Skip to content

Commit

Permalink
Add test for parsing SELinux, AppArmor and Solaris privileges.
Browse files Browse the repository at this point in the history
  • Loading branch information
@millert
millert committed May 2, 2024
1 parent 389c855 commit 2e6c90c
Show file tree
Hide file tree
Showing 6 changed files with 123 additions and 0 deletions.
7 changes: 7 additions & 0 deletions plugins/sudoers/regress/sudoers/test31.in
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Test parsing of SELinux, AppArmor and Solaris privilege parsing.

user1 ALL = ROLE=foo_r TYPE=bar_t ALL

user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump

user3 ALL = PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" LIMITPRIVS=default ALL
62 changes: 62 additions & 0 deletions plugins/sudoers/regress/sudoers/test31.json.ok
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"User_Specs": [
{
"User_List": [
{ "username": "user1" }
],
"Host_List": [
{ "hostname": "ALL" }
],
"Cmnd_Specs": [
{
"Options": [
{ "setenv": true },
{ "role": "foo_r" },
{ "type": "bar_t" }
],
"Commands": [
{ "command": "ALL" }
]
}
]
},
{
"User_List": [
{ "username": "user2" }
],
"Host_List": [
{ "hostname": "ALL" }
],
"Cmnd_Specs": [
{
"Options": [
{ "apparmor_profile": "usr.bin.tcpdump" }
],
"Commands": [
{ "command": "/usr/bin/tcpdump" }
]
}
]
},
{
"User_List": [
{ "username": "user3" }
],
"Host_List": [
{ "hostname": "ALL" }
],
"Cmnd_Specs": [
{
"Options": [
{ "setenv": true },
{ "privs": "file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" },
{ "limitprivs": "default" }
],
"Commands": [
{ "command": "ALL" }
]
}
]
}
]
}
32 changes: 32 additions & 0 deletions plugins/sudoers/regress/sudoers/test31.ldif.ok
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws
objectClass: top
objectClass: sudoRole
cn: user1
sudoUser: user1
sudoHost: ALL
sudoOption: role=foo_r
sudoOption: type=bar_t
sudoCommand: ALL
sudoOrder: 1

dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws
objectClass: top
objectClass: sudoRole
cn: user2
sudoUser: user2
sudoHost: ALL
sudoOption: apparmor_profile=usr.bin.tcpdump
sudoCommand: /usr/bin/tcpdump
sudoOrder: 2

dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws
objectClass: top
objectClass: sudoRole
cn: user3
sudoUser: user3
sudoHost: ALL
sudoOption: privs=file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session
sudoOption: limitprivs=default
sudoCommand: ALL
sudoOrder: 3

10 changes: 10 additions & 0 deletions plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# sudoRole user1
user1 ALL = ROLE=foo_r TYPE=bar_t ALL

# sudoRole user2
user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump

# sudoRole user3
user3 ALL =\
PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session"\
LIMITPRIVS="default" ALL
5 changes: 5 additions & 0 deletions plugins/sudoers/regress/sudoers/test31.out.ok
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Parses OK

user1 ALL = ROLE=foo_r TYPE=bar_t ALL
user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump
user3 ALL = PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" LIMITPRIVS="default" ALL
7 changes: 7 additions & 0 deletions plugins/sudoers/regress/sudoers/test31.toke.ok
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#

WORD(6) ALL = ROLE = WORD(6) TYPE = WORD(6) ALL

WORD(6) ALL = APPARMOR_PROFILE = WORD(6) COMMAND

WORD(6) ALL = PRIVS = BEGINSTR STRBODY ENDSTR WORD(4) LIMITPRIVS = WORD(6) ALL

0 comments on commit 2e6c90c

Please sign in to comment.