diff --git a/MANIFEST b/MANIFEST index 975c963ae..66663d779 100644 --- a/MANIFEST +++ b/MANIFEST @@ -852,6 +852,12 @@ plugins/sudoers/regress/sudoers/test26.ldif.ok plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok plugins/sudoers/regress/sudoers/test26.out.ok plugins/sudoers/regress/sudoers/test26.toke.ok +plugins/sudoers/regress/sudoers/test27.in +plugins/sudoers/regress/sudoers/test27.json.ok +plugins/sudoers/regress/sudoers/test27.ldif.ok +plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok +plugins/sudoers/regress/sudoers/test27.out.ok +plugins/sudoers/regress/sudoers/test27.toke.ok plugins/sudoers/regress/sudoers/test3.in plugins/sudoers/regress/sudoers/test3.json.ok plugins/sudoers/regress/sudoers/test3.ldif.ok diff --git a/plugins/sudoers/regress/sudoers/test27.in b/plugins/sudoers/regress/sudoers/test27.in new file mode 100644 index 000000000..67d337a28 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.in @@ -0,0 +1,10 @@ +# Query the group plugin too (if there is one) +Defaults always_query_group_plugin + +# Test RunasGroup with and without RunasUser +root ALL = ( root : wheel ) ALL +millert ALL = ( : wheel ) ALL +%sudo ALL = ( : wheel ) ALL + +# Test RunasUser with %group syntax +operator ALL = ( %wheel ) ALL diff --git a/plugins/sudoers/regress/sudoers/test27.json.ok b/plugins/sudoers/regress/sudoers/test27.json.ok new file mode 100644 index 000000000..16184e0f9 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.json.ok @@ -0,0 +1,98 @@ +{ + "Defaults": [ + { + "Options": [ + { "always_query_group_plugin": true } + ] + } + ], + "User_Specs": [ + { + "User_List": [ + { "username": "root" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "username": "root" } + ], + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "millert" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "usergroup": "sudo" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasgroups": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "operator" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "runasusers": [ + { "usergroup": "wheel" } + ], + "Options": [ + { "setenv": true } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test27.ldif.ok b/plugins/sudoers/regress/sudoers/test27.ldif.ok new file mode 100644 index 000000000..5e44760a7 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.ldif.ok @@ -0,0 +1,48 @@ +dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: defaults +description: Default sudoOption's go here +sudoOption: always_query_group_plugin + +dn: cn=root,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: root +sudoUser: root +sudoHost: ALL +sudoRunAsUser: root +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=millert,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: millert +sudoUser: millert +sudoHost: ALL +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 2 + +dn: cn=%sudo,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: %sudo +sudoUser: %sudo +sudoHost: ALL +sudoRunAsGroup: wheel +sudoCommand: ALL +sudoOrder: 3 + +dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: operator +sudoUser: operator +sudoHost: ALL +sudoRunAsUser: %wheel +sudoCommand: ALL +sudoOrder: 4 + diff --git a/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok new file mode 100644 index 000000000..cae136a5b --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok @@ -0,0 +1,11 @@ +# sudoRole root +root ALL = (root : wheel) ALL + +# sudoRole millert +millert ALL = ( : wheel) ALL + +# sudoRole %sudo +%sudo ALL = ( : wheel) ALL + +# sudoRole operator +operator ALL = (%wheel) ALL diff --git a/plugins/sudoers/regress/sudoers/test27.out.ok b/plugins/sudoers/regress/sudoers/test27.out.ok new file mode 100644 index 000000000..6ae12b393 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.out.ok @@ -0,0 +1,8 @@ +Parses OK + +Defaults always_query_group_plugin + +root ALL = (root : wheel) ALL +millert ALL = ( : wheel) ALL +%sudo ALL = ( : wheel) ALL +operator ALL = (%wheel) ALL diff --git a/plugins/sudoers/regress/sudoers/test27.toke.ok b/plugins/sudoers/regress/sudoers/test27.toke.ok new file mode 100644 index 000000000..00109cdf4 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test27.toke.ok @@ -0,0 +1,10 @@ +# +DEFAULTS DEFVAR + +# +WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL +WORD(6) ALL = ( : WORD(6) ) ALL +USERGROUP ALL = ( : WORD(6) ) ALL + +# +WORD(6) ALL = ( USERGROUP ) ALL