Skip to content

Commit bd114a6

Browse files
millertmillert
committed
Add test for last match in runas user/group lists.
1 parent 9118115 commit bd114a6

3 files changed

Lines changed: 203 additions & 0 deletions

File tree

MANIFEST

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1129,6 +1129,8 @@ plugins/sudoers/regress/testsudoers/test31.out.ok
11291129
plugins/sudoers/regress/testsudoers/test31.sh
11301130
plugins/sudoers/regress/testsudoers/test32.out.ok
11311131
plugins/sudoers/regress/testsudoers/test32.sh
1132+
plugins/sudoers/regress/testsudoers/test33.out.ok
1133+
plugins/sudoers/regress/testsudoers/test33.sh
11321134
plugins/sudoers/regress/testsudoers/test4.out.ok
11331135
plugins/sudoers/regress/testsudoers/test4.sh
11341136
plugins/sudoers/regress/testsudoers/test5.out.ok

plugins/sudoers/regress/testsudoers/test33.out.ok

Lines changed: 132 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,132 @@
1+
Parses OK
2+
3+
Entries for user admin:
4+
5+
ALL = (ALL, !root) /bin/ls
6+
host allowed
7+
runas denied
8+
9+
Password required
10+
11+
Command unmatched
12+
Parses OK
13+
14+
Entries for user admin:
15+
16+
ALL = (ALL, !root, operator) /bin/ls
17+
host allowed
18+
runas denied
19+
20+
Password required
21+
22+
Command unmatched
23+
Parses OK
24+
25+
Entries for user admin:
26+
27+
ALL = (ALL, operator, !root) /bin/ls
28+
host allowed
29+
runas denied
30+
31+
Password required
32+
33+
Command unmatched
34+
Parses OK
35+
36+
Entries for user admin:
37+
38+
ALL = (root, !root) /bin/ls
39+
host allowed
40+
runas denied
41+
42+
Password required
43+
44+
Command unmatched
45+
Parses OK
46+
47+
Entries for user admin:
48+
49+
ALL = (root, !root, operator) /bin/ls
50+
host allowed
51+
runas denied
52+
53+
Password required
54+
55+
Command unmatched
56+
Parses OK
57+
58+
Entries for user admin:
59+
60+
ALL = (root, operator, !root) /bin/ls
61+
host allowed
62+
runas denied
63+
64+
Password required
65+
66+
Command unmatched
67+
Parses OK
68+
69+
Entries for user admin:
70+
71+
ALL = (admin : ALL, !wheel) /bin/ls
72+
host allowed
73+
runas denied
74+
75+
Password required
76+
77+
Command unmatched
78+
Parses OK
79+
80+
Entries for user admin:
81+
82+
ALL = (admin : ALL, !wheel, operator) /bin/ls
83+
host allowed
84+
runas denied
85+
86+
Password required
87+
88+
Command unmatched
89+
Parses OK
90+
91+
Entries for user admin:
92+
93+
ALL = (admin : ALL, operator, !wheel) /bin/ls
94+
host allowed
95+
runas denied
96+
97+
Password required
98+
99+
Command unmatched
100+
Parses OK
101+
102+
Entries for user admin:
103+
104+
ALL = (admin : wheel, !wheel) /bin/ls
105+
host allowed
106+
runas denied
107+
108+
Password required
109+
110+
Command unmatched
111+
Parses OK
112+
113+
Entries for user admin:
114+
115+
ALL = (admin : wheel, operator, !wheel) /bin/ls
116+
host allowed
117+
runas denied
118+
119+
Password required
120+
121+
Command unmatched
122+
Parses OK
123+
124+
Entries for user admin:
125+
126+
ALL = (admin : wheel, !wheel, operator) /bin/ls
127+
host allowed
128+
runas denied
129+
130+
Password required
131+
132+
Command unmatched

plugins/sudoers/regress/testsudoers/test33.sh

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
#!/bin/sh
2+
#
3+
# Verify that a last match wins in a Runas_List.
4+
# A negated user or group at the end takes precedence.
5+
#
6+
7+
: ${TESTSUDOERS=testsudoers}
8+
9+
exec 2>&1
10+
11+
$TESTSUDOERS -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
12+
admin /bin/ls <<'EOF'
13+
admin ALL = (ALL, !root) /bin/ls
14+
EOF
15+
16+
$TESTSUDOERS -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
17+
admin /bin/ls <<'EOF'
18+
admin ALL = (ALL, !root, operator) /bin/ls
19+
EOF
20+
21+
$TESTSUDOERS -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
22+
admin /bin/ls <<'EOF'
23+
admin ALL = (ALL, operator, !root) /bin/ls
24+
EOF
25+
26+
$TESTSUDOERS -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
27+
admin /bin/ls <<'EOF'
28+
admin ALL = (root, !root) /bin/ls
29+
EOF
30+
31+
$TESTSUDOERS -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
32+
admin /bin/ls <<'EOF'
33+
admin ALL = (root, !root, operator) /bin/ls
34+
EOF
35+
36+
$TESTSUDOERS -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
37+
admin /bin/ls <<'EOF'
38+
admin ALL = (root, operator, !root) /bin/ls
39+
EOF
40+
41+
$TESTSUDOERS -u admin -g wheel -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
42+
admin /bin/ls <<'EOF'
43+
admin ALL = (:ALL, !wheel) /bin/ls
44+
EOF
45+
46+
$TESTSUDOERS -u admin -g wheel -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
47+
admin /bin/ls <<'EOF'
48+
admin ALL = (:ALL, !wheel, operator) /bin/ls
49+
EOF
50+
51+
$TESTSUDOERS -u admin -g wheel -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
52+
admin /bin/ls <<'EOF'
53+
admin ALL = (:ALL, operator, !wheel) /bin/ls
54+
EOF
55+
56+
$TESTSUDOERS -u admin -g wheel -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
57+
admin /bin/ls <<'EOF'
58+
admin ALL = (:wheel, !wheel) /bin/ls
59+
EOF
60+
61+
$TESTSUDOERS -u admin -g wheel -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
62+
admin /bin/ls <<'EOF'
63+
admin ALL = (:wheel, operator, !wheel) /bin/ls
64+
EOF
65+
66+
$TESTSUDOERS -u admin -g wheel -p ${TESTDIR}/passwd -P ${TESTDIR}/group \
67+
admin /bin/ls <<'EOF'
68+
admin ALL = (:wheel, !wheel, operator) /bin/ls
69+
EOF

0 commit comments

Comments
 (0)