isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add regress test with all current Defaults settings.

Browse Source 
Currently skips SELinux and Solaris privilege settings.
This commit is contained in:
Todd C. Miller
2021-02-25 11:26:55 -07:00
parent e7b414ce4e
commit 24e1774ce3
8 changed files with 1394 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
MANIFEST
View File

@@ -846,6 +846,13 @@ plugins/sudoers/regress/sudoers/test25.json.ok
plugins/sudoers/regress/sudoers/test25.ldif.ok
plugins/sudoers/regress/sudoers/test25.out.ok
plugins/sudoers/regress/sudoers/test25.toke.ok
plugins/sudoers/regress/sudoers/test26.in
plugins/sudoers/regress/sudoers/test26.json.ok
plugins/sudoers/regress/sudoers/test26.ldif.ok
plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok
plugins/sudoers/regress/sudoers/test26.out.ok
plugins/sudoers/regress/sudoers/test26.sudo.ok
plugins/sudoers/regress/sudoers/test26.toke.ok
plugins/sudoers/regress/sudoers/test3.in
plugins/sudoers/regress/sudoers/test3.json.ok
plugins/sudoers/regress/sudoers/test3.ldif.ok

128
plugins/sudoers/regress/sudoers/test26.in Normal file
View File

@@ -0,0 +1,128 @@
# Defaults settings that trigger callbacks
Defaults fqdn
Defaults runas_default=root
Defaults tty_tickets
Defaults umask=022
Defaults runchroot=/
Defaults logfile=/var/log/sudo
Defaults log_format=json
Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice
Defaults syslog_maxlen=2048
Defaults !loglinelen, log_year, log_host
Defaults !mailerpath, mailerflags="-t", mailfrom="sudo@sudo.ws", mailto="root@localhost", mailsub="*** Sudo information for %h ***"
# All other Defaults settings
Defaults long_otp_prompt
Defaults ignore_dot
Defaults !mail_always
Defaults !mail_badpass
Defaults !mail_no_user
Defaults !mail_no_host
Defaults !mail_no_perms
Defaults !mail_all_cmnds
Defaults lecture=always
Defaults lecture_file=/etc/sudo.lecture
Defaults authenticate
Defaults root_sudo
Defaults shell_noargs
Defaults set_home
Defaults always_set_home
Defaults path_info
Defaults insults
Defaults !requiretty
Defaults env_editor
Defaults !rootpw
Defaults !runaspw
Defaults !targetpw
Defaults use_loginclass
Defaults set_logname
Defaults !stay_setuid
Defaults !preserve_groups
Defaults timestamp_timeout=.5
Defaults passwd_timeout=5
Defaults passwd_tries=3
Defaults badpass_message="Take off, eh!"
Defaults lecture_status_dir="/var/lib/sudo/lectured"
Defaults timestampdir="/run/sudo/ts"
Defaults timestampowner=root
Defaults exempt_group=sudo
Defaults passprompt="%p's sudo password: "
Defaults passprompt_override
Defaults secure_path="/usr/bin:/usr/sbin:/bin:/sbin"
Defaults editor=/usr/bin/vi
Defaults listpw=any
Defaults verifypw=all
Defaults noexec
Defaults ignore_local_sudoers
Defaults closefrom=3
Defaults closefrom_override
Defaults !setenv
Defaults env_reset
Defaults env_check += "TERMCAP"
Defaults !env_delete
Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
#Defaults role
#Defaults type
Defaults env_file="/etc/environment"
Defaults restricted_env_file="/etc/environment.sudo"
Defaults sudoers_locale=C
Defaults !visiblepw
Defaults pwfeedback
Defaults fast_glob
Defaults umask_override
Defaults log_input
Defaults log_output
Defaults compress_io
Defaults use_pty
#Defaults group_plugin
Defaults iolog_dir="/var/log/sudo-io"
Defaults iolog_file="%{seq}"
Defaults set_utmp
Defaults utmp_runas
#Defaults privs
#Defaults limitprivs
Defaults !exec_background
Defaults pam_service="sudo"
Defaults pam_login_service="sudo-login"
Defaults pam_setcred
Defaults pam_session
Defaults pam_acct_mgmt
Defaults maxseq=2176782336
Defaults use_netgroups
Defaults sudoedit_checkdir
Defaults !sudoedit_follow
Defaults always_query_group_plugin
Defaults netgroup_tuple
Defaults ignore_audit_errors
Defaults ignore_iolog_errors
Defaults ignore_logfile_errors
Defaults !match_group_by_gid
Defaults iolog_user=root
Defaults iolog_group=root
Defaults iolog_mode=0600
Defaults fdexec=digest_only
Defaults !ignore_unknown_defaults
Defaults command_timeout=7d8h30m10s
Defaults user_command_timeouts
Defaults iolog_flush
Defaults syslog_pid
Defaults timestamp_type=tty
Defaults authfail_message="Learn to type!"
Defaults case_insensitive_user
Defaults case_insensitive_group
Defaults log_allowed
Defaults log_denied
Defaults !log_servers
Defaults log_server_timeout=10
Defaults log_server_keepalive
Defaults !log_server_cabundle
Defaults !log_server_peer_cert
Defaults !log_server_peer_key
Defaults !log_server_verify
Defaults runas_allow_unknown_id
Defaults runas_check_shell
Defaults pam_ruser
Defaults pam_rhost
Defaults runcwd=~
Defaults !selinux
Defaults !admin_flag

626
plugins/sudoers/regress/sudoers/test26.json.ok Normal file
View File

@@ -0,0 +1,626 @@
{
"Defaults": [
{
"Options": [
{ "fqdn": true }
]
},
{
"Options": [
{ "runas_default": "root" }
]
},
{
"Options": [
{ "tty_tickets": true }
]
},
{
"Options": [
{ "umask": "022" }
]
},
{
"Options": [
{ "runchroot": "/" }
]
},
{
"Options": [
{ "logfile": "/var/log/sudo" }
]
},
{
"Options": [
{ "log_format": "json" }
]
},
{
"Options": [
{ "syslog": "auth" },
{ "syslog_badpri": "alert" },
{ "syslog_goodpri": "notice" }
]
},
{
"Options": [
{ "syslog_maxlen": "2048" }
]
},
{
"Options": [
{ "loglinelen": false },
{ "log_year": true },
{ "log_host": true }
]
},
{
"Options": [
{ "mailerpath": false },
{ "mailerflags": "-t" },
{ "mailfrom": "sudo@sudo.ws" },
{ "mailto": "root@localhost" },
{ "mailsub": "*** Sudo information for %h ***" }
]
},
{
"Options": [
{ "long_otp_prompt": true }
]
},
{
"Options": [
{ "ignore_dot": true }
]
},
{
"Options": [
{ "mail_always": false }
]
},
{
"Options": [
{ "mail_badpass": false }
]
},
{
"Options": [
{ "mail_no_user": false }
]
},
{
"Options": [
{ "mail_no_host": false }
]
},
{
"Options": [
{ "mail_no_perms": false }
]
},
{
"Options": [
{ "mail_all_cmnds": false }
]
},
{
"Options": [
{ "lecture": "always" }
]
},
{
"Options": [
{ "lecture_file": "/etc/sudo.lecture" }
]
},
{
"Options": [
{ "authenticate": true }
]
},
{
"Options": [
{ "root_sudo": true }
]
},
{
"Options": [
{ "shell_noargs": true }
]
},
{
"Options": [
{ "set_home": true }
]
},
{
"Options": [
{ "always_set_home": true }
]
},
{
"Options": [
{ "path_info": true }
]
},
{
"Options": [
{ "insults": true }
]
},
{
"Options": [
{ "requiretty": false }
]
},
{
"Options": [
{ "env_editor": true }
]
},
{
"Options": [
{ "rootpw": false }
]
},
{
"Options": [
{ "runaspw": false }
]
},
{
"Options": [
{ "targetpw": false }
]
},
{
"Options": [
{ "use_loginclass": true }
]
},
{
"Options": [
{ "set_logname": true }
]
},
{
"Options": [
{ "stay_setuid": false }
]
},
{
"Options": [
{ "preserve_groups": false }
]
},
{
"Options": [
{ "timestamp_timeout": ".5" }
]
},
{
"Options": [
{ "passwd_timeout": "5" }
]
},
{
"Options": [
{ "passwd_tries": "3" }
]
},
{
"Options": [
{ "badpass_message": "Take off, eh!" }
]
},
{
"Options": [
{ "lecture_status_dir": "/var/lib/sudo/lectured" }
]
},
{
"Options": [
{ "timestampdir": "/run/sudo/ts" }
]
},
{
"Options": [
{ "timestampowner": "root" }
]
},
{
"Options": [
{ "exempt_group": "sudo" }
]
},
{
"Options": [
{ "passprompt": "%p's sudo password: " }
]
},
{
"Options": [
{ "passprompt_override": true }
]
},
{
"Options": [
{ "secure_path": "/usr/bin:/usr/sbin:/bin:/sbin" }
]
},
{
"Options": [
{ "editor": "/usr/bin/vi" }
]
},
{
"Options": [
{ "listpw": "any" }
]
},
{
"Options": [
{ "verifypw": "all" }
]
},
{
"Options": [
{ "noexec": true }
]
},
{
"Options": [
{ "ignore_local_sudoers": true }
]
},
{
"Options": [
{ "closefrom": "3" }
]
},
{
"Options": [
{ "closefrom_override": true }
]
},
{
"Options": [
{ "setenv": false }
]
},
{
"Options": [
{ "env_reset": true }
]
},
{
"Options": [
{
"operation": "list_add",
"env_check": [
"TERMCAP"
]
}
]
},
{
"Options": [
{ "env_delete": false }
]
},
{
"Options": [
{
"operation": "list_add",
"env_keep": [
"LANG",
"LANGUAGE",
"LINGUAS",
"LC_*",
"_XKB_CHARSET"
]
}
]
},
{
"Options": [
{ "env_file": "/etc/environment" }
]
},
{
"Options": [
{ "restricted_env_file": "/etc/environment.sudo" }
]
},
{
"Options": [
{ "sudoers_locale": "C" }
]
},
{
"Options": [
{ "visiblepw": false }
]
},
{
"Options": [
{ "pwfeedback": true }
]
},
{
"Options": [
{ "fast_glob": true }
]
},
{
"Options": [
{ "umask_override": true }
]
},
{
"Options": [
{ "log_input": true }
]
},
{
"Options": [
{ "log_output": true }
]
},
{
"Options": [
{ "compress_io": true }
]
},
{
"Options": [
{ "use_pty": true }
]
},
{
"Options": [
{ "iolog_dir": "/var/log/sudo-io" }
]
},
{
"Options": [
{ "iolog_file": "%{seq}" }
]
},
{
"Options": [
{ "set_utmp": true }
]
},
{
"Options": [
{ "utmp_runas": true }
]
},
{
"Options": [
{ "exec_background": false }
]
},
{
"Options": [
{ "pam_service": "sudo" }
]
},
{
"Options": [
{ "pam_login_service": "sudo-login" }
]
},
{
"Options": [
{ "pam_setcred": true }
]
},
{
"Options": [
{ "pam_session": true }
]
},
{
"Options": [
{ "pam_acct_mgmt": true }
]
},
{
"Options": [
{ "maxseq": "2176782336" }
]
},
{
"Options": [
{ "use_netgroups": true }
]
},
{
"Options": [
{ "sudoedit_checkdir": true }
]
},
{
"Options": [
{ "sudoedit_follow": false }
]
},
{
"Options": [
{ "always_query_group_plugin": true }
]
},
{
"Options": [
{ "netgroup_tuple": true }
]
},
{
"Options": [
{ "ignore_audit_errors": true }
]
},
{
"Options": [
{ "ignore_iolog_errors": true }
]
},
{
"Options": [
{ "ignore_logfile_errors": true }
]
},
{
"Options": [
{ "match_group_by_gid": false }
]
},
{
"Options": [
{ "iolog_user": "root" }
]
},
{
"Options": [
{ "iolog_group": "root" }
]
},
{
"Options": [
{ "iolog_mode": "0600" }
]
},
{
"Options": [
{ "fdexec": "digest_only" }
]
},
{
"Options": [
{ "ignore_unknown_defaults": false }
]
},
{
"Options": [
{ "command_timeout": "7d8h30m10s" }
]
},
{
"Options": [
{ "user_command_timeouts": true }
]
},
{
"Options": [
{ "iolog_flush": true }
]
},
{
"Options": [
{ "syslog_pid": true }
]
},
{
"Options": [
{ "timestamp_type": "tty" }
]
},
{
"Options": [
{ "authfail_message": "Learn to type!" }
]
},
{
"Options": [
{ "case_insensitive_user": true }
]
},
{
"Options": [
{ "case_insensitive_group": true }
]
},
{
"Options": [
{ "log_allowed": true }
]
},
{
"Options": [
{ "log_denied": true }
]
},
{
"Options": [
{ "log_servers": false }
]
},
{
"Options": [
{ "log_server_timeout": "10" }
]
},
{
"Options": [
{ "log_server_keepalive": true }
]
},
{
"Options": [
{ "log_server_cabundle": false }
]
},
{
"Options": [
{ "log_server_peer_cert": false }
]
},
{
"Options": [
{ "log_server_peer_key": false }
]
},
{
"Options": [
{ "log_server_verify": false }
]
},
{
"Options": [
{ "runas_allow_unknown_id": true }
]
},
{
"Options": [
{ "runas_check_shell": true }
]
},
{
"Options": [
{ "pam_ruser": true }
]
},
{
"Options": [
{ "pam_rhost": true }
]
},
{
"Options": [
{ "runcwd": "~" }
]
},
{
"Options": [
{ "selinux": false }
]
},
{
"Options": [
{ "admin_flag": false }
]
}
]
}

134
plugins/sudoers/regress/sudoers/test26.ldif.ok Normal file
View File

@@ -0,0 +1,134 @@
dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws
objectClass: top
objectClass: sudoRole
cn: defaults
description: Default sudoOption's go here
sudoOption: fqdn
sudoOption: runas_default=root
sudoOption: tty_tickets
sudoOption: umask=022
sudoOption: runchroot=/
sudoOption: logfile=/var/log/sudo
sudoOption: log_format=json
sudoOption: syslog=auth
sudoOption: syslog_badpri=alert
sudoOption: syslog_goodpri=notice
sudoOption: syslog_maxlen=2048
sudoOption: !loglinelen
sudoOption: log_year
sudoOption: log_host
sudoOption: !mailerpath
sudoOption: mailerflags=-t
sudoOption: mailfrom=sudo@sudo.ws
sudoOption: mailto=root@localhost
sudoOption: mailsub=*** Sudo information for %h ***
sudoOption: long_otp_prompt
sudoOption: ignore_dot
sudoOption: !mail_always
sudoOption: !mail_badpass
sudoOption: !mail_no_user
sudoOption: !mail_no_host
sudoOption: !mail_no_perms
sudoOption: !mail_all_cmnds
sudoOption: lecture=always
sudoOption: lecture_file=/etc/sudo.lecture
sudoOption: authenticate
sudoOption: root_sudo
sudoOption: shell_noargs
sudoOption: set_home
sudoOption: always_set_home
sudoOption: path_info
sudoOption: insults
sudoOption: !requiretty
sudoOption: env_editor
sudoOption: !rootpw
sudoOption: !runaspw
sudoOption: !targetpw
sudoOption: use_loginclass
sudoOption: set_logname
sudoOption: !stay_setuid
sudoOption: !preserve_groups
sudoOption: timestamp_timeout=.5
sudoOption: passwd_timeout=5
sudoOption: passwd_tries=3
sudoOption: badpass_message=Take off, eh!
sudoOption: lecture_status_dir=/var/lib/sudo/lectured
sudoOption: timestampdir=/run/sudo/ts
sudoOption: timestampowner=root
sudoOption: exempt_group=sudo
sudoOption: passprompt=%p's sudo password:
sudoOption: passprompt_override
sudoOption: secure_path=/usr/bin:/usr/sbin:/bin:/sbin
sudoOption: editor=/usr/bin/vi
sudoOption: listpw=any
sudoOption: verifypw=all
sudoOption: noexec
sudoOption: ignore_local_sudoers
sudoOption: closefrom=3
sudoOption: closefrom_override
sudoOption: !setenv
sudoOption: env_reset
sudoOption: env_check+=TERMCAP
sudoOption: !env_delete
sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET
sudoOption: env_file=/etc/environment
sudoOption: restricted_env_file=/etc/environment.sudo
sudoOption: sudoers_locale=C
sudoOption: !visiblepw
sudoOption: pwfeedback
sudoOption: fast_glob
sudoOption: umask_override
sudoOption: log_input
sudoOption: log_output
sudoOption: compress_io
sudoOption: use_pty
sudoOption: iolog_dir=/var/log/sudo-io
sudoOption: iolog_file=%{seq}
sudoOption: set_utmp
sudoOption: utmp_runas
sudoOption: !exec_background
sudoOption: pam_service=sudo
sudoOption: pam_login_service=sudo-login
sudoOption: pam_setcred
sudoOption: pam_session
sudoOption: pam_acct_mgmt
sudoOption: maxseq=2176782336
sudoOption: use_netgroups
sudoOption: sudoedit_checkdir
sudoOption: !sudoedit_follow
sudoOption: always_query_group_plugin
sudoOption: netgroup_tuple
sudoOption: ignore_audit_errors
sudoOption: ignore_iolog_errors
sudoOption: ignore_logfile_errors
sudoOption: !match_group_by_gid
sudoOption: iolog_user=root
sudoOption: iolog_group=root
sudoOption: iolog_mode=0600
sudoOption: fdexec=digest_only
sudoOption: !ignore_unknown_defaults
sudoOption: command_timeout=7d8h30m10s
sudoOption: user_command_timeouts
sudoOption: iolog_flush
sudoOption: syslog_pid
sudoOption: timestamp_type=tty
sudoOption: authfail_message=Learn to type!
sudoOption: case_insensitive_user
sudoOption: case_insensitive_group
sudoOption: log_allowed
sudoOption: log_denied
sudoOption: !log_servers
sudoOption: log_server_timeout=10
sudoOption: log_server_keepalive
sudoOption: !log_server_cabundle
sudoOption: !log_server_peer_cert
sudoOption: !log_server_peer_key
sudoOption: !log_server_verify
sudoOption: runas_allow_unknown_id
sudoOption: runas_check_shell
sudoOption: pam_ruser
sudoOption: pam_rhost
sudoOption: runcwd=~
sudoOption: !selinux
sudoOption: !admin_flag

128
plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok Normal file
View File

@@ -0,0 +1,128 @@
Defaults fqdn
Defaults runas_default=root
Defaults tty_tickets
Defaults umask=022
Defaults runchroot=/
Defaults logfile=/var/log/sudo
Defaults log_format=json
Defaults syslog=auth
Defaults syslog_badpri=alert
Defaults syslog_goodpri=notice
Defaults syslog_maxlen=2048
Defaults !loglinelen
Defaults log_year
Defaults log_host
Defaults !mailerpath
Defaults mailerflags=-t
Defaults mailfrom=sudo@sudo.ws
Defaults mailto=root@localhost
Defaults mailsub="*** Sudo information for %h ***"
Defaults long_otp_prompt
Defaults ignore_dot
Defaults !mail_always
Defaults !mail_badpass
Defaults !mail_no_user
Defaults !mail_no_host
Defaults !mail_no_perms
Defaults !mail_all_cmnds
Defaults lecture=always
Defaults lecture_file=/etc/sudo.lecture
Defaults authenticate
Defaults root_sudo
Defaults shell_noargs
Defaults set_home
Defaults always_set_home
Defaults path_info
Defaults insults
Defaults !requiretty
Defaults env_editor
Defaults !rootpw
Defaults !runaspw
Defaults !targetpw
Defaults use_loginclass
Defaults set_logname
Defaults !stay_setuid
Defaults !preserve_groups
Defaults timestamp_timeout=.5
Defaults passwd_timeout=5
Defaults passwd_tries=3
Defaults badpass_message="Take off, eh!"
Defaults lecture_status_dir=/var/lib/sudo/lectured
Defaults timestampdir=/run/sudo/ts
Defaults timestampowner=root
Defaults exempt_group=sudo
Defaults passprompt="%p's sudo password:"
Defaults passprompt_override
Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin
Defaults editor=/usr/bin/vi
Defaults listpw=any
Defaults verifypw=all
Defaults noexec
Defaults ignore_local_sudoers
Defaults closefrom=3
Defaults closefrom_override
Defaults !setenv
Defaults env_reset
Defaults env_check+=TERMCAP
Defaults !env_delete
Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults env_file=/etc/environment
Defaults restricted_env_file=/etc/environment.sudo
Defaults sudoers_locale=C
Defaults !visiblepw
Defaults pwfeedback
Defaults fast_glob
Defaults umask_override
Defaults log_input
Defaults log_output
Defaults compress_io
Defaults use_pty
Defaults iolog_dir=/var/log/sudo-io
Defaults iolog_file=%{seq}
Defaults set_utmp
Defaults utmp_runas
Defaults !exec_background
Defaults pam_service=sudo
Defaults pam_login_service=sudo-login
Defaults pam_setcred
Defaults pam_session
Defaults pam_acct_mgmt
Defaults maxseq=2176782336
Defaults use_netgroups
Defaults sudoedit_checkdir
Defaults !sudoedit_follow
Defaults always_query_group_plugin
Defaults netgroup_tuple
Defaults ignore_audit_errors
Defaults ignore_iolog_errors
Defaults ignore_logfile_errors
Defaults !match_group_by_gid
Defaults iolog_user=root
Defaults iolog_group=root
Defaults iolog_mode=0600
Defaults fdexec=digest_only
Defaults !ignore_unknown_defaults
Defaults command_timeout=7d8h30m10s
Defaults user_command_timeouts
Defaults iolog_flush
Defaults syslog_pid
Defaults timestamp_type=tty
Defaults authfail_message="Learn to type!"
Defaults case_insensitive_user
Defaults case_insensitive_group
Defaults log_allowed
Defaults log_denied
Defaults !log_servers
Defaults log_server_timeout=10
Defaults log_server_keepalive
Defaults !log_server_cabundle
Defaults !log_server_peer_cert
Defaults !log_server_peer_key
Defaults !log_server_verify
Defaults runas_allow_unknown_id
Defaults runas_check_shell
Defaults pam_ruser
Defaults pam_rhost
Defaults runcwd=~
Defaults !selinux
Defaults !admin_flag

122
plugins/sudoers/regress/sudoers/test26.out.ok Normal file
View File

@@ -0,0 +1,122 @@
Parses OK
Defaults fqdn
Defaults runas_default=root
Defaults tty_tickets
Defaults umask=022
Defaults runchroot=/
Defaults logfile=/var/log/sudo
Defaults log_format=json
Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice
Defaults syslog_maxlen=2048
Defaults !loglinelen, log_year, log_host
Defaults !mailerpath, mailerflags=-t, mailfrom=sudo@sudo.ws, mailto=root@localhost, mailsub="*** Sudo information for %h ***"
Defaults long_otp_prompt
Defaults ignore_dot
Defaults !mail_always
Defaults !mail_badpass
Defaults !mail_no_user
Defaults !mail_no_host
Defaults !mail_no_perms
Defaults !mail_all_cmnds
Defaults lecture=always
Defaults lecture_file=/etc/sudo.lecture
Defaults authenticate
Defaults root_sudo
Defaults shell_noargs
Defaults set_home
Defaults always_set_home
Defaults path_info
Defaults insults
Defaults !requiretty
Defaults env_editor
Defaults !rootpw
Defaults !runaspw
Defaults !targetpw
Defaults use_loginclass
Defaults set_logname
Defaults !stay_setuid
Defaults !preserve_groups
Defaults timestamp_timeout=.5
Defaults passwd_timeout=5
Defaults passwd_tries=3
Defaults badpass_message="Take off, eh!"
Defaults lecture_status_dir=/var/lib/sudo/lectured
Defaults timestampdir=/run/sudo/ts
Defaults timestampowner=root
Defaults exempt_group=sudo
Defaults passprompt="%p's sudo password: "
Defaults passprompt_override
Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin
Defaults editor=/usr/bin/vi
Defaults listpw=any
Defaults verifypw=all
Defaults noexec
Defaults ignore_local_sudoers
Defaults closefrom=3
Defaults closefrom_override
Defaults !setenv
Defaults env_reset
Defaults env_check+=TERMCAP
Defaults !env_delete
Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults env_file=/etc/environment
Defaults restricted_env_file=/etc/environment.sudo
Defaults sudoers_locale=C
Defaults !visiblepw
Defaults pwfeedback
Defaults fast_glob
Defaults umask_override
Defaults log_input
Defaults log_output
Defaults compress_io
Defaults use_pty
Defaults iolog_dir=/var/log/sudo-io
Defaults iolog_file=%{seq}
Defaults set_utmp
Defaults utmp_runas
Defaults !exec_background
Defaults pam_service=sudo
Defaults pam_login_service=sudo-login
Defaults pam_setcred
Defaults pam_session
Defaults pam_acct_mgmt
Defaults maxseq=2176782336
Defaults use_netgroups
Defaults sudoedit_checkdir
Defaults !sudoedit_follow
Defaults always_query_group_plugin
Defaults netgroup_tuple
Defaults ignore_audit_errors
Defaults ignore_iolog_errors
Defaults ignore_logfile_errors
Defaults !match_group_by_gid
Defaults iolog_user=root
Defaults iolog_group=root
Defaults iolog_mode=0600
Defaults fdexec=digest_only
Defaults !ignore_unknown_defaults
Defaults command_timeout=7d8h30m10s
Defaults user_command_timeouts
Defaults iolog_flush
Defaults syslog_pid
Defaults timestamp_type=tty
Defaults authfail_message="Learn to type!"
Defaults case_insensitive_user
Defaults case_insensitive_group
Defaults log_allowed
Defaults log_denied
Defaults !log_servers
Defaults log_server_timeout=10
Defaults log_server_keepalive
Defaults !log_server_cabundle
Defaults !log_server_peer_cert
Defaults !log_server_peer_key
Defaults !log_server_verify
Defaults runas_allow_unknown_id
Defaults runas_check_shell
Defaults pam_ruser
Defaults pam_rhost
Defaults runcwd=~
Defaults !selinux
Defaults !admin_flag

121
plugins/sudoers/regress/sudoers/test26.sudo.ok Normal file
View File

@@ -0,0 +1,121 @@
Defaults fqdn
Defaults runas_default=root
Defaults tty_tickets
Defaults umask=022
Defaults runchroot=/
Defaults logfile=/var/log/sudo
Defaults log_format=json
Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice
Defaults syslog_maxlen=2048
Defaults !loglinelen, log_year, log_host
Defaults !mailerpath, mailerflags=-t, mailfrom=sudo@sudo.ws,\
mailto=root@localhost, mailsub="*** Sudo information for %h ***"
Defaults long_otp_prompt
Defaults ignore_dot
Defaults !mail_always
Defaults !mail_badpass
Defaults !mail_no_user
Defaults !mail_no_host
Defaults !mail_no_perms
Defaults !mail_all_cmnds
Defaults lecture=always
Defaults lecture_file=/etc/sudo.lecture
Defaults authenticate
Defaults root_sudo
Defaults shell_noargs
Defaults set_home
Defaults always_set_home
Defaults path_info
Defaults insults
Defaults !requiretty
Defaults env_editor
Defaults !rootpw
Defaults !runaspw
Defaults !targetpw
Defaults use_loginclass
Defaults set_logname
Defaults !stay_setuid
Defaults !preserve_groups
Defaults timestamp_timeout=.5
Defaults passwd_timeout=5
Defaults passwd_tries=3
Defaults badpass_message="Take off, eh!"
Defaults lecture_status_dir=/var/lib/sudo/lectured
Defaults timestampdir=/run/sudo/ts
Defaults timestampowner=root
Defaults exempt_group=sudo
Defaults passprompt="%p's sudo password: "
Defaults passprompt_override
Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin
Defaults editor=/usr/bin/vi
Defaults listpw=any
Defaults verifypw=all
Defaults noexec
Defaults ignore_local_sudoers
Defaults closefrom=3
Defaults closefrom_override
Defaults !setenv
Defaults env_reset
Defaults env_check+=TERMCAP
Defaults !env_delete
Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
Defaults env_file=/etc/environment
Defaults restricted_env_file=/etc/environment.sudo
Defaults sudoers_locale=C
Defaults !visiblepw
Defaults pwfeedback
Defaults fast_glob
Defaults umask_override
Defaults log_input
Defaults log_output
Defaults compress_io
Defaults use_pty
Defaults iolog_dir=/var/log/sudo-io
Defaults iolog_file=%{seq}
Defaults set_utmp
Defaults utmp_runas
Defaults !exec_background
Defaults pam_service=sudo
Defaults pam_login_service=sudo-login
Defaults pam_setcred
Defaults pam_session
Defaults pam_acct_mgmt
Defaults maxseq=2176782336
Defaults use_netgroups
Defaults sudoedit_checkdir
Defaults !sudoedit_follow
Defaults always_query_group_plugin
Defaults netgroup_tuple
Defaults ignore_audit_errors
Defaults ignore_iolog_errors
Defaults ignore_logfile_errors
Defaults !match_group_by_gid
Defaults iolog_user=root
Defaults iolog_group=root
Defaults iolog_mode=0600
Defaults fdexec=digest_only
Defaults !ignore_unknown_defaults
Defaults command_timeout=7d8h30m10s
Defaults user_command_timeouts
Defaults iolog_flush
Defaults syslog_pid
Defaults timestamp_type=tty
Defaults authfail_message="Learn to type!"
Defaults case_insensitive_user
Defaults case_insensitive_group
Defaults log_allowed
Defaults log_denied
Defaults !log_servers
Defaults log_server_timeout=10
Defaults log_server_keepalive
Defaults !log_server_cabundle
Defaults !log_server_peer_cert
Defaults !log_server_peer_key
Defaults !log_server_verify
Defaults runas_allow_unknown_id
Defaults runas_check_shell
Defaults pam_ruser
Defaults pam_rhost
Defaults runcwd=~
Defaults !selinux
Defaults !admin_flag

128
plugins/sudoers/regress/sudoers/test26.toke.ok Normal file
View File

@@ -0,0 +1,128 @@
#
DEFAULTS DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2) , DEFVAR = WORD(2) , DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS !DEFVAR , DEFVAR , DEFVAR
DEFAULTS !DEFVAR , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
#
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS !DEFVAR
DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4)
#
#
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS !DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
#
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
#
#
DEFAULTS !DEFVAR
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = WORD(2)
DEFAULTS !DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4)
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR
DEFAULTS DEFVAR = WORD(2)
DEFAULTS !DEFVAR
DEFAULTS !DEFVAR