diff --git a/plugins/sudoers/regress/testsudoers/test1.out.ok b/plugins/sudoers/regress/testsudoers/test1.out.ok index ba0677e50..06c27c4df 100644 --- a/plugins/sudoers/regress/testsudoers/test1.out.ok +++ b/plugins/sudoers/regress/testsudoers/test1.out.ok @@ -6,4 +6,6 @@ ALL = ALL host allowed runas unmatched +Password required + Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test10.out.ok b/plugins/sudoers/regress/testsudoers/test10.out.ok index 52f462364..94e912ea7 100644 --- a/plugins/sudoers/regress/testsudoers/test10.out.ok +++ b/plugins/sudoers/regress/testsudoers/test10.out.ok @@ -9,6 +9,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing @include of a double-quoted path with white space @@ -22,6 +24,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing #include of a path with escaped white space @@ -35,6 +39,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing #include of a double-quoted path with white space @@ -48,4 +54,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test11.out.ok b/plugins/sudoers/regress/testsudoers/test11.out.ok index daac07657..ee9854073 100644 --- a/plugins/sudoers/regress/testsudoers/test11.out.ok +++ b/plugins/sudoers/regress/testsudoers/test11.out.ok @@ -7,6 +7,8 @@ testsudoers: unable to open sudoers.local: No such file or directory Entries for user root: +Password required + Parse error Testing #include with garbage after the path name @@ -18,4 +20,6 @@ testsudoers: unable to open sudoers.local: No such file or directory Entries for user root: +Password required + Parse error diff --git a/plugins/sudoers/regress/testsudoers/test15.out.ok b/plugins/sudoers/regress/testsudoers/test15.out.ok index cbcf986a0..cc4361da9 100644 --- a/plugins/sudoers/regress/testsudoers/test15.out.ok +++ b/plugins/sudoers/regress/testsudoers/test15.out.ok @@ -14,4 +14,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test16.out.ok b/plugins/sudoers/regress/testsudoers/test16.out.ok index 64c00f32f..3c4e7fa39 100644 --- a/plugins/sudoers/regress/testsudoers/test16.out.ok +++ b/plugins/sudoers/regress/testsudoers/test16.out.ok @@ -7,4 +7,6 @@ ALL = (ALL) ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test17.out.ok b/plugins/sudoers/regress/testsudoers/test17.out.ok index 8a7efe623..56c471564 100644 --- a/plugins/sudoers/regress/testsudoers/test17.out.ok +++ b/plugins/sudoers/regress/testsudoers/test17.out.ok @@ -7,4 +7,6 @@ ALL = (ALL) sha224:fIoq2MAfM/PZKTbkn9RE4VZ8YHjwnwTgE28Hxw== ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test18.out.ok b/plugins/sudoers/regress/testsudoers/test18.out.ok index 1f7c36a11..c497a7acc 100644 --- a/plugins/sudoers/regress/testsudoers/test18.out.ok +++ b/plugins/sudoers/regress/testsudoers/test18.out.ok @@ -7,6 +7,8 @@ ALL = ^/bin/ls$ ^-[lAt]$ runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -17,6 +19,8 @@ ALL = ^/bin/cat$ /var/log/* runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -27,6 +31,8 @@ ALL = /bin/cat ^/var/log/[^/]+$ runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -37,6 +43,8 @@ ALL = /bin/*at ^/var/log/[^/]+$ runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -47,6 +55,8 @@ ALL = /usr/bin/grep \^foo$ runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -57,4 +67,6 @@ ALL = sudoedit ^/etc/(motd|issue|hosts)$ runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test19.out.ok b/plugins/sudoers/regress/testsudoers/test19.out.ok index a2097fb2c..db2142d9b 100644 --- a/plugins/sudoers/regress/testsudoers/test19.out.ok +++ b/plugins/sudoers/regress/testsudoers/test19.out.ok @@ -7,6 +7,8 @@ ALL = /bin/ls "" runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -17,4 +19,6 @@ ALL = /bin/ls "" runas allowed cmnd unmatched +Password required + Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test2.out.ok b/plugins/sudoers/regress/testsudoers/test2.out.ok index 5d2197c5c..a017d8a48 100644 --- a/plugins/sudoers/regress/testsudoers/test2.out.ok +++ b/plugins/sudoers/regress/testsudoers/test2.out.ok @@ -9,6 +9,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing #include @@ -22,4 +24,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test20.out.ok b/plugins/sudoers/regress/testsudoers/test20.out.ok index a4d7dd017..6a8e451d7 100644 --- a/plugins/sudoers/regress/testsudoers/test20.out.ok +++ b/plugins/sudoers/regress/testsudoers/test20.out.ok @@ -7,4 +7,6 @@ ALL = CHROOT=/ /bin/ls runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test21.out.ok b/plugins/sudoers/regress/testsudoers/test21.out.ok index e256d45e9..391b668c5 100644 --- a/plugins/sudoers/regress/testsudoers/test21.out.ok +++ b/plugins/sudoers/regress/testsudoers/test21.out.ok @@ -7,4 +7,6 @@ ALL = (USERALIAS : GROUPALIAS) /bin/ls runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test22.out.ok b/plugins/sudoers/regress/testsudoers/test22.out.ok index 96f664fd0..54f273f37 100644 --- a/plugins/sudoers/regress/testsudoers/test22.out.ok +++ b/plugins/sudoers/regress/testsudoers/test22.out.ok @@ -6,4 +6,6 @@ ALL = /bin/ls host allowed runas unmatched +Password required + Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test23.out.ok b/plugins/sudoers/regress/testsudoers/test23.out.ok index 746944317..2e99ac8fe 100644 --- a/plugins/sudoers/regress/testsudoers/test23.out.ok +++ b/plugins/sudoers/regress/testsudoers/test23.out.ok @@ -6,4 +6,6 @@ ALL = (root) /bin/ls host allowed runas unmatched +Password required + Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test24.out.ok b/plugins/sudoers/regress/testsudoers/test24.out.ok index dbb0c8901..0a38de3d4 100644 --- a/plugins/sudoers/regress/testsudoers/test24.out.ok +++ b/plugins/sudoers/regress/testsudoers/test24.out.ok @@ -8,6 +8,8 @@ ALL = NOTBEFORE=20170214083000Z /bin/ls runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -17,6 +19,8 @@ ALL = NOTBEFORE=20170214083001Z /bin/ls host allowed date denied +Password required + Command unmatched Parses OK @@ -28,6 +32,8 @@ ALL = NOTAFTER=20170214083000Z /bin/ls runas allowed cmnd allowed +Password required + Command allowed Parses OK @@ -37,4 +43,6 @@ ALL = NOTAFTER=20170214083000Z /bin/ls host allowed date denied +Password required + Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test25.out.ok b/plugins/sudoers/regress/testsudoers/test25.out.ok index a1a44a9b6..d23bdb2f4 100644 --- a/plugins/sudoers/regress/testsudoers/test25.out.ok +++ b/plugins/sudoers/regress/testsudoers/test25.out.ok @@ -10,6 +10,8 @@ ALL = /bin/ls User root is not allowed to change directory to / +Password required + Command denied User cannot override the sudoers cwd: @@ -24,6 +26,8 @@ ALL = CWD=/some/where/else /bin/ls User root is not allowed to change directory to / +Password required + Command denied User can set cwd if sudoers rule sets cwd to '*': @@ -36,6 +40,8 @@ ALL = CWD=* /bin/ls runas allowed cmnd allowed +Password required + Command allowed User can set cwd runcwd Defaults is '*': @@ -48,4 +54,6 @@ ALL = /bin/ls runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test26.out.ok b/plugins/sudoers/regress/testsudoers/test26.out.ok index 67f4d4994..281817cce 100644 --- a/plugins/sudoers/regress/testsudoers/test26.out.ok +++ b/plugins/sudoers/regress/testsudoers/test26.out.ok @@ -10,6 +10,8 @@ ALL = /bin/ls User root is not allowed to change root directory to / +Password required + Command denied User cannot override the sudoers chroot: @@ -22,6 +24,8 @@ ALL = CHROOT=/some/where/else /bin/ls runas allowed cmnd unmatched +Password required + Command unmatched User can chroot if sudoers rule sets chroot to '*': @@ -34,6 +38,8 @@ ALL = CHROOT=* /bin/ls runas allowed cmnd allowed +Password required + Command allowed User can chroot if runchroot Defaults is '*': @@ -46,4 +52,6 @@ ALL = /bin/ls runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test27.out.ok b/plugins/sudoers/regress/testsudoers/test27.out.ok index 23e70a858..73c06b7ab 100644 --- a/plugins/sudoers/regress/testsudoers/test27.out.ok +++ b/plugins/sudoers/regress/testsudoers/test27.out.ok @@ -9,4 +9,6 @@ ALL = (ALL) /bin/ls Invalid shell for user fakeshell: /shell/does/not/exist +Password required + Command denied diff --git a/plugins/sudoers/regress/testsudoers/test28.out.ok b/plugins/sudoers/regress/testsudoers/test28.out.ok index e45fa8ab7..188d8de69 100644 --- a/plugins/sudoers/regress/testsudoers/test28.out.ok +++ b/plugins/sudoers/regress/testsudoers/test28.out.ok @@ -12,6 +12,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed This should match the 'ALL=ALL' rule. @@ -24,6 +26,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed This should match the 'ALL=(:staff) NOPASSWD: ALL' rule. @@ -99,6 +103,8 @@ ALL = (admin : staff) NOPASSWD: ALL host allowed runas unmatched +Password required + Command unmatched This should not match any rules. @@ -114,4 +120,6 @@ ALL = (admin : users) NOPASSWD: ALL host allowed runas unmatched +Password required + Command unmatched diff --git a/plugins/sudoers/regress/testsudoers/test3.out.ok b/plugins/sudoers/regress/testsudoers/test3.out.ok index b5f3b8c0c..fc61e3d09 100644 --- a/plugins/sudoers/regress/testsudoers/test3.out.ok +++ b/plugins/sudoers/regress/testsudoers/test3.out.ok @@ -9,6 +9,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing @includedir of a double-quoted path @@ -22,6 +24,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing #includedir of an unquoted path @@ -35,6 +39,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing #includedir of a double-quoted path @@ -48,4 +54,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test4.out.ok b/plugins/sudoers/regress/testsudoers/test4.out.ok index 474368deb..4987d8b06 100644 --- a/plugins/sudoers/regress/testsudoers/test4.out.ok +++ b/plugins/sudoers/regress/testsudoers/test4.out.ok @@ -2,4 +2,6 @@ testsudoers: test2.inc should be owned by uid 1 Entries for user root: +Password required + Parse error diff --git a/plugins/sudoers/regress/testsudoers/test5.out.ok b/plugins/sudoers/regress/testsudoers/test5.out.ok index 29594552b..3bd1747e4 100644 --- a/plugins/sudoers/regress/testsudoers/test5.out.ok +++ b/plugins/sudoers/regress/testsudoers/test5.out.ok @@ -2,9 +2,13 @@ testsudoers: test5.inc is world writable Entries for user root: +Password required + Parse error testsudoers: test5.inc should be owned by gid 4294967294 Entries for user root: +Password required + Parse error diff --git a/plugins/sudoers/regress/testsudoers/test6.out.ok b/plugins/sudoers/regress/testsudoers/test6.out.ok index f7983e27a..71eb49cb9 100644 --- a/plugins/sudoers/regress/testsudoers/test6.out.ok +++ b/plugins/sudoers/regress/testsudoers/test6.out.ok @@ -7,4 +7,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test7.out.ok b/plugins/sudoers/regress/testsudoers/test7.out.ok index f7983e27a..71eb49cb9 100644 --- a/plugins/sudoers/regress/testsudoers/test7.out.ok +++ b/plugins/sudoers/regress/testsudoers/test7.out.ok @@ -7,4 +7,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test8.out.ok b/plugins/sudoers/regress/testsudoers/test8.out.ok index 7607286a1..51fa7cf26 100644 --- a/plugins/sudoers/regress/testsudoers/test8.out.ok +++ b/plugins/sudoers/regress/testsudoers/test8.out.ok @@ -9,6 +9,8 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed Testing #include without a newline @@ -22,4 +24,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/regress/testsudoers/test9.out.ok b/plugins/sudoers/regress/testsudoers/test9.out.ok index f7983e27a..71eb49cb9 100644 --- a/plugins/sudoers/regress/testsudoers/test9.out.ok +++ b/plugins/sudoers/regress/testsudoers/test9.out.ok @@ -7,4 +7,6 @@ ALL = ALL runas allowed cmnd allowed +Password required + Command allowed diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index 732a622dc..6220867b9 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -409,6 +409,9 @@ main(int argc, char *argv[]) SET(validated, VALIDATE_FAILURE); } } + if (def_authenticate) { + puts(U_("\nPassword required")); + } /* * Exit codes: