From 24e1774ce322dad53c5f7893b8eafe9ac1f57abc Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 25 Feb 2021 11:26:55 -0700 Subject: [PATCH] Add regress test with all current Defaults settings. Currently skips SELinux and Solaris privilege settings. --- MANIFEST | 7 + plugins/sudoers/regress/sudoers/test26.in | 128 ++++ .../sudoers/regress/sudoers/test26.json.ok | 626 ++++++++++++++++++ .../sudoers/regress/sudoers/test26.ldif.ok | 134 ++++ .../regress/sudoers/test26.ldif2sudo.ok | 128 ++++ plugins/sudoers/regress/sudoers/test26.out.ok | 122 ++++ .../sudoers/regress/sudoers/test26.sudo.ok | 121 ++++ .../sudoers/regress/sudoers/test26.toke.ok | 128 ++++ 8 files changed, 1394 insertions(+) create mode 100644 plugins/sudoers/regress/sudoers/test26.in create mode 100644 plugins/sudoers/regress/sudoers/test26.json.ok create mode 100644 plugins/sudoers/regress/sudoers/test26.ldif.ok create mode 100644 plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok create mode 100644 plugins/sudoers/regress/sudoers/test26.out.ok create mode 100644 plugins/sudoers/regress/sudoers/test26.sudo.ok create mode 100644 plugins/sudoers/regress/sudoers/test26.toke.ok diff --git a/MANIFEST b/MANIFEST index 835291684..c0010563f 100644 --- a/MANIFEST +++ b/MANIFEST @@ -846,6 +846,13 @@ plugins/sudoers/regress/sudoers/test25.json.ok plugins/sudoers/regress/sudoers/test25.ldif.ok plugins/sudoers/regress/sudoers/test25.out.ok plugins/sudoers/regress/sudoers/test25.toke.ok +plugins/sudoers/regress/sudoers/test26.in +plugins/sudoers/regress/sudoers/test26.json.ok +plugins/sudoers/regress/sudoers/test26.ldif.ok +plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test26.out.ok +plugins/sudoers/regress/sudoers/test26.sudo.ok +plugins/sudoers/regress/sudoers/test26.toke.ok plugins/sudoers/regress/sudoers/test3.in plugins/sudoers/regress/sudoers/test3.json.ok plugins/sudoers/regress/sudoers/test3.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test26.in b/plugins/sudoers/regress/sudoers/test26.in new file mode 100644 index 000000000..842f2b418 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.in @@ -0,0 +1,128 @@ +# Defaults settings that trigger callbacks +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags="-t", mailfrom="sudo@sudo.ws", mailto="root@localhost", mailsub="*** Sudo information for %h ***" + +# All other Defaults settings +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir="/var/lib/sudo/lectured" +Defaults timestampdir="/run/sudo/ts" +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path="/usr/bin:/usr/sbin:/bin:/sbin" +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check += "TERMCAP" +Defaults !env_delete +Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +#Defaults role +#Defaults type +Defaults env_file="/etc/environment" +Defaults restricted_env_file="/etc/environment.sudo" +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +#Defaults group_plugin +Defaults iolog_dir="/var/log/sudo-io" +Defaults iolog_file="%{seq}" +Defaults set_utmp +Defaults utmp_runas +#Defaults privs +#Defaults limitprivs +Defaults !exec_background +Defaults pam_service="sudo" +Defaults pam_login_service="sudo-login" +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.json.ok b/plugins/sudoers/regress/sudoers/test26.json.ok new file mode 100644 index 000000000..4fabe5f84 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.json.ok @@ -0,0 +1,626 @@ +{ + "Defaults": [ + { + "Options": [ + { "fqdn": true } + ] + }, + { + "Options": [ + { "runas_default": "root" } + ] + }, + { + "Options": [ + { "tty_tickets": true } + ] + }, + { + "Options": [ + { "umask": "022" } + ] + }, + { + "Options": [ + { "runchroot": "/" } + ] + }, + { + "Options": [ + { "logfile": "/var/log/sudo" } + ] + }, + { + "Options": [ + { "log_format": "json" } + ] + }, + { + "Options": [ + { "syslog": "auth" }, + { "syslog_badpri": "alert" }, + { "syslog_goodpri": "notice" } + ] + }, + { + "Options": [ + { "syslog_maxlen": "2048" } + ] + }, + { + "Options": [ + { "loglinelen": false }, + { "log_year": true }, + { "log_host": true } + ] + }, + { + "Options": [ + { "mailerpath": false }, + { "mailerflags": "-t" }, + { "mailfrom": "sudo@sudo.ws" }, + { "mailto": "root@localhost" }, + { "mailsub": "*** Sudo information for %h ***" } + ] + }, + { + "Options": [ + { "long_otp_prompt": true } + ] + }, + { + "Options": [ + { "ignore_dot": true } + ] + }, + { + "Options": [ + { "mail_always": false } + ] + }, + { + "Options": [ + { "mail_badpass": false } + ] + }, + { + "Options": [ + { "mail_no_user": false } + ] + }, + { + "Options": [ + { "mail_no_host": false } + ] + }, + { + "Options": [ + { "mail_no_perms": false } + ] + }, + { + "Options": [ + { "mail_all_cmnds": false } + ] + }, + { + "Options": [ + { "lecture": "always" } + ] + }, + { + "Options": [ + { "lecture_file": "/etc/sudo.lecture" } + ] + }, + { + "Options": [ + { "authenticate": true } + ] + }, + { + "Options": [ + { "root_sudo": true } + ] + }, + { + "Options": [ + { "shell_noargs": true } + ] + }, + { + "Options": [ + { "set_home": true } + ] + }, + { + "Options": [ + { "always_set_home": true } + ] + }, + { + "Options": [ + { "path_info": true } + ] + }, + { + "Options": [ + { "insults": true } + ] + }, + { + "Options": [ + { "requiretty": false } + ] + }, + { + "Options": [ + { "env_editor": true } + ] + }, + { + "Options": [ + { "rootpw": false } + ] + }, + { + "Options": [ + { "runaspw": false } + ] + }, + { + "Options": [ + { "targetpw": false } + ] + }, + { + "Options": [ + { "use_loginclass": true } + ] + }, + { + "Options": [ + { "set_logname": true } + ] + }, + { + "Options": [ + { "stay_setuid": false } + ] + }, + { + "Options": [ + { "preserve_groups": false } + ] + }, + { + "Options": [ + { "timestamp_timeout": ".5" } + ] + }, + { + "Options": [ + { "passwd_timeout": "5" } + ] + }, + { + "Options": [ + { "passwd_tries": "3" } + ] + }, + { + "Options": [ + { "badpass_message": "Take off, eh!" } + ] + }, + { + "Options": [ + { "lecture_status_dir": "/var/lib/sudo/lectured" } + ] + }, + { + "Options": [ + { "timestampdir": "/run/sudo/ts" } + ] + }, + { + "Options": [ + { "timestampowner": "root" } + ] + }, + { + "Options": [ + { "exempt_group": "sudo" } + ] + }, + { + "Options": [ + { "passprompt": "%p's sudo password: " } + ] + }, + { + "Options": [ + { "passprompt_override": true } + ] + }, + { + "Options": [ + { "secure_path": "/usr/bin:/usr/sbin:/bin:/sbin" } + ] + }, + { + "Options": [ + { "editor": "/usr/bin/vi" } + ] + }, + { + "Options": [ + { "listpw": "any" } + ] + }, + { + "Options": [ + { "verifypw": "all" } + ] + }, + { + "Options": [ + { "noexec": true } + ] + }, + { + "Options": [ + { "ignore_local_sudoers": true } + ] + }, + { + "Options": [ + { "closefrom": "3" } + ] + }, + { + "Options": [ + { "closefrom_override": true } + ] + }, + { + "Options": [ + { "setenv": false } + ] + }, + { + "Options": [ + { "env_reset": true } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_check": [ + "TERMCAP" + ] + } + ] + }, + { + "Options": [ + { "env_delete": false } + ] + }, + { + "Options": [ + { + "operation": "list_add", + "env_keep": [ + "LANG", + "LANGUAGE", + "LINGUAS", + "LC_*", + "_XKB_CHARSET" + ] + } + ] + }, + { + "Options": [ + { "env_file": "/etc/environment" } + ] + }, + { + "Options": [ + { "restricted_env_file": "/etc/environment.sudo" } + ] + }, + { + "Options": [ + { "sudoers_locale": "C" } + ] + }, + { + "Options": [ + { "visiblepw": false } + ] + }, + { + "Options": [ + { "pwfeedback": true } + ] + }, + { + "Options": [ + { "fast_glob": true } + ] + }, + { + "Options": [ + { "umask_override": true } + ] + }, + { + "Options": [ + { "log_input": true } + ] + }, + { + "Options": [ + { "log_output": true } + ] + }, + { + "Options": [ + { "compress_io": true } + ] + }, + { + "Options": [ + { "use_pty": true } + ] + }, + { + "Options": [ + { "iolog_dir": "/var/log/sudo-io" } + ] + }, + { + "Options": [ + { "iolog_file": "%{seq}" } + ] + }, + { + "Options": [ + { "set_utmp": true } + ] + }, + { + "Options": [ + { "utmp_runas": true } + ] + }, + { + "Options": [ + { "exec_background": false } + ] + }, + { + "Options": [ + { "pam_service": "sudo" } + ] + }, + { + "Options": [ + { "pam_login_service": "sudo-login" } + ] + }, + { + "Options": [ + { "pam_setcred": true } + ] + }, + { + "Options": [ + { "pam_session": true } + ] + }, + { + "Options": [ + { "pam_acct_mgmt": true } + ] + }, + { + "Options": [ + { "maxseq": "2176782336" } + ] + }, + { + "Options": [ + { "use_netgroups": true } + ] + }, + { + "Options": [ + { "sudoedit_checkdir": true } + ] + }, + { + "Options": [ + { "sudoedit_follow": false } + ] + }, + { + "Options": [ + { "always_query_group_plugin": true } + ] + }, + { + "Options": [ + { "netgroup_tuple": true } + ] + }, + { + "Options": [ + { "ignore_audit_errors": true } + ] + }, + { + "Options": [ + { "ignore_iolog_errors": true } + ] + }, + { + "Options": [ + { "ignore_logfile_errors": true } + ] + }, + { + "Options": [ + { "match_group_by_gid": false } + ] + }, + { + "Options": [ + { "iolog_user": "root" } + ] + }, + { + "Options": [ + { "iolog_group": "root" } + ] + }, + { + "Options": [ + { "iolog_mode": "0600" } + ] + }, + { + "Options": [ + { "fdexec": "digest_only" } + ] + }, + { + "Options": [ + { "ignore_unknown_defaults": false } + ] + }, + { + "Options": [ + { "command_timeout": "7d8h30m10s" } + ] + }, + { + "Options": [ + { "user_command_timeouts": true } + ] + }, + { + "Options": [ + { "iolog_flush": true } + ] + }, + { + "Options": [ + { "syslog_pid": true } + ] + }, + { + "Options": [ + { "timestamp_type": "tty" } + ] + }, + { + "Options": [ + { "authfail_message": "Learn to type!" } + ] + }, + { + "Options": [ + { "case_insensitive_user": true } + ] + }, + { + "Options": [ + { "case_insensitive_group": true } + ] + }, + { + "Options": [ + { "log_allowed": true } + ] + }, + { + "Options": [ + { "log_denied": true } + ] + }, + { + "Options": [ + { "log_servers": false } + ] + }, + { + "Options": [ + { "log_server_timeout": "10" } + ] + }, + { + "Options": [ + { "log_server_keepalive": true } + ] + }, + { + "Options": [ + { "log_server_cabundle": false } + ] + }, + { + "Options": [ + { "log_server_peer_cert": false } + ] + }, + { + "Options": [ + { "log_server_peer_key": false } + ] + }, + { + "Options": [ + { "log_server_verify": false } + ] + }, + { + "Options": [ + { "runas_allow_unknown_id": true } + ] + }, + { + "Options": [ + { "runas_check_shell": true } + ] + }, + { + "Options": [ + { "pam_ruser": true } + ] + }, + { + "Options": [ + { "pam_rhost": true } + ] + }, + { + "Options": [ + { "runcwd": "~" } + ] + }, + { + "Options": [ + { "selinux": false } + ] + }, + { + "Options": [ + { "admin_flag": false } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test26.ldif.ok b/plugins/sudoers/regress/sudoers/test26.ldif.ok new file mode 100644 index 000000000..912e265df --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.ldif.ok @@ -0,0 +1,134 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: fqdn +sudoOption: runas_default=root +sudoOption: tty_tickets +sudoOption: umask=022 +sudoOption: runchroot=/ +sudoOption: logfile=/var/log/sudo +sudoOption: log_format=json +sudoOption: syslog=auth +sudoOption: syslog_badpri=alert +sudoOption: syslog_goodpri=notice +sudoOption: syslog_maxlen=2048 +sudoOption: !loglinelen +sudoOption: log_year +sudoOption: log_host +sudoOption: !mailerpath +sudoOption: mailerflags=-t +sudoOption: mailfrom=sudo@sudo.ws +sudoOption: mailto=root@localhost +sudoOption: mailsub=*** Sudo information for %h *** +sudoOption: long_otp_prompt +sudoOption: ignore_dot +sudoOption: !mail_always +sudoOption: !mail_badpass +sudoOption: !mail_no_user +sudoOption: !mail_no_host +sudoOption: !mail_no_perms +sudoOption: !mail_all_cmnds +sudoOption: lecture=always +sudoOption: lecture_file=/etc/sudo.lecture +sudoOption: authenticate +sudoOption: root_sudo +sudoOption: shell_noargs +sudoOption: set_home +sudoOption: always_set_home +sudoOption: path_info +sudoOption: insults +sudoOption: !requiretty +sudoOption: env_editor +sudoOption: !rootpw +sudoOption: !runaspw +sudoOption: !targetpw +sudoOption: use_loginclass +sudoOption: set_logname +sudoOption: !stay_setuid +sudoOption: !preserve_groups +sudoOption: timestamp_timeout=.5 +sudoOption: passwd_timeout=5 +sudoOption: passwd_tries=3 +sudoOption: badpass_message=Take off, eh! +sudoOption: lecture_status_dir=/var/lib/sudo/lectured +sudoOption: timestampdir=/run/sudo/ts +sudoOption: timestampowner=root +sudoOption: exempt_group=sudo +sudoOption: passprompt=%p's sudo password: +sudoOption: passprompt_override +sudoOption: secure_path=/usr/bin:/usr/sbin:/bin:/sbin +sudoOption: editor=/usr/bin/vi +sudoOption: listpw=any +sudoOption: verifypw=all +sudoOption: noexec +sudoOption: ignore_local_sudoers +sudoOption: closefrom=3 +sudoOption: closefrom_override +sudoOption: !setenv +sudoOption: env_reset +sudoOption: env_check+=TERMCAP +sudoOption: !env_delete +sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET +sudoOption: env_file=/etc/environment +sudoOption: restricted_env_file=/etc/environment.sudo +sudoOption: sudoers_locale=C +sudoOption: !visiblepw +sudoOption: pwfeedback +sudoOption: fast_glob +sudoOption: umask_override +sudoOption: log_input +sudoOption: log_output +sudoOption: compress_io +sudoOption: use_pty +sudoOption: iolog_dir=/var/log/sudo-io +sudoOption: iolog_file=%{seq} +sudoOption: set_utmp +sudoOption: utmp_runas +sudoOption: !exec_background +sudoOption: pam_service=sudo +sudoOption: pam_login_service=sudo-login +sudoOption: pam_setcred +sudoOption: pam_session +sudoOption: pam_acct_mgmt +sudoOption: maxseq=2176782336 +sudoOption: use_netgroups +sudoOption: sudoedit_checkdir +sudoOption: !sudoedit_follow +sudoOption: always_query_group_plugin +sudoOption: netgroup_tuple +sudoOption: ignore_audit_errors +sudoOption: ignore_iolog_errors +sudoOption: ignore_logfile_errors +sudoOption: !match_group_by_gid +sudoOption: iolog_user=root +sudoOption: iolog_group=root +sudoOption: iolog_mode=0600 +sudoOption: fdexec=digest_only +sudoOption: !ignore_unknown_defaults +sudoOption: command_timeout=7d8h30m10s +sudoOption: user_command_timeouts +sudoOption: iolog_flush +sudoOption: syslog_pid +sudoOption: timestamp_type=tty +sudoOption: authfail_message=Learn to type! +sudoOption: case_insensitive_user +sudoOption: case_insensitive_group +sudoOption: log_allowed +sudoOption: log_denied +sudoOption: !log_servers +sudoOption: log_server_timeout=10 +sudoOption: log_server_keepalive +sudoOption: !log_server_cabundle +sudoOption: !log_server_peer_cert +sudoOption: !log_server_peer_key +sudoOption: !log_server_verify +sudoOption: runas_allow_unknown_id +sudoOption: runas_check_shell +sudoOption: pam_ruser +sudoOption: pam_rhost +sudoOption: runcwd=~ +sudoOption: !selinux +sudoOption: !admin_flag + diff --git a/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok new file mode 100644 index 000000000..706c6fd0a --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok @@ -0,0 +1,128 @@ +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth +Defaults syslog_badpri=alert +Defaults syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen +Defaults log_year +Defaults log_host +Defaults !mailerpath +Defaults mailerflags=-t +Defaults mailfrom=sudo@sudo.ws +Defaults mailto=root@localhost +Defaults mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password:" +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.out.ok b/plugins/sudoers/regress/sudoers/test26.out.ok new file mode 100644 index 000000000..e9f07fb6e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.out.ok @@ -0,0 +1,122 @@ +Parses OK + +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags=-t, mailfrom=sudo@sudo.ws, mailto=root@localhost, mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.sudo.ok b/plugins/sudoers/regress/sudoers/test26.sudo.ok new file mode 100644 index 000000000..57596c1e3 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.sudo.ok @@ -0,0 +1,121 @@ +Defaults fqdn +Defaults runas_default=root +Defaults tty_tickets +Defaults umask=022 +Defaults runchroot=/ +Defaults logfile=/var/log/sudo +Defaults log_format=json +Defaults syslog=auth, syslog_badpri=alert, syslog_goodpri=notice +Defaults syslog_maxlen=2048 +Defaults !loglinelen, log_year, log_host +Defaults !mailerpath, mailerflags=-t, mailfrom=sudo@sudo.ws,\ + mailto=root@localhost, mailsub="*** Sudo information for %h ***" +Defaults long_otp_prompt +Defaults ignore_dot +Defaults !mail_always +Defaults !mail_badpass +Defaults !mail_no_user +Defaults !mail_no_host +Defaults !mail_no_perms +Defaults !mail_all_cmnds +Defaults lecture=always +Defaults lecture_file=/etc/sudo.lecture +Defaults authenticate +Defaults root_sudo +Defaults shell_noargs +Defaults set_home +Defaults always_set_home +Defaults path_info +Defaults insults +Defaults !requiretty +Defaults env_editor +Defaults !rootpw +Defaults !runaspw +Defaults !targetpw +Defaults use_loginclass +Defaults set_logname +Defaults !stay_setuid +Defaults !preserve_groups +Defaults timestamp_timeout=.5 +Defaults passwd_timeout=5 +Defaults passwd_tries=3 +Defaults badpass_message="Take off, eh!" +Defaults lecture_status_dir=/var/lib/sudo/lectured +Defaults timestampdir=/run/sudo/ts +Defaults timestampowner=root +Defaults exempt_group=sudo +Defaults passprompt="%p's sudo password: " +Defaults passprompt_override +Defaults secure_path=/usr/bin\:/usr/sbin\:/bin\:/sbin +Defaults editor=/usr/bin/vi +Defaults listpw=any +Defaults verifypw=all +Defaults noexec +Defaults ignore_local_sudoers +Defaults closefrom=3 +Defaults closefrom_override +Defaults !setenv +Defaults env_reset +Defaults env_check+=TERMCAP +Defaults !env_delete +Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" +Defaults env_file=/etc/environment +Defaults restricted_env_file=/etc/environment.sudo +Defaults sudoers_locale=C +Defaults !visiblepw +Defaults pwfeedback +Defaults fast_glob +Defaults umask_override +Defaults log_input +Defaults log_output +Defaults compress_io +Defaults use_pty +Defaults iolog_dir=/var/log/sudo-io +Defaults iolog_file=%{seq} +Defaults set_utmp +Defaults utmp_runas +Defaults !exec_background +Defaults pam_service=sudo +Defaults pam_login_service=sudo-login +Defaults pam_setcred +Defaults pam_session +Defaults pam_acct_mgmt +Defaults maxseq=2176782336 +Defaults use_netgroups +Defaults sudoedit_checkdir +Defaults !sudoedit_follow +Defaults always_query_group_plugin +Defaults netgroup_tuple +Defaults ignore_audit_errors +Defaults ignore_iolog_errors +Defaults ignore_logfile_errors +Defaults !match_group_by_gid +Defaults iolog_user=root +Defaults iolog_group=root +Defaults iolog_mode=0600 +Defaults fdexec=digest_only +Defaults !ignore_unknown_defaults +Defaults command_timeout=7d8h30m10s +Defaults user_command_timeouts +Defaults iolog_flush +Defaults syslog_pid +Defaults timestamp_type=tty +Defaults authfail_message="Learn to type!" +Defaults case_insensitive_user +Defaults case_insensitive_group +Defaults log_allowed +Defaults log_denied +Defaults !log_servers +Defaults log_server_timeout=10 +Defaults log_server_keepalive +Defaults !log_server_cabundle +Defaults !log_server_peer_cert +Defaults !log_server_peer_key +Defaults !log_server_verify +Defaults runas_allow_unknown_id +Defaults runas_check_shell +Defaults pam_ruser +Defaults pam_rhost +Defaults runcwd=~ +Defaults !selinux +Defaults !admin_flag diff --git a/plugins/sudoers/regress/sudoers/test26.toke.ok b/plugins/sudoers/regress/sudoers/test26.toke.ok new file mode 100644 index 000000000..9e125fe1e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test26.toke.ok @@ -0,0 +1,128 @@ +# +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) , DEFVAR = WORD(2) , DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR , DEFVAR , DEFVAR +DEFAULTS !DEFVAR , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) , DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) + +# +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) +# +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +# +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +# +# +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR +DEFAULTS DEFVAR = WORD(2) +DEFAULTS !DEFVAR +DEFAULTS !DEFVAR