on machines in CSNETS
+jack CSNETS = ALL
+
+# lisa may run any command on any host in CUNETS (a class B network)
+lisa CUNETS = ALL
+
+# operator may run maintenance commands and anything in /usr/oper/bin/
+operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+ sudoedit /etc/printcap, /usr/oper/bin/
+
+# joe may su only to operator
+joe ALL = /usr/bin/su operator
+
+# pete may change passwords for anyone but root on the hp snakes
+pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
+
+# bob may run anything on the sparc and sgi machines as any user
+# listed in the Runas_Alias "OP" (ie: root and operator)
+bob SPARC = (OP) ALL : SGI = (OP) ALL
+
+# fred can run commands as oracle or sybase without a password
+fred ALL = (DB) NOPASSWD: ALL
+
+# on the alphas, john may su to anyone but root and flags are not allowed
+john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+# jen can run anything on all machines except the ones
+# in the "SERVERS" Host_Alias
+jen ALL, !SERVERS = ALL
+
+# jill can run any commands in the directory /usr/bin/, except for
+# those in the SU and SHELLS aliases.
+jill SERVERS = /usr/bin/, !SU, !SHELLS
+
+# steve can run any command in the directory /usr/local/op_commands/
+# as user operator.
+steve CSNETS = (operator) /usr/local/op_commands/
+
+# matt needs to be able to kill things on his workstation when
+# they get hung.
+matt valkyrie = KILL
+
+# users in the WEBMASTERS User_Alias (will, wendy, and wim)
+# may run any command as user www (which owns the web pages)
+# or simply su to www.
+WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
+
+# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
+ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
+ /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
--- /dev/null
+Defaults syslog=auth
+Defaults>ROOT !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS noexec
+
+User_Alias FULLTIMERS = millert, mikef, dowdy
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+
+Host_Alias SERVERS = master, mail, www, ns
+Host_Alias CDROM = orion, perseus, hercules
+
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+ /usr/bin/chfn
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+Runas_Alias ROOT = root, toor
+Runas_Alias OPERATOR = operator, backup
--- /dev/null
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+Defaults!PAGERS noexec
+
+Host_Alias CDROM = orion, perseus, hercules
+User_Alias FULLTIMERS = millert, mikef, dowdy
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+FULLTIMERS ALL = NOPASSWD: ALL
+
+ALL CDROM = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o nosuid\,nodev\
+ /dev/cd0a /CDROM
--- /dev/null
+#!/bin/sh
+#
+# Test user and host filters
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -m user=millert,host=hercules $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults!PAGERS noexec
--- /dev/null
+#!/bin/sh
+#
+# Test command defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d command $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults!PAGERS noexec
+
+Host_Alias CDROM = orion, perseus, hercules
+Runas_Alias OPERATOR = operator, backup
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
--- /dev/null
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d command $TESTDIR/sudoers.defs
--- /dev/null
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+
+Host_Alias CDROM = orion, perseus, hercules
+User_Alias FULLTIMERS = millert, mikef, dowdy
+Runas_Alias OPERATOR = operator, backup
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
--- /dev/null
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d user $TESTDIR/sudoers.defs
--- /dev/null
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+
+Host_Alias CDROM = orion, perseus, hercules
+Runas_Alias OPERATOR = operator, backup
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Host_Alias SERVERS = master, mail, www, ns
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
--- /dev/null
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d host $TESTDIR/sudoers.defs
--- /dev/null
+Defaults>ROOT !set_logname
+
+Host_Alias CDROM = orion, perseus, hercules
+Runas_Alias OPERATOR = operator, backup
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Runas_Alias ROOT = root, toor
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
--- /dev/null
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d runas $TESTDIR/sudoers.defs
--- /dev/null
+user1 host1, host2, host3 = ALL
--- /dev/null
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m user=user1 <<EOF
+user1, user2, user3, %group1 host1, host2, host3 = ALL
+EOF
--- /dev/null
+user2 host2 = ALL
--- /dev/null
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m user=user2,host=host2 <<EOF
+user1, user2, user3, %group1 host1, host2, host3 = ALL
+EOF
--- /dev/null
+%group1 host1 = ALL
--- /dev/null
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m group=group1,host=host1 <<EOF
+user1, user2, user3, %group1 host1, host2, host3 = ALL
+EOF
--- /dev/null
+%group1 ALL = ALL
--- /dev/null
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m group=group1,host=somehost <<EOF
+user1, user2, user3, %group1 ALL = ALL
+EOF
--- /dev/null
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS noexec
+
+User_Alias FULLTIMERS = millert, mikef, dowdy
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+Host_Alias SERVERS = master, mail, www, ns
+
+FULLTIMERS ALL = NOPASSWD: ALL
--- /dev/null
+#!/bin/sh
+#
+# Test filters and pruning; alias contents don't get pruned
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m user=FULLTIMERS,host=SERVERS $TESTDIR/sudoers
--- /dev/null
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:millert, mikef, dowdy !lecture
+Defaults:millert !authenticate
+Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec
+
+millert, mikef, dowdy ALL = NOPASSWD: ALL
+
+ALL orion, perseus, hercules = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o\
+ nosuid\,nodev /dev/cd0a /CDROM
--- /dev/null
+#!/bin/sh
+#
+# Test user and host filters, expanding aliases
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -e -m user=millert,host=hercules $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+defaults = global
+expand_aliases = yes
+input_format = sudoers
+match = user=user2
+output_format = sudoers
+prune_matches = yes
--- /dev/null
+user2 ALL = /usr/bin/id
--- /dev/null
+#!/bin/sh
+#
+# Test cvtsudoers.conf
+#
+
+exec 2>&1
+./cvtsudoers -c $TESTDIR/test20.conf <<EOF
+Defaults:SOMEUSERS authenticate, timestamp_timeout=0
+User_Alias SOMEUSERS = user1, user2, user3
+
+SOMEUSERS ALL = /usr/bin/id
+EOF
--- /dev/null
+defaults = all
+expand_aliases = no
+input_format = sudoers
+order_increment = 10
+order_start = 1000
+output_format = ldif
+sudoers_base = ou=SUDOers,dc=my-domain,dc=com
+suppress = defaults
--- /dev/null
+dn: cn=ALL,ou=SUDOers,dc=my-domain,dc=com
+objectClass: top
+objectClass: sudoRole
+cn: ALL
+sudoUser: ALL
+sudoHost: ALL
+sudoRunAsUser:
+sudoOption: !authenticate
+sudoCommand: /usr/bin/id
+sudoOrder: 1000
+
+dn: cn=FULLTIMERS,ou=SUDOers,dc=my-domain,dc=com
+objectClass: top
+objectClass: sudoRole
+cn: FULLTIMERS
+sudoUser: user1
+sudoUser: user2
+sudoUser: user3
+sudoHost: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoCommand: ALL
+sudoOrder: 1010
+
--- /dev/null
+#!/bin/sh
+#
+# Test cvtsudoers.conf
+#
+
+exec 2>&1
+./cvtsudoers -c $TESTDIR/test21.conf <<EOF
+Defaults authenticate, timestamp_timeout=0
+User_Alias FULLTIMERS = user1, user2, user3
+
+ALL ALL = (:) NOPASSWD:/usr/bin/id
+FULLTIMERS ALL = (ALL:ALL) ALL
+EOF
--- /dev/null
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults!PAGERS noexec
+
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+%wheel ALL = (ALL) ALL
--- /dev/null
+#!/bin/sh
+#
+# Test group and host filters
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -m group=wheel,host=blackhole $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec
+
+%wheel ALL = (ALL) ALL
--- /dev/null
+#!/bin/sh
+#
+# Test group and host filters, expanding aliases
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -e -m group=wheel,host=blackhole $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS noexec
--- /dev/null
+#!/bin/sh
+#
+# Test defaults type filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d all $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults syslog=auth
--- /dev/null
+#!/bin/sh
+#
+# Test global defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d global $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
--- /dev/null
+#!/bin/sh
+#
+# Test user defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d user $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults>root !set_logname
--- /dev/null
+#!/bin/sh
+#
+# Test runas defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d runas $TESTDIR/sudoers
+
+exit 0
--- /dev/null
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
--- /dev/null
+#!/bin/sh
+#
+# Test host defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d host $TESTDIR/sudoers
+
+exit 0