From: Todd C. Miller Date: Sun, 15 Apr 2018 14:14:46 +0000 (-0600) Subject: cvtsudoers regress tests X-Git-Tag: SUDO_1_8_23^2~29 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4be8aba9f847a3a97244fe11bfb7fe90cbc7f6df;p=sudo cvtsudoers regress tests --- diff --git a/MANIFEST b/MANIFEST index 9df440f52..ac88d4e5b 100644 --- a/MANIFEST +++ b/MANIFEST @@ -389,6 +389,52 @@ plugins/sudoers/rcstr.c plugins/sudoers/redblack.c plugins/sudoers/redblack.h plugins/sudoers/regress/check_symbols/check_symbols.c +plugins/sudoers/regress/cvtsudoers/sudoers +plugins/sudoers/regress/cvtsudoers/sudoers.defs +plugins/sudoers/regress/cvtsudoers/test1.out.ok +plugins/sudoers/regress/cvtsudoers/test1.sh +plugins/sudoers/regress/cvtsudoers/test10.out.ok +plugins/sudoers/regress/cvtsudoers/test10.sh +plugins/sudoers/regress/cvtsudoers/test11.out.ok +plugins/sudoers/regress/cvtsudoers/test11.sh +plugins/sudoers/regress/cvtsudoers/test12.out.ok +plugins/sudoers/regress/cvtsudoers/test12.sh +plugins/sudoers/regress/cvtsudoers/test13.out.ok +plugins/sudoers/regress/cvtsudoers/test13.sh +plugins/sudoers/regress/cvtsudoers/test14.out.ok +plugins/sudoers/regress/cvtsudoers/test14.sh +plugins/sudoers/regress/cvtsudoers/test15.out.ok +plugins/sudoers/regress/cvtsudoers/test15.sh +plugins/sudoers/regress/cvtsudoers/test16.out.ok +plugins/sudoers/regress/cvtsudoers/test16.sh +plugins/sudoers/regress/cvtsudoers/test17.out.ok +plugins/sudoers/regress/cvtsudoers/test17.sh +plugins/sudoers/regress/cvtsudoers/test18.out.ok +plugins/sudoers/regress/cvtsudoers/test18.sh +plugins/sudoers/regress/cvtsudoers/test19.out.ok +plugins/sudoers/regress/cvtsudoers/test19.sh +plugins/sudoers/regress/cvtsudoers/test2.out.ok +plugins/sudoers/regress/cvtsudoers/test2.sh +plugins/sudoers/regress/cvtsudoers/test20.conf +plugins/sudoers/regress/cvtsudoers/test20.out.ok +plugins/sudoers/regress/cvtsudoers/test20.sh +plugins/sudoers/regress/cvtsudoers/test21.conf +plugins/sudoers/regress/cvtsudoers/test21.out.ok +plugins/sudoers/regress/cvtsudoers/test21.sh +plugins/sudoers/regress/cvtsudoers/test3.out.ok +plugins/sudoers/regress/cvtsudoers/test3.sh +plugins/sudoers/regress/cvtsudoers/test4.out.ok +plugins/sudoers/regress/cvtsudoers/test4.sh +plugins/sudoers/regress/cvtsudoers/test5.out.ok +plugins/sudoers/regress/cvtsudoers/test5.sh +plugins/sudoers/regress/cvtsudoers/test6.out.ok +plugins/sudoers/regress/cvtsudoers/test6.sh +plugins/sudoers/regress/cvtsudoers/test7.out.ok +plugins/sudoers/regress/cvtsudoers/test7.sh +plugins/sudoers/regress/cvtsudoers/test8.out.ok +plugins/sudoers/regress/cvtsudoers/test8.sh +plugins/sudoers/regress/cvtsudoers/test9.out.ok +plugins/sudoers/regress/cvtsudoers/test9.sh plugins/sudoers/regress/env_match/check_env_pattern.c plugins/sudoers/regress/env_match/data plugins/sudoers/regress/iolog_path/check_iolog_path.c diff --git a/examples/sudoers b/examples/sudoers index 8ad6fa038..4d950958f 100644 --- a/examples/sudoers +++ b/examples/sudoers @@ -47,7 +47,7 @@ Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ /usr/sbin/rrestore, /usr/bin/mt, \ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ /home/operator/bin/start_backups -Cmnd_Alias KILL = /usr/bin/kill +Cmnd_Alias KILL = /usr/bin/kill, /usr/bin/top Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown Cmnd_Alias HALT = /usr/sbin/halt diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 556f943aa..a095a8d64 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -392,7 +392,7 @@ splint: cppcheck: cppcheck $(CPPCHECK_OPTS) -I$(incdir) -I$(top_builddir) -I$(devdir) -I$(srcdir) -I$(top_srcdir) $(srcdir)/*.c $(srcdir)/auth/*.c -check: $(TEST_PROGS) visudo testsudoers +check: $(TEST_PROGS) visudo testsudoers cvtsudoers @if test X"$(cross_compiling)" != X"yes"; then \ LC_ALL=C; export LC_ALL; \ unset LANG || LANG=; \ @@ -500,7 +500,7 @@ check: $(TEST_PROGS) visudo testsudoers if test $$failed -ne 0; then \ rval=`expr $$rval + $$failed`; \ fi; \ - for dir in testsudoers visudo; do \ + for dir in testsudoers visudo cvtsudoers; do \ mkdir -p regress/$$dir; \ passed=0; failed=0; total=0; \ for t in $(srcdir)/regress/$$dir/*.sh; do \ diff --git a/plugins/sudoers/regress/cvtsudoers/sudoers b/plugins/sudoers/regress/cvtsudoers/sudoers new file mode 100644 index 000000000..6f6608380 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/sudoers @@ -0,0 +1,126 @@ +# +# Sample /etc/sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# +# See the sudoers man page for the details on how to write a sudoers file. + +## +# Override built-in defaults +## +Defaults syslog=auth +Defaults>root !set_logname +Defaults:FULLTIMERS !lecture +Defaults:millert !authenticate +Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults!PAGERS noexec + +## +# User alias specification +## +User_Alias FULLTIMERS = millert, mikef, dowdy +User_Alias PARTTIMERS = bostley, jwfox, crawl +User_Alias WEBMASTERS = will, wendy, wim + +## +# Runas alias specification +## +Runas_Alias OP = root, operator +Runas_Alias DB = oracle, sybase + +## +# Host alias specification +## +Host_Alias SPARC = bigtime, eclipse, moet, anchor:\ + SGI = grolsch, dandelion, black:\ + ALPHA = widget, thalamus, foobar:\ + HPPA = boa, nag, python +Host_Alias CUNETS = 128.138.0.0/255.255.0.0 +Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0 +Host_Alias SERVERS = master, mail, www, ns +Host_Alias CDROM = orion, perseus, hercules + +## +# Cmnd alias specification +## +Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \ + /usr/sbin/rrestore, /usr/bin/mt, \ + sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \ + /home/operator/bin/start_backups +Cmnd_Alias KILL = /usr/bin/kill, /usr/bin/top +Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm +Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown +Cmnd_Alias HALT = /usr/sbin/halt +Cmnd_Alias REBOOT = /usr/sbin/reboot +Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \ + /usr/local/bin/tcsh, /usr/bin/rsh, \ + /usr/local/bin/zsh +Cmnd_Alias SU = /usr/bin/su +Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ + /usr/bin/chfn +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less + +## +# User specification +## + +# root and users in group wheel can run anything on any machine as any user +root ALL = (ALL) ALL +%wheel ALL = (ALL) ALL + +# full time sysadmins can run anything on any machine without a password +FULLTIMERS ALL = NOPASSWD: ALL + +# part time sysadmins may run anything but need a password +PARTTIMERS ALL = ALL + +# jack may run anything on machines in CSNETS +jack CSNETS = ALL + +# lisa may run any command on any host in CUNETS (a class B network) +lisa CUNETS = ALL + +# operator may run maintenance commands and anything in /usr/oper/bin/ +operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\ + sudoedit /etc/printcap, /usr/oper/bin/ + +# joe may su only to operator +joe ALL = /usr/bin/su operator + +# pete may change passwords for anyone but root on the hp snakes +pete HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd *root* + +# bob may run anything on the sparc and sgi machines as any user +# listed in the Runas_Alias "OP" (ie: root and operator) +bob SPARC = (OP) ALL : SGI = (OP) ALL + +# fred can run commands as oracle or sybase without a password +fred ALL = (DB) NOPASSWD: ALL + +# on the alphas, john may su to anyone but root and flags are not allowed +john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* + +# jen can run anything on all machines except the ones +# in the "SERVERS" Host_Alias +jen ALL, !SERVERS = ALL + +# jill can run any commands in the directory /usr/bin/, except for +# those in the SU and SHELLS aliases. +jill SERVERS = /usr/bin/, !SU, !SHELLS + +# steve can run any command in the directory /usr/local/op_commands/ +# as user operator. +steve CSNETS = (operator) /usr/local/op_commands/ + +# matt needs to be able to kill things on his workstation when +# they get hung. +matt valkyrie = KILL + +# users in the WEBMASTERS User_Alias (will, wendy, and wim) +# may run any command as user www (which owns the web pages) +# or simply su to www. +WEBMASTERS www = (www) ALL, (root) /usr/bin/su www + +# anyone can mount/unmount a cd-rom on the machines in the CDROM alias +ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\ + /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM diff --git a/plugins/sudoers/regress/cvtsudoers/sudoers.defs b/plugins/sudoers/regress/cvtsudoers/sudoers.defs new file mode 100755 index 000000000..c6bfa930e --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/sudoers.defs @@ -0,0 +1,19 @@ +Defaults syslog=auth +Defaults>ROOT !set_logname +Defaults:FULLTIMERS !lecture +Defaults:millert !authenticate +Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults!PAGERS noexec + +User_Alias FULLTIMERS = millert, mikef, dowdy +User_Alias PARTTIMERS = bostley, jwfox, crawl + +Host_Alias SERVERS = master, mail, www, ns +Host_Alias CDROM = orion, perseus, hercules + +Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ + /usr/bin/chfn +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less + +Runas_Alias ROOT = root, toor +Runas_Alias OPERATOR = operator, backup diff --git a/plugins/sudoers/regress/cvtsudoers/test1.out.ok b/plugins/sudoers/regress/cvtsudoers/test1.out.ok new file mode 100644 index 000000000..da3f555aa --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test1.out.ok @@ -0,0 +1,14 @@ +Defaults syslog=auth +Defaults>root !set_logname +Defaults:FULLTIMERS !lecture +Defaults:millert !authenticate +Defaults!PAGERS noexec + +Host_Alias CDROM = orion, perseus, hercules +User_Alias FULLTIMERS = millert, mikef, dowdy +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less + +FULLTIMERS ALL = NOPASSWD: ALL + +ALL CDROM = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o nosuid\,nodev\ + /dev/cd0a /CDROM diff --git a/plugins/sudoers/regress/cvtsudoers/test1.sh b/plugins/sudoers/regress/cvtsudoers/test1.sh new file mode 100755 index 000000000..e2ff3cfd8 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test1.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test user and host filters +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -m user=millert,host=hercules $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test10.out.ok b/plugins/sudoers/regress/cvtsudoers/test10.out.ok new file mode 100644 index 000000000..26a05d221 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test10.out.ok @@ -0,0 +1 @@ +Defaults!PAGERS noexec diff --git a/plugins/sudoers/regress/cvtsudoers/test10.sh b/plugins/sudoers/regress/cvtsudoers/test10.sh new file mode 100755 index 000000000..25df83c26 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test10.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test command defaults filtering +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -s aliases,privileges -d command $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test11.out.ok b/plugins/sudoers/regress/cvtsudoers/test11.out.ok new file mode 100644 index 000000000..5c4c4e8e6 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test11.out.ok @@ -0,0 +1,7 @@ +Defaults!PAGERS noexec + +Host_Alias CDROM = orion, perseus, hercules +Runas_Alias OPERATOR = operator, backup +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less +User_Alias PARTTIMERS = bostley, jwfox, crawl +Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn diff --git a/plugins/sudoers/regress/cvtsudoers/test11.sh b/plugins/sudoers/regress/cvtsudoers/test11.sh new file mode 100755 index 000000000..1466689aa --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test11.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Test that Aliases are removed when filtering by defaults type +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -d command $TESTDIR/sudoers.defs diff --git a/plugins/sudoers/regress/cvtsudoers/test12.out.ok b/plugins/sudoers/regress/cvtsudoers/test12.out.ok new file mode 100644 index 000000000..7f2b15e4e --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test12.out.ok @@ -0,0 +1,8 @@ +Defaults:FULLTIMERS !lecture +Defaults:millert !authenticate + +Host_Alias CDROM = orion, perseus, hercules +User_Alias FULLTIMERS = millert, mikef, dowdy +Runas_Alias OPERATOR = operator, backup +User_Alias PARTTIMERS = bostley, jwfox, crawl +Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn diff --git a/plugins/sudoers/regress/cvtsudoers/test12.sh b/plugins/sudoers/regress/cvtsudoers/test12.sh new file mode 100755 index 000000000..ea0f6bcd3 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test12.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Test that Aliases are removed when filtering by defaults type +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -d user $TESTDIR/sudoers.defs diff --git a/plugins/sudoers/regress/cvtsudoers/test13.out.ok b/plugins/sudoers/regress/cvtsudoers/test13.out.ok new file mode 100644 index 000000000..791dcba7e --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test13.out.ok @@ -0,0 +1,7 @@ +Defaults@SERVERS log_year, logfile=/var/log/sudo.log + +Host_Alias CDROM = orion, perseus, hercules +Runas_Alias OPERATOR = operator, backup +User_Alias PARTTIMERS = bostley, jwfox, crawl +Host_Alias SERVERS = master, mail, www, ns +Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn diff --git a/plugins/sudoers/regress/cvtsudoers/test13.sh b/plugins/sudoers/regress/cvtsudoers/test13.sh new file mode 100755 index 000000000..4dd4750ca --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test13.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Test that Aliases are removed when filtering by defaults type +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -d host $TESTDIR/sudoers.defs diff --git a/plugins/sudoers/regress/cvtsudoers/test14.out.ok b/plugins/sudoers/regress/cvtsudoers/test14.out.ok new file mode 100644 index 000000000..3f7710a5f --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test14.out.ok @@ -0,0 +1,7 @@ +Defaults>ROOT !set_logname + +Host_Alias CDROM = orion, perseus, hercules +Runas_Alias OPERATOR = operator, backup +User_Alias PARTTIMERS = bostley, jwfox, crawl +Runas_Alias ROOT = root, toor +Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn diff --git a/plugins/sudoers/regress/cvtsudoers/test14.sh b/plugins/sudoers/regress/cvtsudoers/test14.sh new file mode 100755 index 000000000..3f310760e --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test14.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Test that Aliases are removed when filtering by defaults type +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -d runas $TESTDIR/sudoers.defs diff --git a/plugins/sudoers/regress/cvtsudoers/test15.out.ok b/plugins/sudoers/regress/cvtsudoers/test15.out.ok new file mode 100644 index 000000000..517713932 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test15.out.ok @@ -0,0 +1 @@ +user1 host1, host2, host3 = ALL diff --git a/plugins/sudoers/regress/cvtsudoers/test15.sh b/plugins/sudoers/regress/cvtsudoers/test15.sh new file mode 100755 index 000000000..04a278829 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test15.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test filters and pruning +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -p -m user=user1 <&1 +./cvtsudoers -c "" -f sudoers -p -m user=user2,host=host2 <&1 +./cvtsudoers -c "" -f sudoers -p -m group=group1,host=host1 <&1 +./cvtsudoers -c "" -f sudoers -p -m group=group1,host=somehost <root !set_logname +Defaults:FULLTIMERS !lecture +Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults!PAGERS noexec + +User_Alias FULLTIMERS = millert, mikef, dowdy +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less +Host_Alias SERVERS = master, mail, www, ns + +FULLTIMERS ALL = NOPASSWD: ALL diff --git a/plugins/sudoers/regress/cvtsudoers/test19.sh b/plugins/sudoers/regress/cvtsudoers/test19.sh new file mode 100755 index 000000000..f434f2a3f --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test19.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Test filters and pruning; alias contents don't get pruned +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -p -m user=FULLTIMERS,host=SERVERS $TESTDIR/sudoers diff --git a/plugins/sudoers/regress/cvtsudoers/test2.out.ok b/plugins/sudoers/regress/cvtsudoers/test2.out.ok new file mode 100644 index 000000000..d99e0e558 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test2.out.ok @@ -0,0 +1,10 @@ +Defaults syslog=auth +Defaults>root !set_logname +Defaults:millert, mikef, dowdy !lecture +Defaults:millert !authenticate +Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + +millert, mikef, dowdy ALL = NOPASSWD: ALL + +ALL orion, perseus, hercules = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o\ + nosuid\,nodev /dev/cd0a /CDROM diff --git a/plugins/sudoers/regress/cvtsudoers/test2.sh b/plugins/sudoers/regress/cvtsudoers/test2.sh new file mode 100755 index 000000000..e7f19f684 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test2.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test user and host filters, expanding aliases +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -e -m user=millert,host=hercules $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test20.conf b/plugins/sudoers/regress/cvtsudoers/test20.conf new file mode 100644 index 000000000..b60725c69 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test20.conf @@ -0,0 +1,6 @@ +defaults = global +expand_aliases = yes +input_format = sudoers +match = user=user2 +output_format = sudoers +prune_matches = yes diff --git a/plugins/sudoers/regress/cvtsudoers/test20.out.ok b/plugins/sudoers/regress/cvtsudoers/test20.out.ok new file mode 100644 index 000000000..79b420b71 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test20.out.ok @@ -0,0 +1 @@ +user2 ALL = /usr/bin/id diff --git a/plugins/sudoers/regress/cvtsudoers/test20.sh b/plugins/sudoers/regress/cvtsudoers/test20.sh new file mode 100755 index 000000000..e7214e2dc --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test20.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Test cvtsudoers.conf +# + +exec 2>&1 +./cvtsudoers -c $TESTDIR/test20.conf <&1 +./cvtsudoers -c $TESTDIR/test21.conf <root !set_logname +Defaults!PAGERS noexec + +Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less + +%wheel ALL = (ALL) ALL diff --git a/plugins/sudoers/regress/cvtsudoers/test3.sh b/plugins/sudoers/regress/cvtsudoers/test3.sh new file mode 100755 index 000000000..472d25238 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test3.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test group and host filters +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -m group=wheel,host=blackhole $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test4.out.ok b/plugins/sudoers/regress/cvtsudoers/test4.out.ok new file mode 100644 index 000000000..f8e7d2e86 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test4.out.ok @@ -0,0 +1,5 @@ +Defaults syslog=auth +Defaults>root !set_logname +Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec + +%wheel ALL = (ALL) ALL diff --git a/plugins/sudoers/regress/cvtsudoers/test4.sh b/plugins/sudoers/regress/cvtsudoers/test4.sh new file mode 100755 index 000000000..17c2a252a --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test4.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test group and host filters, expanding aliases +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -e -m group=wheel,host=blackhole $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test5.out.ok b/plugins/sudoers/regress/cvtsudoers/test5.out.ok new file mode 100644 index 000000000..d209fdfe2 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test5.out.ok @@ -0,0 +1,6 @@ +Defaults syslog=auth +Defaults>root !set_logname +Defaults:FULLTIMERS !lecture +Defaults:millert !authenticate +Defaults@SERVERS log_year, logfile=/var/log/sudo.log +Defaults!PAGERS noexec diff --git a/plugins/sudoers/regress/cvtsudoers/test5.sh b/plugins/sudoers/regress/cvtsudoers/test5.sh new file mode 100755 index 000000000..1c41772f0 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test5.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test defaults type filtering +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -s aliases,privileges -d all $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test6.out.ok b/plugins/sudoers/regress/cvtsudoers/test6.out.ok new file mode 100644 index 000000000..5e65e6180 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test6.out.ok @@ -0,0 +1 @@ +Defaults syslog=auth diff --git a/plugins/sudoers/regress/cvtsudoers/test6.sh b/plugins/sudoers/regress/cvtsudoers/test6.sh new file mode 100755 index 000000000..289fad977 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test6.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test global defaults filtering +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -s aliases,privileges -d global $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test7.out.ok b/plugins/sudoers/regress/cvtsudoers/test7.out.ok new file mode 100644 index 000000000..381de43d3 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test7.out.ok @@ -0,0 +1,2 @@ +Defaults:FULLTIMERS !lecture +Defaults:millert !authenticate diff --git a/plugins/sudoers/regress/cvtsudoers/test7.sh b/plugins/sudoers/regress/cvtsudoers/test7.sh new file mode 100755 index 000000000..63af52907 --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test7.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test user defaults filtering +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -s aliases,privileges -d user $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test8.out.ok b/plugins/sudoers/regress/cvtsudoers/test8.out.ok new file mode 100644 index 000000000..7079ee05f --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test8.out.ok @@ -0,0 +1 @@ +Defaults>root !set_logname diff --git a/plugins/sudoers/regress/cvtsudoers/test8.sh b/plugins/sudoers/regress/cvtsudoers/test8.sh new file mode 100755 index 000000000..785e0b55d --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test8.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test runas defaults filtering +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -s aliases,privileges -d runas $TESTDIR/sudoers + +exit 0 diff --git a/plugins/sudoers/regress/cvtsudoers/test9.out.ok b/plugins/sudoers/regress/cvtsudoers/test9.out.ok new file mode 100644 index 000000000..d2a39c4ae --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test9.out.ok @@ -0,0 +1 @@ +Defaults@SERVERS log_year, logfile=/var/log/sudo.log diff --git a/plugins/sudoers/regress/cvtsudoers/test9.sh b/plugins/sudoers/regress/cvtsudoers/test9.sh new file mode 100755 index 000000000..de64a481c --- /dev/null +++ b/plugins/sudoers/regress/cvtsudoers/test9.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Test host defaults filtering +# + +exec 2>&1 +./cvtsudoers -c "" -f sudoers -s aliases,privileges -d host $TESTDIR/sudoers + +exit 0