Add test to exercise RunasSpec without a RunasUser.

2021-02-26 10:05:45 -07:00
parent 2e0ca52b50
commit d160dac355
7 changed files with 191 additions and 0 deletions
--- a/6
+++ b/6
@@ -852,6 +852,12 @@ plugins/sudoers/regress/sudoers/test26.ldif.ok
 plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok
 plugins/sudoers/regress/sudoers/test26.out.ok
 plugins/sudoers/regress/sudoers/test26.toke.ok
+plugins/sudoers/regress/sudoers/test27.in
+plugins/sudoers/regress/sudoers/test27.json.ok
+plugins/sudoers/regress/sudoers/test27.ldif.ok
+plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok
+plugins/sudoers/regress/sudoers/test27.out.ok
+plugins/sudoers/regress/sudoers/test27.toke.ok
 plugins/sudoers/regress/sudoers/test3.in
 plugins/sudoers/regress/sudoers/test3.json.ok
 plugins/sudoers/regress/sudoers/test3.ldif.ok
--- a/plugins/sudoers/regress/sudoers/test27.in
+++ b/plugins/sudoers/regress/sudoers/test27.in
@@ -0,0 +1,10 @@
+# Query the group plugin too (if there is one)
+Defaults always_query_group_plugin
+
+# Test RunasGroup with and without RunasUser
+root ALL = ( root : wheel ) ALL
+millert ALL = ( : wheel ) ALL
+%sudo ALL = ( : wheel ) ALL
+
+# Test RunasUser with %group syntax
+operator ALL = ( %wheel ) ALL
--- a/plugins/sudoers/regress/sudoers/test27.json.ok
+++ b/plugins/sudoers/regress/sudoers/test27.json.ok
@@ -0,0 +1,98 @@
+{
+    "Defaults": [
+        {
+            "Options": [
+                { "always_query_group_plugin": true }
+            ]
+        }
+    ],
+    "User_Specs": [
+        {
+            "User_List": [
+                { "username": "root" }
+            ],
+            "Host_List": [
+                { "hostname": "ALL" }
+            ],
+            "Cmnd_Specs": [
+                {
+                    "runasusers": [
+                        { "username": "root" }
+                    ],
+                    "runasgroups": [
+                        { "usergroup": "wheel" }
+                    ],
+                    "Options": [
+                        { "setenv": true }
+                    ],
+                    "Commands": [
+                        { "command": "ALL" }
+                    ]
+                }
+            ]
+        },
+        {
+            "User_List": [
+                { "username": "millert" }
+            ],
+            "Host_List": [
+                { "hostname": "ALL" }
+            ],
+            "Cmnd_Specs": [
+                {
+                    "runasgroups": [
+                        { "usergroup": "wheel" }
+                    ],
+                    "Options": [
+                        { "setenv": true }
+                    ],
+                    "Commands": [
+                        { "command": "ALL" }
+                    ]
+                }
+            ]
+        },
+        {
+            "User_List": [
+                { "usergroup": "sudo" }
+            ],
+            "Host_List": [
+                { "hostname": "ALL" }
+            ],
+            "Cmnd_Specs": [
+                {
+                    "runasgroups": [
+                        { "usergroup": "wheel" }
+                    ],
+                    "Options": [
+                        { "setenv": true }
+                    ],
+                    "Commands": [
+                        { "command": "ALL" }
+                    ]
+                }
+            ]
+        },
+        {
+            "User_List": [
+                { "username": "operator" }
+            ],
+            "Host_List": [
+                { "hostname": "ALL" }
+            ],
+            "Cmnd_Specs": [
+                {
+                    "runasusers": [
+                        { "usergroup": "wheel" }
+                    ],
+                    "Options": [
+                        { "setenv": true }
+                    ],
+                    "Commands": [
+                        { "command": "ALL" }
+                    ]
+                }
+            ]
+        }
+    ]
+}
--- a/plugins/sudoers/regress/sudoers/test27.ldif.ok
+++ b/plugins/sudoers/regress/sudoers/test27.ldif.ok
@@ -0,0 +1,48 @@
+dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: defaults
+description: Default sudoOption's go here
+sudoOption: always_query_group_plugin
+
+dn: cn=root,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: root
+sudoUser: root
+sudoHost: ALL
+sudoRunAsUser: root
+sudoRunAsGroup: wheel
+sudoCommand: ALL
+sudoOrder: 1
+
+dn: cn=millert,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: millert
+sudoUser: millert
+sudoHost: ALL
+sudoRunAsGroup: wheel
+sudoCommand: ALL
+sudoOrder: 2
+
+dn: cn=%sudo,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: %sudo
+sudoUser: %sudo
+sudoHost: ALL
+sudoRunAsGroup: wheel
+sudoCommand: ALL
+sudoOrder: 3
+
+dn: cn=operator,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: operator
+sudoUser: operator
+sudoHost: ALL
+sudoRunAsUser: %wheel
+sudoCommand: ALL
+sudoOrder: 4
+
--- a/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok
+++ b/plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok
@@ -0,0 +1,11 @@
+# sudoRole root
+root ALL = (root : wheel) ALL
+
+# sudoRole millert
+millert ALL = ( : wheel) ALL
+
+# sudoRole %sudo
+%sudo ALL = ( : wheel) ALL
+
+# sudoRole operator
+operator ALL = (%wheel) ALL
--- a/plugins/sudoers/regress/sudoers/test27.out.ok
+++ b/plugins/sudoers/regress/sudoers/test27.out.ok
@@ -0,0 +1,8 @@
+Parses OK
+
+Defaults always_query_group_plugin
+
+root ALL = (root : wheel) ALL
+millert ALL = ( : wheel) ALL
+%sudo ALL = ( : wheel) ALL
+operator ALL = (%wheel) ALL
--- a/plugins/sudoers/regress/sudoers/test27.toke.ok
+++ b/plugins/sudoers/regress/sudoers/test27.toke.ok
@@ -0,0 +1,10 @@
+#
+DEFAULTS DEFVAR 
+
+#
+WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL 
+WORD(6) ALL = ( : WORD(6) ) ALL 
+USERGROUP ALL = ( : WORD(6) ) ALL 
+
+#
+WORD(6) ALL = ( USERGROUP ) ALL