]> granicus.if.org Git - sudo/commitdiff
cvtsudoers regress tests
authorTodd C. Miller <Todd.Miller@sudo.ws>
Sun, 15 Apr 2018 14:14:46 +0000 (08:14 -0600)
committerTodd C. Miller <Todd.Miller@sudo.ws>
Sun, 15 Apr 2018 14:14:46 +0000 (08:14 -0600)
49 files changed:
MANIFEST
examples/sudoers
plugins/sudoers/Makefile.in
plugins/sudoers/regress/cvtsudoers/sudoers [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/sudoers.defs [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test1.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test1.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test10.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test10.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test11.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test11.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test12.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test12.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test13.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test13.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test14.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test14.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test15.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test15.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test16.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test16.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test17.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test17.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test18.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test18.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test19.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test19.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test2.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test2.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test20.conf [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test20.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test20.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test21.conf [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test21.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test21.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test3.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test3.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test4.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test4.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test5.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test5.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test6.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test6.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test7.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test7.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test8.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test8.sh [new file with mode: 0755]
plugins/sudoers/regress/cvtsudoers/test9.out.ok [new file with mode: 0644]
plugins/sudoers/regress/cvtsudoers/test9.sh [new file with mode: 0755]

index 9df440f5210f096533962087ab4879c53eb0c5bb..ac88d4e5b52e454f33a4bff4e5b45bda53f113fe 100644 (file)
--- a/MANIFEST
+++ b/MANIFEST
@@ -389,6 +389,52 @@ plugins/sudoers/rcstr.c
 plugins/sudoers/redblack.c
 plugins/sudoers/redblack.h
 plugins/sudoers/regress/check_symbols/check_symbols.c
+plugins/sudoers/regress/cvtsudoers/sudoers
+plugins/sudoers/regress/cvtsudoers/sudoers.defs
+plugins/sudoers/regress/cvtsudoers/test1.out.ok
+plugins/sudoers/regress/cvtsudoers/test1.sh
+plugins/sudoers/regress/cvtsudoers/test10.out.ok
+plugins/sudoers/regress/cvtsudoers/test10.sh
+plugins/sudoers/regress/cvtsudoers/test11.out.ok
+plugins/sudoers/regress/cvtsudoers/test11.sh
+plugins/sudoers/regress/cvtsudoers/test12.out.ok
+plugins/sudoers/regress/cvtsudoers/test12.sh
+plugins/sudoers/regress/cvtsudoers/test13.out.ok
+plugins/sudoers/regress/cvtsudoers/test13.sh
+plugins/sudoers/regress/cvtsudoers/test14.out.ok
+plugins/sudoers/regress/cvtsudoers/test14.sh
+plugins/sudoers/regress/cvtsudoers/test15.out.ok
+plugins/sudoers/regress/cvtsudoers/test15.sh
+plugins/sudoers/regress/cvtsudoers/test16.out.ok
+plugins/sudoers/regress/cvtsudoers/test16.sh
+plugins/sudoers/regress/cvtsudoers/test17.out.ok
+plugins/sudoers/regress/cvtsudoers/test17.sh
+plugins/sudoers/regress/cvtsudoers/test18.out.ok
+plugins/sudoers/regress/cvtsudoers/test18.sh
+plugins/sudoers/regress/cvtsudoers/test19.out.ok
+plugins/sudoers/regress/cvtsudoers/test19.sh
+plugins/sudoers/regress/cvtsudoers/test2.out.ok
+plugins/sudoers/regress/cvtsudoers/test2.sh
+plugins/sudoers/regress/cvtsudoers/test20.conf
+plugins/sudoers/regress/cvtsudoers/test20.out.ok
+plugins/sudoers/regress/cvtsudoers/test20.sh
+plugins/sudoers/regress/cvtsudoers/test21.conf
+plugins/sudoers/regress/cvtsudoers/test21.out.ok
+plugins/sudoers/regress/cvtsudoers/test21.sh
+plugins/sudoers/regress/cvtsudoers/test3.out.ok
+plugins/sudoers/regress/cvtsudoers/test3.sh
+plugins/sudoers/regress/cvtsudoers/test4.out.ok
+plugins/sudoers/regress/cvtsudoers/test4.sh
+plugins/sudoers/regress/cvtsudoers/test5.out.ok
+plugins/sudoers/regress/cvtsudoers/test5.sh
+plugins/sudoers/regress/cvtsudoers/test6.out.ok
+plugins/sudoers/regress/cvtsudoers/test6.sh
+plugins/sudoers/regress/cvtsudoers/test7.out.ok
+plugins/sudoers/regress/cvtsudoers/test7.sh
+plugins/sudoers/regress/cvtsudoers/test8.out.ok
+plugins/sudoers/regress/cvtsudoers/test8.sh
+plugins/sudoers/regress/cvtsudoers/test9.out.ok
+plugins/sudoers/regress/cvtsudoers/test9.sh
 plugins/sudoers/regress/env_match/check_env_pattern.c
 plugins/sudoers/regress/env_match/data
 plugins/sudoers/regress/iolog_path/check_iolog_path.c
index 8ad6fa03833c0abb7760afeb4744b1842b79d791..4d950958fa11b60e9edc47d5f79fc81982673f07 100644 (file)
@@ -47,7 +47,7 @@ Cmnd_Alias    DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
                        /usr/sbin/rrestore, /usr/bin/mt, \
                        sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
                        /home/operator/bin/start_backups
-Cmnd_Alias     KILL = /usr/bin/kill
+Cmnd_Alias     KILL = /usr/bin/kill, /usr/bin/top
 Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
 Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
 Cmnd_Alias     HALT = /usr/sbin/halt
index 556f943aa45c89470de608fd9880a5caebf6df05..a095a8d643adc92c0ab8a7a28e1645cb5780bf62 100644 (file)
@@ -392,7 +392,7 @@ splint:
 cppcheck:
        cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c
 
-check: $(TEST_PROGS) visudo testsudoers
+check: $(TEST_PROGS) visudo testsudoers cvtsudoers
        @if test X"$(cross_compiling)" != X"yes"; then \
            LC_ALL=C; export LC_ALL; \
            unset LANG || LANG=; \
@@ -500,7 +500,7 @@ check: $(TEST_PROGS) visudo testsudoers
            if test $$failed -ne 0; then \
                rval=`expr $$rval + $$failed`; \
            fi; \
-           for dir in testsudoers visudo; do \
+           for dir in testsudoers visudo cvtsudoers; do \
                mkdir -p regress/$$dir; \
                passed=0; failed=0; total=0; \
                for t in $(srcdir)/regress/$$dir/*.sh; do \
diff --git a/plugins/sudoers/regress/cvtsudoers/sudoers b/plugins/sudoers/regress/cvtsudoers/sudoers
new file mode 100644 (file)
index 0000000..6f66083
--- /dev/null
@@ -0,0 +1,126 @@
+#
+# Sample /etc/sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+
+##
+# Override built-in defaults
+##
+Defaults               syslog=auth
+Defaults>root          !set_logname
+Defaults:FULLTIMERS    !lecture
+Defaults:millert       !authenticate
+Defaults@SERVERS       log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS                noexec
+
+##
+# User alias specification
+##
+User_Alias     FULLTIMERS = millert, mikef, dowdy
+User_Alias     PARTTIMERS = bostley, jwfox, crawl
+User_Alias     WEBMASTERS = will, wendy, wim
+
+##
+# Runas alias specification
+##
+Runas_Alias    OP = root, operator
+Runas_Alias    DB = oracle, sybase
+
+##
+# Host alias specification
+##
+Host_Alias     SPARC = bigtime, eclipse, moet, anchor:\
+               SGI = grolsch, dandelion, black:\
+               ALPHA = widget, thalamus, foobar:\
+               HPPA = boa, nag, python
+Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
+Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+Host_Alias     SERVERS = master, mail, www, ns
+Host_Alias     CDROM = orion, perseus, hercules
+
+##
+# Cmnd alias specification
+##
+Cmnd_Alias     DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+                       /usr/sbin/rrestore, /usr/bin/mt, \
+                       sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+                       /home/operator/bin/start_backups
+Cmnd_Alias     KILL = /usr/bin/kill, /usr/bin/top
+Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias     HALT = /usr/sbin/halt
+Cmnd_Alias     REBOOT = /usr/sbin/reboot
+Cmnd_Alias     SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+                        /usr/local/bin/tcsh, /usr/bin/rsh, \
+                        /usr/local/bin/zsh
+Cmnd_Alias     SU = /usr/bin/su
+Cmnd_Alias     VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+                      /usr/bin/chfn
+Cmnd_Alias     PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+##
+# User specification
+##
+
+# root and users in group wheel can run anything on any machine as any user
+root           ALL = (ALL) ALL
+%wheel         ALL = (ALL) ALL
+
+# full time sysadmins can run anything on any machine without a password
+FULLTIMERS     ALL = NOPASSWD: ALL
+
+# part time sysadmins may run anything but need a password
+PARTTIMERS     ALL = ALL
+
+# jack may run anything on machines in CSNETS
+jack           CSNETS = ALL
+
+# lisa may run any command on any host in CUNETS (a class B network)
+lisa           CUNETS = ALL
+
+# operator may run maintenance commands and anything in /usr/oper/bin/
+operator       ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+               sudoedit /etc/printcap, /usr/oper/bin/
+
+# joe may su only to operator
+joe            ALL = /usr/bin/su operator
+
+# pete may change passwords for anyone but root on the hp snakes
+pete           HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root*
+
+# bob may run anything on the sparc and sgi machines as any user
+# listed in the Runas_Alias "OP" (ie: root and operator)
+bob            SPARC = (OP) ALL : SGI = (OP) ALL
+
+# fred can run commands as oracle or sybase without a password
+fred           ALL = (DB) NOPASSWD: ALL
+
+# on the alphas, john may su to anyone but root and flags are not allowed
+john           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+# jen can run anything on all machines except the ones
+# in the "SERVERS" Host_Alias
+jen            ALL, !SERVERS = ALL
+
+# jill can run any commands in the directory /usr/bin/, except for
+# those in the SU and SHELLS aliases.
+jill           SERVERS = /usr/bin/, !SU, !SHELLS
+
+# steve can run any command in the directory /usr/local/op_commands/
+# as user operator.
+steve          CSNETS = (operator) /usr/local/op_commands/
+
+# matt needs to be able to kill things on his workstation when
+# they get hung.
+matt           valkyrie = KILL
+
+# users in the WEBMASTERS User_Alias (will, wendy, and wim)
+# may run any command as user www (which owns the web pages)
+# or simply su to www.
+WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www
+
+# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
+ALL            CDROM = NOPASSWD: /sbin/umount /CDROM,\
+               /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
diff --git a/plugins/sudoers/regress/cvtsudoers/sudoers.defs b/plugins/sudoers/regress/cvtsudoers/sudoers.defs
new file mode 100755 (executable)
index 0000000..c6bfa93
--- /dev/null
@@ -0,0 +1,19 @@
+Defaults               syslog=auth
+Defaults>ROOT          !set_logname
+Defaults:FULLTIMERS    !lecture
+Defaults:millert       !authenticate
+Defaults@SERVERS       log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS                noexec
+
+User_Alias     FULLTIMERS = millert, mikef, dowdy
+User_Alias     PARTTIMERS = bostley, jwfox, crawl
+
+Host_Alias     SERVERS = master, mail, www, ns
+Host_Alias     CDROM = orion, perseus, hercules
+
+Cmnd_Alias     VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+                      /usr/bin/chfn
+Cmnd_Alias     PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+Runas_Alias    ROOT = root, toor
+Runas_Alias    OPERATOR = operator, backup
diff --git a/plugins/sudoers/regress/cvtsudoers/test1.out.ok b/plugins/sudoers/regress/cvtsudoers/test1.out.ok
new file mode 100644 (file)
index 0000000..da3f555
--- /dev/null
@@ -0,0 +1,14 @@
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+Defaults!PAGERS noexec
+
+Host_Alias CDROM = orion, perseus, hercules
+User_Alias FULLTIMERS = millert, mikef, dowdy
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+FULLTIMERS ALL = NOPASSWD: ALL
+
+ALL CDROM = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o nosuid\,nodev\
+    /dev/cd0a /CDROM
diff --git a/plugins/sudoers/regress/cvtsudoers/test1.sh b/plugins/sudoers/regress/cvtsudoers/test1.sh
new file mode 100755 (executable)
index 0000000..e2ff3cf
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test user and host filters
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -m user=millert,host=hercules $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test10.out.ok b/plugins/sudoers/regress/cvtsudoers/test10.out.ok
new file mode 100644 (file)
index 0000000..26a05d2
--- /dev/null
@@ -0,0 +1 @@
+Defaults!PAGERS noexec
diff --git a/plugins/sudoers/regress/cvtsudoers/test10.sh b/plugins/sudoers/regress/cvtsudoers/test10.sh
new file mode 100755 (executable)
index 0000000..25df83c
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test command defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d command $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test11.out.ok b/plugins/sudoers/regress/cvtsudoers/test11.out.ok
new file mode 100644 (file)
index 0000000..5c4c4e8
--- /dev/null
@@ -0,0 +1,7 @@
+Defaults!PAGERS noexec
+
+Host_Alias CDROM = orion, perseus, hercules
+Runas_Alias OPERATOR = operator, backup
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
diff --git a/plugins/sudoers/regress/cvtsudoers/test11.sh b/plugins/sudoers/regress/cvtsudoers/test11.sh
new file mode 100755 (executable)
index 0000000..1466689
--- /dev/null
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d command $TESTDIR/sudoers.defs
diff --git a/plugins/sudoers/regress/cvtsudoers/test12.out.ok b/plugins/sudoers/regress/cvtsudoers/test12.out.ok
new file mode 100644 (file)
index 0000000..7f2b15e
--- /dev/null
@@ -0,0 +1,8 @@
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+
+Host_Alias CDROM = orion, perseus, hercules
+User_Alias FULLTIMERS = millert, mikef, dowdy
+Runas_Alias OPERATOR = operator, backup
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
diff --git a/plugins/sudoers/regress/cvtsudoers/test12.sh b/plugins/sudoers/regress/cvtsudoers/test12.sh
new file mode 100755 (executable)
index 0000000..ea0f6bc
--- /dev/null
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d user $TESTDIR/sudoers.defs
diff --git a/plugins/sudoers/regress/cvtsudoers/test13.out.ok b/plugins/sudoers/regress/cvtsudoers/test13.out.ok
new file mode 100644 (file)
index 0000000..791dcba
--- /dev/null
@@ -0,0 +1,7 @@
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+
+Host_Alias CDROM = orion, perseus, hercules
+Runas_Alias OPERATOR = operator, backup
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Host_Alias SERVERS = master, mail, www, ns
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
diff --git a/plugins/sudoers/regress/cvtsudoers/test13.sh b/plugins/sudoers/regress/cvtsudoers/test13.sh
new file mode 100755 (executable)
index 0000000..4dd4750
--- /dev/null
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d host $TESTDIR/sudoers.defs
diff --git a/plugins/sudoers/regress/cvtsudoers/test14.out.ok b/plugins/sudoers/regress/cvtsudoers/test14.out.ok
new file mode 100644 (file)
index 0000000..3f7710a
--- /dev/null
@@ -0,0 +1,7 @@
+Defaults>ROOT !set_logname
+
+Host_Alias CDROM = orion, perseus, hercules
+Runas_Alias OPERATOR = operator, backup
+User_Alias PARTTIMERS = bostley, jwfox, crawl
+Runas_Alias ROOT = root, toor
+Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn
diff --git a/plugins/sudoers/regress/cvtsudoers/test14.sh b/plugins/sudoers/regress/cvtsudoers/test14.sh
new file mode 100755 (executable)
index 0000000..3f31076
--- /dev/null
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# Test that Aliases are removed when filtering by defaults type
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -d runas $TESTDIR/sudoers.defs
diff --git a/plugins/sudoers/regress/cvtsudoers/test15.out.ok b/plugins/sudoers/regress/cvtsudoers/test15.out.ok
new file mode 100644 (file)
index 0000000..5177139
--- /dev/null
@@ -0,0 +1 @@
+user1 host1, host2, host3 = ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test15.sh b/plugins/sudoers/regress/cvtsudoers/test15.sh
new file mode 100755 (executable)
index 0000000..04a2788
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m user=user1 <<EOF
+user1, user2, user3, %group1 host1, host2, host3 = ALL
+EOF
diff --git a/plugins/sudoers/regress/cvtsudoers/test16.out.ok b/plugins/sudoers/regress/cvtsudoers/test16.out.ok
new file mode 100644 (file)
index 0000000..38359b1
--- /dev/null
@@ -0,0 +1 @@
+user2 host2 = ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test16.sh b/plugins/sudoers/regress/cvtsudoers/test16.sh
new file mode 100755 (executable)
index 0000000..712cdeb
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m user=user2,host=host2 <<EOF
+user1, user2, user3, %group1 host1, host2, host3 = ALL
+EOF
diff --git a/plugins/sudoers/regress/cvtsudoers/test17.out.ok b/plugins/sudoers/regress/cvtsudoers/test17.out.ok
new file mode 100644 (file)
index 0000000..d35dd06
--- /dev/null
@@ -0,0 +1 @@
+%group1 host1 = ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test17.sh b/plugins/sudoers/regress/cvtsudoers/test17.sh
new file mode 100755 (executable)
index 0000000..9892de4
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m group=group1,host=host1 <<EOF
+user1, user2, user3, %group1 host1, host2, host3 = ALL
+EOF
diff --git a/plugins/sudoers/regress/cvtsudoers/test18.out.ok b/plugins/sudoers/regress/cvtsudoers/test18.out.ok
new file mode 100644 (file)
index 0000000..3055452
--- /dev/null
@@ -0,0 +1 @@
+%group1 ALL = ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test18.sh b/plugins/sudoers/regress/cvtsudoers/test18.sh
new file mode 100755 (executable)
index 0000000..5ce7c88
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test filters and pruning
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m group=group1,host=somehost <<EOF
+user1, user2, user3, %group1 ALL = ALL
+EOF
diff --git a/plugins/sudoers/regress/cvtsudoers/test19.out.ok b/plugins/sudoers/regress/cvtsudoers/test19.out.ok
new file mode 100644 (file)
index 0000000..a36b949
--- /dev/null
@@ -0,0 +1,11 @@
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS noexec
+
+User_Alias FULLTIMERS = millert, mikef, dowdy
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+Host_Alias SERVERS = master, mail, www, ns
+
+FULLTIMERS ALL = NOPASSWD: ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test19.sh b/plugins/sudoers/regress/cvtsudoers/test19.sh
new file mode 100755 (executable)
index 0000000..f434f2a
--- /dev/null
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# Test filters and pruning; alias contents don't get pruned
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -p -m user=FULLTIMERS,host=SERVERS $TESTDIR/sudoers
diff --git a/plugins/sudoers/regress/cvtsudoers/test2.out.ok b/plugins/sudoers/regress/cvtsudoers/test2.out.ok
new file mode 100644 (file)
index 0000000..d99e0e5
--- /dev/null
@@ -0,0 +1,10 @@
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:millert, mikef, dowdy !lecture
+Defaults:millert !authenticate
+Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec
+
+millert, mikef, dowdy ALL = NOPASSWD: ALL
+
+ALL orion, perseus, hercules = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o\
+    nosuid\,nodev /dev/cd0a /CDROM
diff --git a/plugins/sudoers/regress/cvtsudoers/test2.sh b/plugins/sudoers/regress/cvtsudoers/test2.sh
new file mode 100755 (executable)
index 0000000..e7f19f6
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test user and host filters, expanding aliases
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -e -m user=millert,host=hercules $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test20.conf b/plugins/sudoers/regress/cvtsudoers/test20.conf
new file mode 100644 (file)
index 0000000..b60725c
--- /dev/null
@@ -0,0 +1,6 @@
+defaults = global
+expand_aliases = yes
+input_format = sudoers
+match = user=user2
+output_format = sudoers                                     
+prune_matches = yes
diff --git a/plugins/sudoers/regress/cvtsudoers/test20.out.ok b/plugins/sudoers/regress/cvtsudoers/test20.out.ok
new file mode 100644 (file)
index 0000000..79b420b
--- /dev/null
@@ -0,0 +1 @@
+user2 ALL = /usr/bin/id
diff --git a/plugins/sudoers/regress/cvtsudoers/test20.sh b/plugins/sudoers/regress/cvtsudoers/test20.sh
new file mode 100755 (executable)
index 0000000..e7214e2
--- /dev/null
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# Test cvtsudoers.conf
+#
+
+exec 2>&1
+./cvtsudoers -c $TESTDIR/test20.conf <<EOF
+Defaults:SOMEUSERS authenticate, timestamp_timeout=0
+User_Alias SOMEUSERS = user1, user2, user3
+
+SOMEUSERS ALL = /usr/bin/id
+EOF
diff --git a/plugins/sudoers/regress/cvtsudoers/test21.conf b/plugins/sudoers/regress/cvtsudoers/test21.conf
new file mode 100644 (file)
index 0000000..01fd3a3
--- /dev/null
@@ -0,0 +1,8 @@
+defaults = all
+expand_aliases = no
+input_format = sudoers
+order_increment = 10
+order_start = 1000
+output_format = ldif                                     
+sudoers_base = ou=SUDOers,dc=my-domain,dc=com
+suppress = defaults
diff --git a/plugins/sudoers/regress/cvtsudoers/test21.out.ok b/plugins/sudoers/regress/cvtsudoers/test21.out.ok
new file mode 100644 (file)
index 0000000..78285f1
--- /dev/null
@@ -0,0 +1,24 @@
+dn: cn=ALL,ou=SUDOers,dc=my-domain,dc=com
+objectClass: top
+objectClass: sudoRole
+cn: ALL
+sudoUser: ALL
+sudoHost: ALL
+sudoRunAsUser:
+sudoOption: !authenticate
+sudoCommand: /usr/bin/id
+sudoOrder: 1000
+
+dn: cn=FULLTIMERS,ou=SUDOers,dc=my-domain,dc=com
+objectClass: top
+objectClass: sudoRole
+cn: FULLTIMERS
+sudoUser: user1
+sudoUser: user2
+sudoUser: user3
+sudoHost: ALL
+sudoRunAsUser: ALL
+sudoRunAsGroup: ALL
+sudoCommand: ALL
+sudoOrder: 1010
+
diff --git a/plugins/sudoers/regress/cvtsudoers/test21.sh b/plugins/sudoers/regress/cvtsudoers/test21.sh
new file mode 100755 (executable)
index 0000000..66c18b6
--- /dev/null
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Test cvtsudoers.conf
+#
+
+exec 2>&1
+./cvtsudoers -c $TESTDIR/test21.conf <<EOF
+Defaults authenticate, timestamp_timeout=0
+User_Alias FULLTIMERS = user1, user2, user3
+
+ALL ALL = (:) NOPASSWD:/usr/bin/id
+FULLTIMERS ALL = (ALL:ALL) ALL
+EOF
diff --git a/plugins/sudoers/regress/cvtsudoers/test3.out.ok b/plugins/sudoers/regress/cvtsudoers/test3.out.ok
new file mode 100644 (file)
index 0000000..8a37975
--- /dev/null
@@ -0,0 +1,7 @@
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults!PAGERS noexec
+
+Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+%wheel ALL = (ALL) ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test3.sh b/plugins/sudoers/regress/cvtsudoers/test3.sh
new file mode 100755 (executable)
index 0000000..472d252
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test group and host filters
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -m group=wheel,host=blackhole $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test4.out.ok b/plugins/sudoers/regress/cvtsudoers/test4.out.ok
new file mode 100644 (file)
index 0000000..f8e7d2e
--- /dev/null
@@ -0,0 +1,5 @@
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec
+
+%wheel ALL = (ALL) ALL
diff --git a/plugins/sudoers/regress/cvtsudoers/test4.sh b/plugins/sudoers/regress/cvtsudoers/test4.sh
new file mode 100755 (executable)
index 0000000..17c2a25
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test group and host filters, expanding aliases
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -e -m group=wheel,host=blackhole $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test5.out.ok b/plugins/sudoers/regress/cvtsudoers/test5.out.ok
new file mode 100644 (file)
index 0000000..d209fdf
--- /dev/null
@@ -0,0 +1,6 @@
+Defaults syslog=auth
+Defaults>root !set_logname
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS noexec
diff --git a/plugins/sudoers/regress/cvtsudoers/test5.sh b/plugins/sudoers/regress/cvtsudoers/test5.sh
new file mode 100755 (executable)
index 0000000..1c41772
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test defaults type filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d all $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test6.out.ok b/plugins/sudoers/regress/cvtsudoers/test6.out.ok
new file mode 100644 (file)
index 0000000..5e65e61
--- /dev/null
@@ -0,0 +1 @@
+Defaults syslog=auth
diff --git a/plugins/sudoers/regress/cvtsudoers/test6.sh b/plugins/sudoers/regress/cvtsudoers/test6.sh
new file mode 100755 (executable)
index 0000000..289fad9
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test global defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d global $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test7.out.ok b/plugins/sudoers/regress/cvtsudoers/test7.out.ok
new file mode 100644 (file)
index 0000000..381de43
--- /dev/null
@@ -0,0 +1,2 @@
+Defaults:FULLTIMERS !lecture
+Defaults:millert !authenticate
diff --git a/plugins/sudoers/regress/cvtsudoers/test7.sh b/plugins/sudoers/regress/cvtsudoers/test7.sh
new file mode 100755 (executable)
index 0000000..63af529
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test user defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d user $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test8.out.ok b/plugins/sudoers/regress/cvtsudoers/test8.out.ok
new file mode 100644 (file)
index 0000000..7079ee0
--- /dev/null
@@ -0,0 +1 @@
+Defaults>root !set_logname
diff --git a/plugins/sudoers/regress/cvtsudoers/test8.sh b/plugins/sudoers/regress/cvtsudoers/test8.sh
new file mode 100755 (executable)
index 0000000..785e0b5
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test runas defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d runas $TESTDIR/sudoers
+
+exit 0
diff --git a/plugins/sudoers/regress/cvtsudoers/test9.out.ok b/plugins/sudoers/regress/cvtsudoers/test9.out.ok
new file mode 100644 (file)
index 0000000..d2a39c4
--- /dev/null
@@ -0,0 +1 @@
+Defaults@SERVERS log_year, logfile=/var/log/sudo.log
diff --git a/plugins/sudoers/regress/cvtsudoers/test9.sh b/plugins/sudoers/regress/cvtsudoers/test9.sh
new file mode 100755 (executable)
index 0000000..de64a48
--- /dev/null
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# Test host defaults filtering
+#
+
+exec 2>&1
+./cvtsudoers -c "" -f sudoers -s aliases,privileges -d host $TESTDIR/sudoers
+
+exit 0