diff --git a/plugins/sudoers/regress/sudoers/test31.in b/plugins/sudoers/regress/sudoers/test31.in new file mode 100644 index 0000000000..bdddea6e0c --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test31.in @@ -0,0 +1,7 @@ +# Test parsing of SELinux, AppArmor and Solaris privilege parsing. + +user1 ALL = ROLE=foo_r TYPE=bar_t ALL + +user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump + +user3 ALL = PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" LIMITPRIVS=default ALL diff --git a/plugins/sudoers/regress/sudoers/test31.json.ok b/plugins/sudoers/regress/sudoers/test31.json.ok new file mode 100644 index 0000000000..dd8a907ccb --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test31.json.ok @@ -0,0 +1,62 @@ +{ + "User_Specs": [ + { + "User_List": [ + { "username": "user1" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true }, + { "role": "foo_r" }, + { "type": "bar_t" } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user2" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "apparmor_profile": "usr.bin.tcpdump" } + ], + "Commands": [ + { "command": "/usr/bin/tcpdump" } + ] + } + ] + }, + { + "User_List": [ + { "username": "user3" } + ], + "Host_List": [ + { "hostname": "ALL" } + ], + "Cmnd_Specs": [ + { + "Options": [ + { "setenv": true }, + { "privs": "file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" }, + { "limitprivs": "default" } + ], + "Commands": [ + { "command": "ALL" } + ] + } + ] + } + ] +} diff --git a/plugins/sudoers/regress/sudoers/test31.ldif.ok b/plugins/sudoers/regress/sudoers/test31.ldif.ok new file mode 100644 index 0000000000..ed536f487e --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test31.ldif.ok @@ -0,0 +1,32 @@ +dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user1 +sudoUser: user1 +sudoHost: ALL +sudoOption: role=foo_r +sudoOption: type=bar_t +sudoCommand: ALL +sudoOrder: 1 + +dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user2 +sudoUser: user2 +sudoHost: ALL +sudoOption: apparmor_profile=usr.bin.tcpdump +sudoCommand: /usr/bin/tcpdump +sudoOrder: 2 + +dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws +objectClass: top +objectClass: sudoRole +cn: user3 +sudoUser: user3 +sudoHost: ALL +sudoOption: privs=file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session +sudoOption: limitprivs=default +sudoCommand: ALL +sudoOrder: 3 + diff --git a/plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok b/plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok new file mode 100644 index 0000000000..cd4c9db744 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok @@ -0,0 +1,10 @@ +# sudoRole user1 +user1 ALL = ROLE=foo_r TYPE=bar_t ALL + +# sudoRole user2 +user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump + +# sudoRole user3 +user3 ALL =\ + PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session"\ + LIMITPRIVS="default" ALL diff --git a/plugins/sudoers/regress/sudoers/test31.out.ok b/plugins/sudoers/regress/sudoers/test31.out.ok new file mode 100644 index 0000000000..320a7b742d --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test31.out.ok @@ -0,0 +1,5 @@ +Parses OK + +user1 ALL = ROLE=foo_r TYPE=bar_t ALL +user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump +user3 ALL = PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" LIMITPRIVS="default" ALL diff --git a/plugins/sudoers/regress/sudoers/test31.toke.ok b/plugins/sudoers/regress/sudoers/test31.toke.ok new file mode 100644 index 0000000000..825c0ac579 --- /dev/null +++ b/plugins/sudoers/regress/sudoers/test31.toke.ok @@ -0,0 +1,7 @@ +# + +WORD(6) ALL = ROLE = WORD(6) TYPE = WORD(6) ALL + +WORD(6) ALL = APPARMOR_PROFILE = WORD(6) COMMAND + +WORD(6) ALL = PRIVS = BEGINSTR STRBODY ENDSTR WORD(4) LIMITPRIVS = WORD(6) ALL