testsudoers: display when a password is required

2023-07-26 11:14:45 -06:00
parent 75256516bd
commit d62d704e55
26 changed files with 109 additions and 0 deletions
--- a/plugins/sudoers/regress/testsudoers/test1.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test1.out.ok
@@ -6,4 +6,6 @@ ALL = ALL
 	host  allowed
 	runas unmatched
 Password required
 Command unmatched
--- a/plugins/sudoers/regress/testsudoers/test10.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test10.out.ok
@@ -9,6 +9,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing @include of a double-quoted path with white space
@@ -22,6 +24,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing #include of a path with escaped white space
@@ -35,6 +39,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing #include of a double-quoted path with white space
@@ -48,4 +54,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test11.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test11.out.ok
@@ -7,6 +7,8 @@ testsudoers: unable to open sudoers.local: No such file or directory
 Entries for user root:
 Password required
 Parse error
 Testing #include with garbage after the path name
@@ -18,4 +20,6 @@ testsudoers: unable to open sudoers.local: No such file or directory
 Entries for user root:
 Password required
 Parse error
--- a/plugins/sudoers/regress/testsudoers/test15.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test15.out.ok
@@ -14,4 +14,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test16.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test16.out.ok
@@ -7,4 +7,6 @@ ALL = (ALL) ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test17.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test17.out.ok
@@ -7,4 +7,6 @@ ALL = (ALL) sha224:fIoq2MAfM/PZKTbkn9RE4VZ8YHjwnwTgE28Hxw== ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test18.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test18.out.ok
@@ -7,6 +7,8 @@ ALL = ^/bin/ls$ ^-[lAt]$
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -17,6 +19,8 @@ ALL = ^/bin/cat$ /var/log/*
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -27,6 +31,8 @@ ALL = /bin/cat ^/var/log/[^/]+$
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -37,6 +43,8 @@ ALL = /bin/*at ^/var/log/[^/]+$
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -47,6 +55,8 @@ ALL = /usr/bin/grep \^foo$
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -57,4 +67,6 @@ ALL = sudoedit ^/etc/(motd|issue|hosts)$
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test19.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test19.out.ok
@@ -7,6 +7,8 @@ ALL = /bin/ls ""
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -17,4 +19,6 @@ ALL = /bin/ls ""
 	runas allowed
 	cmnd  unmatched
 Password required
 Command unmatched
--- a/plugins/sudoers/regress/testsudoers/test2.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test2.out.ok
@@ -9,6 +9,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing #include
@@ -22,4 +24,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test20.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test20.out.ok
@@ -7,4 +7,6 @@ ALL = CHROOT=/ /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test21.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test21.out.ok
@@ -7,4 +7,6 @@ ALL = (USERALIAS : GROUPALIAS) /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test22.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test22.out.ok
@@ -6,4 +6,6 @@ ALL = /bin/ls
 	host  allowed
 	runas unmatched
 Password required
 Command unmatched
--- a/plugins/sudoers/regress/testsudoers/test23.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test23.out.ok
@@ -6,4 +6,6 @@ ALL = (root) /bin/ls
 	host  allowed
 	runas unmatched
 Password required
 Command unmatched
--- a/plugins/sudoers/regress/testsudoers/test24.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test24.out.ok
@@ -8,6 +8,8 @@ ALL = NOTBEFORE=20170214083000Z /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -17,6 +19,8 @@ ALL = NOTBEFORE=20170214083001Z /bin/ls
 	host  allowed
 	date  denied
 Password required
 Command unmatched
 Parses OK
@@ -28,6 +32,8 @@ ALL = NOTAFTER=20170214083000Z /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Parses OK
@@ -37,4 +43,6 @@ ALL = NOTAFTER=20170214083000Z /bin/ls
 	host  allowed
 	date  denied
 Password required
 Command unmatched
--- a/plugins/sudoers/regress/testsudoers/test25.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test25.out.ok
@@ -10,6 +10,8 @@ ALL = /bin/ls
 User root is not allowed to change directory to /
 Password required
 Command denied
 User cannot override the sudoers cwd:
@@ -24,6 +26,8 @@ ALL = CWD=/some/where/else /bin/ls
 User root is not allowed to change directory to /
 Password required
 Command denied
 User can set cwd if sudoers rule sets cwd to '*':
@@ -36,6 +40,8 @@ ALL = CWD=* /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 User can set cwd runcwd Defaults is '*':
@@ -48,4 +54,6 @@ ALL = /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test26.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test26.out.ok
@@ -10,6 +10,8 @@ ALL = /bin/ls
 User root is not allowed to change root directory to /
 Password required
 Command denied
 User cannot override the sudoers chroot:
@@ -22,6 +24,8 @@ ALL = CHROOT=/some/where/else /bin/ls
 	runas allowed
 	cmnd  unmatched
 Password required
 Command unmatched
 User can chroot if sudoers rule sets chroot to '*':
@@ -34,6 +38,8 @@ ALL = CHROOT=* /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 User can chroot if runchroot Defaults is '*':
@@ -46,4 +52,6 @@ ALL = /bin/ls
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test27.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test27.out.ok
@@ -9,4 +9,6 @@ ALL = (ALL) /bin/ls
 Invalid shell for user fakeshell: /shell/does/not/exist
 Password required
 Command denied
--- a/plugins/sudoers/regress/testsudoers/test28.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test28.out.ok
@@ -12,6 +12,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 This should match the 'ALL=ALL' rule.
@@ -24,6 +26,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 This should match the 'ALL=(:staff) NOPASSWD: ALL' rule.
@@ -99,6 +103,8 @@ ALL = (admin : staff) NOPASSWD: ALL
 	host  allowed
 	runas unmatched
 Password required
 Command unmatched
 This should not match any rules.
@@ -114,4 +120,6 @@ ALL = (admin : users) NOPASSWD: ALL
 	host  allowed
 	runas unmatched
 Password required
 Command unmatched
--- a/plugins/sudoers/regress/testsudoers/test3.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test3.out.ok
@@ -9,6 +9,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing @includedir of a double-quoted path
@@ -22,6 +24,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing #includedir of an unquoted path
@@ -35,6 +39,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing #includedir of a double-quoted path
@@ -48,4 +54,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test4.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test4.out.ok
@@ -2,4 +2,6 @@ testsudoers: test2.inc should be owned by uid 1
 Entries for user root:
 Password required
 Parse error
--- a/plugins/sudoers/regress/testsudoers/test5.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test5.out.ok
@@ -2,9 +2,13 @@ testsudoers: test5.inc is world writable
 Entries for user root:
 Password required
 Parse error
 testsudoers: test5.inc should be owned by gid 4294967294
 Entries for user root:
 Password required
 Parse error
--- a/plugins/sudoers/regress/testsudoers/test6.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test6.out.ok
@@ -7,4 +7,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test7.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test7.out.ok
@@ -7,4 +7,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test8.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test8.out.ok
@@ -9,6 +9,8 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
 Testing #include without a newline
@@ -22,4 +24,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/regress/testsudoers/test9.out.ok
+++ b/plugins/sudoers/regress/testsudoers/test9.out.ok
@@ -7,4 +7,6 @@ ALL = ALL
 	runas allowed
 	cmnd  allowed
 Password required
 Command allowed
--- a/plugins/sudoers/testsudoers.c
+++ b/plugins/sudoers/testsudoers.c
@@ -409,6 +409,9 @@ main(int argc, char *argv[])
 	    SET(validated, VALIDATE_FAILURE);
 	}
    }
    if (def_authenticate) {
 	puts(U_("\nPassword required"));
    }
    /*
     * Exit codes: