├── .circleci └── config.yml ├── .clang-format ├── .github ├── FUNDING.yml └── workflows │ ├── codeql-analysis.yml │ └── main.yml ├── .gitignore ├── .hgignore ├── .hgtags ├── INSTALL.configure ├── INSTALL.md ├── LICENSE.md ├── MANIFEST ├── Makefile.in ├── NEWS ├── README.LDAP.md ├── README.md ├── aclocal.m4 ├── autogen.sh ├── config.h.in ├── configure ├── configure.ac ├── docker ├── README ├── debian │ ├── latest │ │ └── Dockerfile │ └── testing │ │ └── Dockerfile ├── fedora │ ├── latest │ │ └── Dockerfile │ └── rawhide │ │ └── Dockerfile └── ubuntu │ ├── devel │ └── Dockerfile │ ├── latest │ └── Dockerfile │ └── rolling │ └── Dockerfile ├── docs ├── CODEOWNERS ├── CONTRIBUTING.md ├── CONTRIBUTORS.md ├── HISTORY.md ├── Makefile.in ├── SECURITY.md ├── TROUBLESHOOTING.md ├── UPGRADE.md ├── cvtsudoers.man.in ├── cvtsudoers.mdoc.in ├── fixman.sh ├── fixmdoc.sed ├── schema.ActiveDirectory ├── schema.IBM_LDAP ├── schema.OpenLDAP ├── schema.iPlanet ├── schema.olcSudo ├── sudo.conf.man.in ├── sudo.conf.man.in.sed ├── sudo.conf.mdoc.in ├── sudo.man.in ├── sudo.man.in.sed ├── sudo.mdoc.in ├── sudo_logsrv.proto.man.in ├── sudo_logsrv.proto.mdoc.in ├── sudo_logsrvd.conf.man.in ├── sudo_logsrvd.conf.mdoc.in ├── sudo_logsrvd.man.in ├── sudo_logsrvd.mdoc.in ├── sudo_plugin.man.in ├── sudo_plugin.mdoc.in ├── sudo_plugin_python.man.in ├── sudo_plugin_python.mdoc.in ├── sudo_sendlog.man.in ├── sudo_sendlog.mdoc.in ├── sudoers.ldap.man.in ├── sudoers.ldap.mdoc.in ├── sudoers.man.in ├── sudoers.man.in.sed ├── sudoers.mdoc.in ├── sudoers_timestamp.man.in ├── sudoers_timestamp.mdoc.in ├── sudoreplay.man.in ├── sudoreplay.mdoc.in ├── visudo.man.in └── visudo.mdoc.in ├── etc ├── codespell.exclude ├── codespell.ignore ├── codespell.skip ├── init.d │ ├── aix.sh.in │ ├── hpux.sh.in │ └── sudo.conf.in ├── macos-background.png ├── sudo-logsrvd.pp ├── sudo-python.pp ├── sudo.pp ├── uncrustify-small.cfg └── uncrustify.cfg ├── examples ├── Makefile.in ├── cvtsudoers.conf ├── pam.conf ├── sudo.conf.in ├── sudo_logsrvd.conf.in ├── sudoers.in └── syslog.conf.in ├── include ├── Makefile.in ├── compat │ ├── charclass.h │ ├── endian.h │ ├── fnmatch.h │ ├── getaddrinfo.h │ ├── getopt.h │ ├── glob.h │ ├── nss_dbdefs.h │ ├── sha2.h │ └── stdbool.h ├── hostcheck.h ├── intercept.pb-c.h ├── log_server.pb-c.h ├── protobuf-c │ └── protobuf-c.h ├── sudo_compat.h ├── sudo_conf.h ├── sudo_debug.h ├── sudo_digest.h ├── sudo_dso.h ├── sudo_event.h ├── sudo_eventlog.h ├── sudo_fatal.h ├── sudo_gettext.h ├── sudo_iolog.h ├── sudo_json.h ├── sudo_lbuf.h ├── sudo_plugin.h ├── sudo_queue.h ├── sudo_rand.h ├── sudo_ssl_compat.h └── sudo_util.h ├── lib ├── eventlog │ ├── Makefile.in │ ├── eventlog.c │ ├── eventlog_conf.c │ ├── eventlog_free.c │ ├── logwrap.c │ ├── parse_json.c │ ├── parse_json.h │ └── regress │ │ ├── eventlog_store │ │ ├── store_json_test.c │ │ ├── store_sudo_test.c │ │ ├── test1.json.in │ │ ├── test1.json.out.ok │ │ ├── test1.sudo.out.ok │ │ ├── test2.json.in │ │ ├── test2.json.out.ok │ │ ├── test2.sudo.out.ok │ │ ├── test3.json.in │ │ ├── test3.json.out.ok │ │ ├── test3.sudo.out.ok │ │ ├── test4.json.in │ │ ├── test4.json.out.ok │ │ └── test4.sudo.out.ok │ │ ├── logwrap │ │ ├── check_wrap.c │ │ ├── check_wrap.in │ │ └── check_wrap.out.ok │ │ └── parse_json │ │ ├── check_parse_json.c │ │ ├── test1.in │ │ ├── test2.in │ │ ├── test2.out.ok │ │ ├── test3.in │ │ └── test3.out.ok ├── fuzzstub │ ├── Makefile.in │ └── fuzzstub.c ├── iolog │ ├── Makefile.in │ ├── host_port.c │ ├── hostcheck.c │ ├── iolog_clearerr.c │ ├── iolog_close.c │ ├── iolog_conf.c │ ├── iolog_eof.c │ ├── iolog_filter.c │ ├── iolog_flush.c │ ├── iolog_gets.c │ ├── iolog_json.c │ ├── iolog_legacy.c │ ├── iolog_loginfo.c │ ├── iolog_mkdirs.c │ ├── iolog_mkdtemp.c │ ├── iolog_mkpath.c │ ├── iolog_nextid.c │ ├── iolog_open.c │ ├── iolog_openat.c │ ├── iolog_path.c │ ├── iolog_read.c │ ├── iolog_seek.c │ ├── iolog_swapids.c │ ├── iolog_timing.c │ ├── iolog_util.c │ ├── iolog_write.c │ └── regress │ │ ├── corpus │ │ └── seed │ │ │ ├── log_json │ │ │ ├── id.json │ │ │ ├── ls.json │ │ │ ├── mailq.json │ │ │ ├── make.json │ │ │ ├── pkg_add.json │ │ │ ├── pkg_delete.json │ │ │ └── printenv.json │ │ │ ├── log_legacy │ │ │ ├── id.log │ │ │ ├── less.log │ │ │ ├── ls.log │ │ │ ├── mailq.log │ │ │ ├── make.log │ │ │ ├── pkg_add.log │ │ │ ├── pkg_delete.log │ │ │ ├── printenv.log │ │ │ ├── smtpctl.log │ │ │ └── vi.log │ │ │ └── timing │ │ │ ├── timing.1 │ │ │ ├── timing.2 │ │ │ ├── timing.3 │ │ │ ├── timing.4 │ │ │ ├── timing.5 │ │ │ ├── timing.6 │ │ │ ├── timing.7 │ │ │ ├── timing.8 │ │ │ └── timing.9 │ │ ├── fuzz │ │ ├── fuzz_iolog_json.c │ │ ├── fuzz_iolog_json.dict │ │ ├── fuzz_iolog_legacy.c │ │ ├── fuzz_iolog_legacy.dict │ │ ├── fuzz_iolog_timing.c │ │ └── fuzz_iolog_timing.dict │ │ ├── host_port │ │ └── host_port_test.c │ │ ├── iolog_filter │ │ ├── check_iolog_filter.c │ │ ├── test1 │ │ │ ├── log │ │ │ ├── timing │ │ │ ├── ttyin │ │ │ ├── ttyin.filtered │ │ │ └── ttyout │ │ ├── test2 │ │ │ ├── log │ │ │ ├── timing │ │ │ ├── ttyin │ │ │ ├── ttyin.filtered │ │ │ └── ttyout │ │ └── test3 │ │ │ ├── log │ │ │ ├── timing │ │ │ ├── ttyin │ │ │ ├── ttyin.filtered │ │ │ └── ttyout │ │ ├── iolog_mkpath │ │ └── check_iolog_mkpath.c │ │ ├── iolog_path │ │ ├── check_iolog_path.c │ │ └── data │ │ └── iolog_timing │ │ └── check_iolog_timing.c ├── logsrv │ ├── Makefile.in │ ├── log_server.pb-c.c │ └── log_server.proto ├── protobuf-c │ ├── Makefile.in │ └── protobuf-c.c ├── ssl_compat │ ├── Makefile.in │ └── ssl_compat.c ├── util │ ├── Makefile.in │ ├── aix.c │ ├── arc4random.c │ ├── arc4random_buf.c │ ├── arc4random_uniform.c │ ├── basename.c │ ├── cfmakeraw.c │ ├── chacha_private.h │ ├── closefrom.c │ ├── digest.c │ ├── digest_gcrypt.c │ ├── digest_openssl.c │ ├── dup3.c │ ├── event.c │ ├── event_poll.c │ ├── event_select.c │ ├── explicit_bzero.c │ ├── fatal.c │ ├── fchmodat.c │ ├── fchownat.c │ ├── fnmatch.c │ ├── freezero.c │ ├── fstatat.c │ ├── getaddrinfo.c │ ├── getdelim.c │ ├── getentropy.c │ ├── getgrouplist.c │ ├── gethostname.c │ ├── getopt_long.c │ ├── gettime.c │ ├── getusershell.c │ ├── gidlist.c │ ├── glob.c │ ├── gmtime_r.c │ ├── hexchar.c │ ├── inet_ntop.c │ ├── inet_pton.c │ ├── isblank.c │ ├── json.c │ ├── key_val.c │ ├── lbuf.c │ ├── localtime_r.c │ ├── locking.c │ ├── logfac.c │ ├── login_max.c │ ├── logpri.c │ ├── memrchr.c │ ├── mkdir_parents.c │ ├── mkdirat.c │ ├── mksiglist.c │ ├── mksigname.c │ ├── mktemp.c │ ├── mmap_alloc.c │ ├── multiarch.c │ ├── nanosleep.c │ ├── openat.c │ ├── parseln.c │ ├── pipe2.c │ ├── pread.c │ ├── progname.c │ ├── pw_dup.c │ ├── pwrite.c │ ├── rcstr.c │ ├── reallocarray.c │ ├── realpath.c │ ├── regex.c │ ├── regress │ │ ├── closefrom │ │ │ └── closefrom_test.c │ │ ├── corpus │ │ │ └── seed │ │ │ │ └── sudo_conf │ │ │ │ ├── sudo.conf.1 │ │ │ │ ├── sudo.conf.2 │ │ │ │ └── sudo.conf.3 │ │ ├── digest │ │ │ └── digest_test.c │ │ ├── fnmatch │ │ │ ├── fnm_test.c │ │ │ └── fnm_test.in │ │ ├── fuzz │ │ │ ├── fuzz_sudo_conf.c │ │ │ └── fuzz_sudo_conf.dict │ │ ├── getdelim │ │ │ └── getdelim_test.c │ │ ├── getgrouplist │ │ │ ├── getgids.c │ │ │ └── getgrouplist_test.c │ │ ├── glob │ │ │ ├── files │ │ │ ├── globtest.c │ │ │ └── globtest.in │ │ ├── harness.in │ │ ├── hexchar │ │ │ └── hexchar_test.c │ │ ├── json │ │ │ └── json_test.c │ │ ├── mktemp │ │ │ └── mktemp_test.c │ │ ├── multiarch │ │ │ └── multiarch_test.c │ │ ├── open_parent_dir │ │ │ └── open_parent_dir_test.c │ │ ├── parse_gids │ │ │ └── parse_gids_test.c │ │ ├── progname │ │ │ └── progname_test.c │ │ ├── regex │ │ │ └── regex_test.c │ │ ├── strsig │ │ │ └── strsig_test.c │ │ ├── strsplit │ │ │ └── strsplit_test.c │ │ ├── strtofoo │ │ │ ├── strtobool_test.c │ │ │ ├── strtoid_test.c │ │ │ ├── strtomode_test.c │ │ │ └── strtonum_test.c │ │ ├── sudo_conf │ │ │ ├── conf_test.c │ │ │ ├── test1.in │ │ │ ├── test1.out.ok │ │ │ ├── test2.in │ │ │ ├── test2.out.ok │ │ │ ├── test3.in │ │ │ ├── test3.out.ok │ │ │ ├── test4.err.ok │ │ │ ├── test4.in │ │ │ ├── test4.out.ok │ │ │ ├── test5.err.ok │ │ │ ├── test5.in │ │ │ ├── test5.out.ok │ │ │ ├── test6.in │ │ │ ├── test6.out.ok │ │ │ ├── test7.in │ │ │ └── test7.out.ok │ │ ├── sudo_parseln │ │ │ ├── parseln_test.c │ │ │ ├── test1.in │ │ │ ├── test1.out.ok │ │ │ ├── test2.in │ │ │ ├── test2.out.ok │ │ │ ├── test3.in │ │ │ ├── test3.out.ok │ │ │ ├── test4.in │ │ │ ├── test4.out.ok │ │ │ ├── test5.in │ │ │ ├── test5.out.ok │ │ │ ├── test6.in │ │ │ └── test6.out.ok │ │ ├── tailq │ │ │ └── hltq_test.c │ │ └── uuid │ │ │ └── uuid_test.c │ ├── roundup.c │ ├── secure_path.c │ ├── setgroups.c │ ├── sha2.c │ ├── sig2str.c │ ├── siglist.in │ ├── snprintf.c │ ├── str2sig.c │ ├── strlcat.c │ ├── strlcpy.c │ ├── strndup.c │ ├── strnlen.c │ ├── strsignal.c │ ├── strsplit.c │ ├── strtobool.c │ ├── strtoid.c │ ├── strtomode.c │ ├── strtonum.c │ ├── sudo_conf.c │ ├── sudo_debug.c │ ├── sudo_dso.c │ ├── sys_siglist.h │ ├── sys_signame.h │ ├── term.c │ ├── timegm.c │ ├── ttyname_dev.c │ ├── ttysize.c │ ├── unlinkat.c │ ├── util.exp.in │ ├── utimens.c │ └── uuid.c └── zlib │ ├── Makefile.in │ ├── adler32.c │ ├── compress.c │ ├── crc32.c │ ├── crc32.h │ ├── deflate.c │ ├── deflate.h │ ├── gzclose.c │ ├── gzguts.h │ ├── gzlib.c │ ├── gzread.c │ ├── gzwrite.c │ ├── infback.c │ ├── inffast.c │ ├── inffast.h │ ├── inffixed.h │ ├── inflate.c │ ├── inflate.h │ ├── inftrees.c │ ├── inftrees.h │ ├── trees.c │ ├── trees.h │ ├── uncompr.c │ ├── zconf.h.in │ ├── zlib.exp │ ├── zlib.h │ ├── zutil.c │ └── zutil.h ├── logsrvd ├── Makefile.in ├── iolog_writer.c ├── logsrv_util.c ├── logsrv_util.h ├── logsrvd.c ├── logsrvd.h ├── logsrvd_conf.c ├── logsrvd_journal.c ├── logsrvd_local.c ├── logsrvd_queue.c ├── logsrvd_relay.c ├── regress │ ├── corpus │ │ └── seed │ │ │ └── logsrvd_conf │ │ │ ├── logsrvd.conf.1 │ │ │ ├── logsrvd.conf.2 │ │ │ ├── logsrvd.conf.3 │ │ │ ├── logsrvd.conf.4 │ │ │ ├── logsrvd.conf.5 │ │ │ ├── logsrvd.conf.6 │ │ │ └── logsrvd.conf.7 │ ├── fuzz │ │ ├── fuzz_logsrvd_conf.c │ │ └── fuzz_logsrvd_conf.dict │ └── logsrvd_conf │ │ ├── cacert.pem │ │ ├── logsrvd_cert.pem │ │ ├── logsrvd_conf_test.c │ │ ├── logsrvd_dhparams.pem │ │ ├── logsrvd_key.pem │ │ ├── sudo_logsrvd.conf.1.in │ │ ├── sudo_logsrvd.conf.2.in │ │ └── tls │ │ ├── sudo_logsrvd.conf.1.in │ │ └── sudo_logsrvd.conf.2.in ├── sendlog.c ├── sendlog.h ├── tls_client.c ├── tls_common.h └── tls_init.c ├── m4 ├── ax_append_flag.m4 ├── ax_check_compile_flag.m4 ├── ax_check_link_flag.m4 ├── ax_func_getaddrinfo.m4 ├── ax_func_snprintf.m4 ├── ax_gcc_builtin.m4 ├── ax_prog_cc_for_build.m4 ├── gettext.m4 ├── hardening.m4 ├── ldap.m4 ├── libtool.m4 ├── ltoptions.m4 ├── ltsugar.m4 ├── ltversion.m4 ├── lt~obsolete.m4 ├── openssl.m4 ├── pie.m4 ├── python.m4 ├── runlog.m4 ├── sanitizer.m4 ├── sudo.m4 └── visibility.m4 ├── pathnames.h.in ├── plugins ├── audit_json │ ├── Makefile.in │ ├── audit_json.c │ └── audit_json.exp ├── group_file │ ├── Makefile.in │ ├── getgrent.c │ ├── group_file.c │ ├── group_file.exp │ └── plugin_test.c ├── python │ ├── Makefile.in │ ├── example_approval_plugin.py │ ├── example_audit_plugin.py │ ├── example_conversation.py │ ├── example_debugging.py │ ├── example_group_plugin.py │ ├── example_io_plugin.py │ ├── example_policy_plugin.py │ ├── lsan_suppr.txt │ ├── pyhelpers.c │ ├── pyhelpers.h │ ├── pyhelpers_cpychecker.h │ ├── python_baseplugin.c │ ├── python_convmessage.c │ ├── python_loghandler.c │ ├── python_plugin.exp │ ├── python_plugin_approval.c │ ├── python_plugin_approval_multi.inc │ ├── python_plugin_audit.c │ ├── python_plugin_audit_multi.inc │ ├── python_plugin_common.c │ ├── python_plugin_common.h │ ├── python_plugin_group.c │ ├── python_plugin_io.c │ ├── python_plugin_io_multi.inc │ ├── python_plugin_policy.c │ ├── regress │ │ ├── check_python_examples.c │ │ ├── iohelpers.c │ │ ├── iohelpers.h │ │ ├── plugin_approval_test.py │ │ ├── plugin_conflict.py │ │ ├── plugin_errorstr.py │ │ ├── testdata │ │ │ ├── check_example_audit_plugin_receives_accept.stdout │ │ │ ├── check_example_audit_plugin_receives_error.stdout │ │ │ ├── check_example_audit_plugin_receives_reject.stdout │ │ │ ├── check_example_audit_plugin_version_display.stdout │ │ │ ├── check_example_audit_plugin_workflow_multiple.stderr │ │ │ ├── check_example_audit_plugin_workflow_multiple.stdout │ │ │ ├── check_example_conversation_plugin_reason_log_with_suspend.conversation │ │ │ ├── check_example_conversation_plugin_reason_log_with_suspend.stderr │ │ │ ├── check_example_conversation_plugin_reason_log_with_suspend.stdout │ │ │ ├── check_example_conversation_plugin_reason_log_with_suspend.stored │ │ │ ├── check_example_conversation_plugin_reason_log_without_suspend.conversation │ │ │ ├── check_example_conversation_plugin_reason_log_without_suspend.stderr │ │ │ ├── check_example_conversation_plugin_reason_log_without_suspend.stdout │ │ │ ├── check_example_conversation_plugin_reason_log_without_suspend.stored │ │ │ ├── check_example_conversation_plugin_user_interrupts.conv │ │ │ ├── check_example_conversation_plugin_user_interrupts.conversation │ │ │ ├── check_example_conversation_plugin_user_interrupts.stderr │ │ │ ├── check_example_conversation_plugin_user_interrupts.stdout │ │ │ ├── check_example_debugging_c_calls@diag.log │ │ │ ├── check_example_debugging_c_calls@info.log │ │ │ ├── check_example_debugging_load@diag.log │ │ │ ├── check_example_debugging_plugin@err.log │ │ │ ├── check_example_debugging_plugin@info.log │ │ │ ├── check_example_debugging_py_calls@diag.log │ │ │ ├── check_example_debugging_py_calls@info.log │ │ │ ├── check_example_debugging_sudo_cb@info.log │ │ │ ├── check_example_group_plugin_is_able_to_debug.log │ │ │ ├── check_example_io_plugin_command_log.stderr │ │ │ ├── check_example_io_plugin_command_log.stdout │ │ │ ├── check_example_io_plugin_command_log.stored │ │ │ ├── check_example_io_plugin_command_log_multiple.stderr │ │ │ ├── check_example_io_plugin_command_log_multiple.stdout │ │ │ ├── check_example_io_plugin_command_log_multiple1.stored │ │ │ ├── check_example_io_plugin_command_log_multiple2.stored │ │ │ ├── check_example_io_plugin_failed_to_start_command.stderr │ │ │ ├── check_example_io_plugin_failed_to_start_command.stdout │ │ │ ├── check_example_io_plugin_failed_to_start_command.stored │ │ │ ├── check_example_io_plugin_fails_with_python_backtrace.stderr │ │ │ ├── check_example_io_plugin_fails_with_python_backtrace.stdout │ │ │ ├── check_example_io_plugin_version_display.stderr │ │ │ ├── check_example_io_plugin_version_display.stdout │ │ │ ├── check_example_io_plugin_version_display.stored │ │ │ ├── check_example_io_plugin_version_display_full.stdout │ │ │ ├── check_example_policy_plugin_accepted_execution.stderr │ │ │ ├── check_example_policy_plugin_accepted_execution.stdout │ │ │ ├── check_example_policy_plugin_denied_execution.stderr │ │ │ ├── check_example_policy_plugin_denied_execution.stdout │ │ │ ├── check_example_policy_plugin_failed_execution.stderr │ │ │ ├── check_example_policy_plugin_failed_execution.stdout │ │ │ ├── check_example_policy_plugin_list.stderr │ │ │ ├── check_example_policy_plugin_list.stdout │ │ │ ├── check_example_policy_plugin_validate_invalidate.log │ │ │ ├── check_example_policy_plugin_version_display.stderr │ │ │ ├── check_example_policy_plugin_version_display.stdout │ │ │ ├── check_example_policy_plugin_version_display_full.stdout │ │ │ ├── check_loading_fails_missing_classname.stderr │ │ │ ├── check_loading_fails_missing_classname.stdout │ │ │ ├── check_loading_fails_missing_path.stderr │ │ │ ├── check_loading_fails_missing_path.stdout │ │ │ ├── check_loading_fails_not_owned_by_root.stderr │ │ │ ├── check_loading_fails_not_owned_by_root.stdout │ │ │ ├── check_loading_fails_wrong_classname.stderr │ │ │ ├── check_loading_fails_wrong_classname.stdout │ │ │ ├── check_loading_fails_wrong_path.stderr │ │ │ ├── check_loading_fails_wrong_path.stdout │ │ │ ├── check_loading_succeeds_with_missing_classname.stdout │ │ │ ├── check_multiple_approval_plugin_and_arguments.stderr │ │ │ ├── check_multiple_approval_plugin_and_arguments.stdout │ │ │ └── check_python_plugins_do_not_affect_each_other.stdout │ │ ├── testhelpers.c │ │ └── testhelpers.h │ ├── sudo_python_debug.c │ ├── sudo_python_debug.h │ ├── sudo_python_module.c │ └── sudo_python_module.h ├── sample │ ├── Makefile.in │ ├── README │ ├── sample_plugin.c │ └── sample_plugin.exp ├── sample_approval │ ├── Makefile.in │ ├── sample_approval.c │ └── sample_approval.exp ├── sudoers │ ├── Makefile.in │ ├── alias.c │ ├── audit.c │ ├── auth │ │ ├── API │ │ ├── afs.c │ │ ├── aix_auth.c │ │ ├── bsdauth.c │ │ ├── dce.c │ │ ├── fwtk.c │ │ ├── kerb5.c │ │ ├── pam.c │ │ ├── passwd.c │ │ ├── rfc1938.c │ │ ├── secureware.c │ │ ├── securid5.c │ │ ├── sia.c │ │ ├── sudo_auth.c │ │ └── sudo_auth.h │ ├── b64_decode.c │ ├── b64_encode.c │ ├── boottime.c │ ├── bsm_audit.c │ ├── bsm_audit.h │ ├── canon_path.c │ ├── check.c │ ├── check_aliases.c │ ├── check_util.c │ ├── cvtsudoers.c │ ├── cvtsudoers.h │ ├── cvtsudoers_csv.c │ ├── cvtsudoers_json.c │ ├── cvtsudoers_ldif.c │ ├── cvtsudoers_merge.c │ ├── cvtsudoers_pwutil.c │ ├── def_data.c │ ├── def_data.h │ ├── def_data.in │ ├── defaults.c │ ├── defaults.h │ ├── digestname.c │ ├── display.c │ ├── editor.c │ ├── env.c │ ├── env_pattern.c │ ├── exptilde.c │ ├── file.c │ ├── filedigest.c │ ├── find_path.c │ ├── fmtsudoers.c │ ├── fmtsudoers_cvt.c │ ├── gc.c │ ├── gentime.c │ ├── getdate.c │ ├── getdate.y │ ├── getspwuid.c │ ├── goodpath.c │ ├── gram.c │ ├── gram.h │ ├── gram.y │ ├── group_plugin.c │ ├── ins_2001.h │ ├── ins_classic.h │ ├── ins_csops.h │ ├── ins_goons.h │ ├── ins_python.h │ ├── insults.h │ ├── interfaces.c │ ├── interfaces.h │ ├── iolog.c │ ├── iolog_path_escapes.c │ ├── ldap.c │ ├── ldap_conf.c │ ├── ldap_innetgr.c │ ├── ldap_util.c │ ├── linux_audit.c │ ├── linux_audit.h │ ├── locale.c │ ├── log_client.c │ ├── log_client.h │ ├── logging.c │ ├── logging.h │ ├── lookup.c │ ├── match.c │ ├── match_addr.c │ ├── match_command.c │ ├── match_digest.c │ ├── mkdefaults │ ├── parse.h │ ├── parse_ldif.c │ ├── parser_warnx.c │ ├── pivot.c │ ├── pivot.h │ ├── po │ │ ├── README │ │ ├── ast.mo │ │ ├── ast.po │ │ ├── ca.mo │ │ ├── ca.po │ │ ├── cs.mo │ │ ├── cs.po │ │ ├── da.mo │ │ ├── da.po │ │ ├── de.mo │ │ ├── de.po │ │ ├── el.mo │ │ ├── el.po │ │ ├── eo.mo │ │ ├── eo.po │ │ ├── es.mo │ │ ├── es.po │ │ ├── eu.mo │ │ ├── eu.po │ │ ├── fi.mo │ │ ├── fi.po │ │ ├── fr.mo │ │ ├── fr.po │ │ ├── fur.mo │ │ ├── fur.po │ │ ├── hr.mo │ │ ├── hr.po │ │ ├── hu.mo │ │ ├── hu.po │ │ ├── id.mo │ │ ├── id.po │ │ ├── it.mo │ │ ├── it.po │ │ ├── ja.mo │ │ ├── ja.po │ │ ├── ka.mo │ │ ├── ka.po │ │ ├── ko.mo │ │ ├── ko.po │ │ ├── lt.mo │ │ ├── lt.po │ │ ├── nb.mo │ │ ├── nb.po │ │ ├── nl.mo │ │ ├── nl.po │ │ ├── pl.mo │ │ ├── pl.po │ │ ├── pt.mo │ │ ├── pt.po │ │ ├── pt_BR.mo │ │ ├── pt_BR.po │ │ ├── ro.mo │ │ ├── ro.po │ │ ├── ru.mo │ │ ├── ru.po │ │ ├── sk.mo │ │ ├── sk.po │ │ ├── sl.mo │ │ ├── sl.po │ │ ├── sr.mo │ │ ├── sr.po │ │ ├── sudoers.pot │ │ ├── sv.mo │ │ ├── sv.po │ │ ├── tr.mo │ │ ├── tr.po │ │ ├── uk.mo │ │ ├── uk.po │ │ ├── vi.mo │ │ ├── vi.po │ │ ├── zh_CN.mo │ │ ├── zh_CN.po │ │ ├── zh_TW.mo │ │ └── zh_TW.po │ ├── policy.c │ ├── prompt.c │ ├── pwutil.c │ ├── pwutil.h │ ├── pwutil_impl.c │ ├── redblack.c │ ├── redblack.h │ ├── regress │ │ ├── check_symbols │ │ │ └── check_symbols.c │ │ ├── corpus │ │ │ └── seed │ │ │ │ ├── ldif │ │ │ │ ├── invalid_b64.ldif │ │ │ │ ├── pr196.ldif │ │ │ │ ├── sample.ldif │ │ │ │ └── valid_b64.ldif │ │ │ │ └── policy │ │ │ │ ├── policy.1 │ │ │ │ ├── policy.2 │ │ │ │ ├── policy.3 │ │ │ │ ├── policy.4 │ │ │ │ └── policy.5 │ │ ├── cvtsudoers │ │ │ ├── sudoers │ │ │ ├── sudoers.defs │ │ │ ├── sudoers1 │ │ │ ├── sudoers2 │ │ │ ├── sudoers3 │ │ │ ├── sudoers4 │ │ │ ├── test1.out.ok │ │ │ ├── test1.sh │ │ │ ├── test10.out.ok │ │ │ ├── test10.sh │ │ │ ├── test11.out.ok │ │ │ ├── test11.sh │ │ │ ├── test12.out.ok │ │ │ ├── test12.sh │ │ │ ├── test13.out.ok │ │ │ ├── test13.sh │ │ │ ├── test14.out.ok │ │ │ ├── test14.sh │ │ │ ├── test15.out.ok │ │ │ ├── test15.sh │ │ │ ├── test16.out.ok │ │ │ ├── test16.sh │ │ │ ├── test17.out.ok │ │ │ ├── test17.sh │ │ │ ├── test18.out.ok │ │ │ ├── test18.sh │ │ │ ├── test19.out.ok │ │ │ ├── test19.sh │ │ │ ├── test2.out.ok │ │ │ ├── test2.sh │ │ │ ├── test20.conf │ │ │ ├── test20.out.ok │ │ │ ├── test20.sh │ │ │ ├── test21.conf │ │ │ ├── test21.out.ok │ │ │ ├── test21.sh │ │ │ ├── test22.out.ok │ │ │ ├── test22.sh │ │ │ ├── test23.out.ok │ │ │ ├── test23.sh │ │ │ ├── test24.out.ok │ │ │ ├── test24.sh │ │ │ ├── test25.out.ok │ │ │ ├── test25.sh │ │ │ ├── test26.err.ok │ │ │ ├── test26.out.ok │ │ │ ├── test26.sh │ │ │ ├── test27.out.ok │ │ │ ├── test27.sh │ │ │ ├── test28.out.ok │ │ │ ├── test28.sh │ │ │ ├── test29.out.ok │ │ │ ├── test29.sh │ │ │ ├── test3.out.ok │ │ │ ├── test3.sh │ │ │ ├── test30.out.ok │ │ │ ├── test30.sh │ │ │ ├── test31.conf │ │ │ ├── test31.out.ok │ │ │ ├── test31.sh │ │ │ ├── test32.err.ok │ │ │ ├── test32.out.ok │ │ │ ├── test32.sh │ │ │ ├── test33.out.ok │ │ │ ├── test33.sh │ │ │ ├── test34.out.ok │ │ │ ├── test34.sh │ │ │ ├── test35.out.ok │ │ │ ├── test35.sh │ │ │ ├── test36.out.ok │ │ │ ├── test36.sh │ │ │ ├── test37.out.ok │ │ │ ├── test37.sh │ │ │ ├── test38.out.ok │ │ │ ├── test38.sh │ │ │ ├── test39.out.ok │ │ │ ├── test39.sh │ │ │ ├── test4.out.ok │ │ │ ├── test4.sh │ │ │ ├── test40.out.ok │ │ │ ├── test40.sh │ │ │ ├── test41.out.ok │ │ │ ├── test41.sh │ │ │ ├── test5.out.ok │ │ │ ├── test5.sh │ │ │ ├── test6.out.ok │ │ │ ├── test6.sh │ │ │ ├── test7.out.ok │ │ │ ├── test7.sh │ │ │ ├── test8.out.ok │ │ │ ├── test8.sh │ │ │ ├── test9.out.ok │ │ │ └── test9.sh │ │ ├── editor │ │ │ └── check_editor.c │ │ ├── env_match │ │ │ ├── check_env_pattern.c │ │ │ └── data │ │ ├── exptilde │ │ │ └── check_exptilde.c │ │ ├── fuzz │ │ │ ├── fuzz_policy.c │ │ │ ├── fuzz_policy.dict │ │ │ ├── fuzz_stubs.c │ │ │ ├── fuzz_sudoers.c │ │ │ ├── fuzz_sudoers.dict │ │ │ ├── fuzz_sudoers.out.ok │ │ │ ├── fuzz_sudoers_ldif.c │ │ │ └── fuzz_sudoers_ldif.dict │ │ ├── harness.in │ │ ├── iolog_plugin │ │ │ └── check_iolog_plugin.c │ │ ├── parser │ │ │ ├── check_addr.c │ │ │ ├── check_addr.in │ │ │ ├── check_base64.c │ │ │ ├── check_digest.c │ │ │ ├── check_digest.out.ok │ │ │ ├── check_fill.c │ │ │ └── check_gentime.c │ │ ├── serialize_list │ │ │ └── check_serialize_list.c │ │ ├── starttime │ │ │ └── check_starttime.c │ │ ├── sudoers │ │ │ ├── test1.in │ │ │ ├── test1.json.ok │ │ │ ├── test1.ldif.ok │ │ │ ├── test1.ldif2sudo.ok │ │ │ ├── test1.out.ok │ │ │ ├── test1.toke.ok │ │ │ ├── test10.in │ │ │ ├── test10.json.ok │ │ │ ├── test10.ldif.ok │ │ │ ├── test10.out.ok │ │ │ ├── test10.toke.ok │ │ │ ├── test11.in │ │ │ ├── test11.json.ok │ │ │ ├── test11.ldif.ok │ │ │ ├── test11.out.ok │ │ │ ├── test11.toke.ok │ │ │ ├── test12.in │ │ │ ├── test12.json.ok │ │ │ ├── test12.ldif.ok │ │ │ ├── test12.out.ok │ │ │ ├── test12.toke.ok │ │ │ ├── test13.in │ │ │ ├── test13.json.ok │ │ │ ├── test13.ldif.ok │ │ │ ├── test13.out.ok │ │ │ ├── test13.toke.ok │ │ │ ├── test14.in │ │ │ ├── test14.json.ok │ │ │ ├── test14.ldif.ok │ │ │ ├── test14.ldif2sudo.ok │ │ │ ├── test14.out.ok │ │ │ ├── test14.toke.ok │ │ │ ├── test15.in │ │ │ ├── test15.json.ok │ │ │ ├── test15.ldif.ok │ │ │ ├── test15.ldif2sudo.ok │ │ │ ├── test15.out.ok │ │ │ ├── test15.toke.ok │ │ │ ├── test16.in │ │ │ ├── test16.json.ok │ │ │ ├── test16.ldif.ok │ │ │ ├── test16.ldif2sudo.ok │ │ │ ├── test16.out.ok │ │ │ ├── test16.toke.ok │ │ │ ├── test17.in │ │ │ ├── test17.json.ok │ │ │ ├── test17.ldif.ok │ │ │ ├── test17.ldif2sudo.ok │ │ │ ├── test17.out.ok │ │ │ ├── test17.toke.ok │ │ │ ├── test18.in │ │ │ ├── test18.json.ok │ │ │ ├── test18.ldif.ok │ │ │ ├── test18.out.ok │ │ │ ├── test18.toke.ok │ │ │ ├── test19.in │ │ │ ├── test19.json.ok │ │ │ ├── test19.ldif.ok │ │ │ ├── test19.ldif2sudo.ok │ │ │ ├── test19.out.ok │ │ │ ├── test19.toke.ok │ │ │ ├── test2.in │ │ │ ├── test2.json.ok │ │ │ ├── test2.ldif.ok │ │ │ ├── test2.ldif2sudo.ok │ │ │ ├── test2.out.ok │ │ │ ├── test2.toke.ok │ │ │ ├── test20.in │ │ │ ├── test20.json.ok │ │ │ ├── test20.ldif.ok │ │ │ ├── test20.ldif2sudo.ok │ │ │ ├── test20.out.ok │ │ │ ├── test20.toke.ok │ │ │ ├── test21.in │ │ │ ├── test21.json.ok │ │ │ ├── test21.ldif.ok │ │ │ ├── test21.ldif2sudo.ok │ │ │ ├── test21.out.ok │ │ │ ├── test21.toke.ok │ │ │ ├── test22.in │ │ │ ├── test22.json.ok │ │ │ ├── test22.ldif.ok │ │ │ ├── test22.ldif2sudo.ok │ │ │ ├── test22.out.ok │ │ │ ├── test22.toke.ok │ │ │ ├── test23.in │ │ │ ├── test23.json.ok │ │ │ ├── test23.ldif.ok │ │ │ ├── test23.ldif2sudo.ok │ │ │ ├── test23.out.ok │ │ │ ├── test23.toke.ok │ │ │ ├── test24.in │ │ │ ├── test24.json.ok │ │ │ ├── test24.ldif.ok │ │ │ ├── test24.ldif2sudo.ok │ │ │ ├── test24.out.ok │ │ │ ├── test24.toke.ok │ │ │ ├── test25.in │ │ │ ├── test25.json.ok │ │ │ ├── test25.ldif.ok │ │ │ ├── test25.out.ok │ │ │ ├── test25.toke.ok │ │ │ ├── test26.in │ │ │ ├── test26.json.ok │ │ │ ├── test26.ldif.ok │ │ │ ├── test26.ldif2sudo.ok │ │ │ ├── test26.out.ok │ │ │ ├── test26.toke.ok │ │ │ ├── test27.in │ │ │ ├── test27.json.ok │ │ │ ├── test27.ldif.ok │ │ │ ├── test27.ldif2sudo.ok │ │ │ ├── test27.out.ok │ │ │ ├── test27.toke.ok │ │ │ ├── test28.in │ │ │ ├── test28.json.ok │ │ │ ├── test28.ldif.ok │ │ │ ├── test28.ldif2sudo.ok │ │ │ ├── test28.out.ok │ │ │ ├── test28.toke.ok │ │ │ ├── test29.in │ │ │ ├── test29.json.ok │ │ │ ├── test29.ldif.ok │ │ │ ├── test29.out.ok │ │ │ ├── test29.toke.ok │ │ │ ├── test3.in │ │ │ ├── test3.json.ok │ │ │ ├── test3.ldif.ok │ │ │ ├── test3.ldif2sudo.ok │ │ │ ├── test3.out.ok │ │ │ ├── test3.toke.ok │ │ │ ├── test30.in │ │ │ ├── test30.json.ok │ │ │ ├── test30.ldif.ok │ │ │ ├── test30.ldif2sudo.ok │ │ │ ├── test30.out.ok │ │ │ ├── test30.sudo.ok │ │ │ ├── test30.toke.ok │ │ │ ├── test31.in │ │ │ ├── test31.json.ok │ │ │ ├── test31.ldif.ok │ │ │ ├── test31.ldif2sudo.ok │ │ │ ├── test31.out.ok │ │ │ ├── test31.toke.ok │ │ │ ├── test4.in │ │ │ ├── test4.json.ok │ │ │ ├── test4.ldif.ok │ │ │ ├── test4.out.ok │ │ │ ├── test4.toke.ok │ │ │ ├── test5.in │ │ │ ├── test5.json.ok │ │ │ ├── test5.ldif.ok │ │ │ ├── test5.out.ok │ │ │ ├── test5.toke.ok │ │ │ ├── test6.in │ │ │ ├── test6.json.ok │ │ │ ├── test6.ldif.ok │ │ │ ├── test6.ldif2sudo.ok │ │ │ ├── test6.out.ok │ │ │ ├── test6.toke.ok │ │ │ ├── test7.in │ │ │ ├── test7.json.ok │ │ │ ├── test7.ldif.ok │ │ │ ├── test7.out.ok │ │ │ ├── test7.toke.ok │ │ │ ├── test8.in │ │ │ ├── test8.json.ok │ │ │ ├── test8.ldif.ok │ │ │ ├── test8.out.ok │ │ │ ├── test8.toke.ok │ │ │ ├── test9.in │ │ │ ├── test9.json.ok │ │ │ ├── test9.ldif.ok │ │ │ ├── test9.out.ok │ │ │ └── test9.toke.ok │ │ ├── testsudoers │ │ │ ├── group │ │ │ ├── passwd │ │ │ ├── test1.out.ok │ │ │ ├── test1.sh │ │ │ ├── test10.out.ok │ │ │ ├── test10.sh │ │ │ ├── test11.out.ok │ │ │ ├── test11.sh │ │ │ ├── test12.out.ok │ │ │ ├── test12.sh │ │ │ ├── test13.out.ok │ │ │ ├── test13.sh │ │ │ ├── test14.out.ok │ │ │ ├── test14.sh │ │ │ ├── test15.out.ok │ │ │ ├── test15.sh │ │ │ ├── test16.out.ok │ │ │ ├── test16.sh │ │ │ ├── test17.out.ok │ │ │ ├── test17.sh │ │ │ ├── test18.out.ok │ │ │ ├── test18.sh │ │ │ ├── test19.out.ok │ │ │ ├── test19.sh │ │ │ ├── test2.inc │ │ │ ├── test2.out.ok │ │ │ ├── test2.sh │ │ │ ├── test20.out.ok │ │ │ ├── test20.sh │ │ │ ├── test21.out.ok │ │ │ ├── test21.sh │ │ │ ├── test22.out.ok │ │ │ ├── test22.sh │ │ │ ├── test23.out.ok │ │ │ ├── test23.sh │ │ │ ├── test24.out.ok │ │ │ ├── test24.sh │ │ │ ├── test25.out.ok │ │ │ ├── test25.sh │ │ │ ├── test26.out.ok │ │ │ ├── test26.sh │ │ │ ├── test27.out.ok │ │ │ ├── test27.sh │ │ │ ├── test28.out.ok │ │ │ ├── test28.sh │ │ │ ├── test29.out.ok │ │ │ ├── test29.sh │ │ │ ├── test3.out.ok │ │ │ ├── test3.sh │ │ │ ├── test30.out.ok │ │ │ ├── test30.sh │ │ │ ├── test31.out.ok │ │ │ ├── test31.sh │ │ │ ├── test4.out.ok │ │ │ ├── test4.sh │ │ │ ├── test5.out.ok │ │ │ ├── test5.sh │ │ │ ├── test6.out.ok │ │ │ ├── test6.sh │ │ │ ├── test7.out.ok │ │ │ ├── test7.sh │ │ │ ├── test8.out.ok │ │ │ ├── test8.sh │ │ │ ├── test9.out.ok │ │ │ └── test9.sh │ │ ├── unescape │ │ │ └── check_unesc.c │ │ └── visudo │ │ │ ├── test1.out.ok │ │ │ ├── test1.sh │ │ │ ├── test10.out.ok │ │ │ ├── test10.sh │ │ │ ├── test2.err.ok │ │ │ ├── test2.out.ok │ │ │ ├── test2.sh │ │ │ ├── test3.err.ok │ │ │ ├── test3.out.ok │ │ │ ├── test3.sh │ │ │ ├── test4.out.ok │ │ │ ├── test4.sh │ │ │ ├── test5.out.ok │ │ │ ├── test5.sh │ │ │ ├── test6.out.ok │ │ │ ├── test6.sh │ │ │ ├── test7.out.ok │ │ │ ├── test7.sh │ │ │ ├── test8.err.ok │ │ │ ├── test8.out.ok │ │ │ ├── test8.sh │ │ │ ├── test9.out.ok │ │ │ └── test9.sh │ ├── resolve_cmnd.c │ ├── serialize_list.c │ ├── set_perms.c │ ├── sethost.c │ ├── solaris_audit.c │ ├── solaris_audit.h │ ├── sssd.c │ ├── starttime.c │ ├── strlcpy_unesc.c │ ├── strlist.c │ ├── strlist.h │ ├── strvec_join.c │ ├── stubs.c │ ├── sudo_ldap.h │ ├── sudo_ldap_conf.h │ ├── sudo_nss.c │ ├── sudo_nss.h │ ├── sudo_printf.c │ ├── sudoers.c │ ├── sudoers.exp │ ├── sudoers.h │ ├── sudoers.in │ ├── sudoers_cb.c │ ├── sudoers_ctx_free.c │ ├── sudoers_debug.c │ ├── sudoers_debug.h │ ├── sudoers_hooks.c │ ├── sudoers_version.h │ ├── sudoreplay.c │ ├── testsudoers.c │ ├── testsudoers_pwutil.c │ ├── testsudoers_pwutil.h │ ├── timeout.c │ ├── timestamp.c │ ├── timestamp.h │ ├── timestr.c │ ├── toke.c │ ├── toke.h │ ├── toke.l │ ├── toke_util.c │ ├── tsdump.c │ ├── tsgetgrpw.c │ ├── tsgetgrpw.h │ ├── unesc_str.c │ ├── visudo.c │ └── visudo_cb.c └── system_group │ ├── Makefile.in │ ├── system_group.c │ └── system_group.exp ├── po ├── README ├── ast.mo ├── ast.po ├── ca.mo ├── ca.po ├── cs.mo ├── cs.po ├── da.mo ├── da.po ├── de.mo ├── de.po ├── eo.mo ├── eo.po ├── es.mo ├── es.po ├── eu.mo ├── eu.po ├── fa.mo ├── fa.po ├── fi.mo ├── fi.po ├── fr.mo ├── fr.po ├── fur.mo ├── fur.po ├── gl.mo ├── gl.po ├── hr.mo ├── hr.po ├── hu.mo ├── hu.po ├── id.mo ├── id.po ├── it.mo ├── it.po ├── ja.mo ├── ja.po ├── ka.mo ├── ka.po ├── ko.mo ├── ko.po ├── nb.mo ├── nb.po ├── nl.mo ├── nl.po ├── nn.mo ├── nn.po ├── pl.mo ├── pl.po ├── pt.mo ├── pt.po ├── pt_BR.mo ├── pt_BR.po ├── ro.mo ├── ro.po ├── ru.mo ├── ru.po ├── sk.mo ├── sk.po ├── sl.mo ├── sl.po ├── sq.mo ├── sq.po ├── sr.mo ├── sr.po ├── sudo.pot ├── sv.mo ├── sv.po ├── tr.mo ├── tr.po ├── uk.mo ├── uk.po ├── vi.mo ├── vi.po ├── zh_CN.mo ├── zh_CN.po ├── zh_TW.mo └── zh_TW.po ├── scripts ├── build_pkgs ├── check_man.in ├── config.guess ├── config.sub ├── generate_test_coverage.sh ├── install-sh ├── log2cl.pl ├── ltmain.sh ├── mkdep.pl ├── mkinstalldirs ├── mkpkg ├── pp └── unanon └── src ├── Makefile.in ├── apparmor.c ├── conversation.c ├── copy_file.c ├── edit_open.c ├── env_hooks.c ├── exec.c ├── exec_common.c ├── exec_intercept.c ├── exec_intercept.h ├── exec_iolog.c ├── exec_monitor.c ├── exec_nopty.c ├── exec_preload.c ├── exec_ptrace.c ├── exec_ptrace.h ├── exec_pty.c ├── get_pty.c ├── hooks.c ├── intercept.exp.in ├── intercept.pb-c.c ├── intercept.proto ├── limits.c ├── load_plugins.c ├── net_ifs.c ├── openbsd.c ├── parse_args.c ├── preload.c ├── preserve_fds.c ├── regress ├── intercept │ └── test_ptrace.c ├── net_ifs │ └── check_net_ifs.c ├── noexec │ └── check_noexec.c └── ttyname │ └── check_ttyname.c ├── selinux.c ├── sesh.c ├── signal.c ├── solaris.c ├── sudo.c ├── sudo.h ├── sudo_edit.c ├── sudo_edit.h ├── sudo_exec.h ├── sudo_intercept.c ├── sudo_intercept_common.c ├── sudo_noexec.c ├── sudo_plugin_int.h ├── sudo_usage.h.in ├── suspend_parent.c ├── tgetpass.c ├── ttyname.c └── utmp.c /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: sudo-project 2 | open_collective: sudo-project 3 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # OpenBSD may have multiple versions of autoconf and automake installed 4 | # If the user hasn't chosen one themselves, we do here. 5 | if [ "`/usr/bin/uname 2>&1`" = "OpenBSD" ]; then 6 | if [ X"$AUTOMAKE_VERSION" = X"" ]; then 7 | AUTOMAKE_VERSION=1.16; export AUTOMAKE_VERSION 8 | fi 9 | if [ X"$AUTOCONF_VERSION" = X"" ]; then 10 | AUTOCONF_VERSION=2.71; export AUTOCONF_VERSION 11 | fi 12 | fi 13 | 14 | set -ex 15 | 16 | autoreconf -f -i -v -Wall -I m4 17 | 18 | rm -rf autom4te.cache 19 | 20 | exit 0 21 | -------------------------------------------------------------------------------- /docker/debian/latest/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/debian:latest 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ 4 | DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ 5 | build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ 6 | libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ 7 | libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ 8 | lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ 9 | ssh zlib1g-dev 10 | RUN useradd -ms /bin/bash build 11 | -------------------------------------------------------------------------------- /docker/debian/testing/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/debian:testing 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ 4 | DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ 5 | build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ 6 | libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ 7 | libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ 8 | lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ 9 | ssh zlib1g-dev 10 | RUN useradd -ms /bin/bash build 11 | -------------------------------------------------------------------------------- /docker/fedora/latest/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/fedora:latest 2 | ENV TZ=America/Denver 3 | 4 | RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \ 5 | libasan libubsan libselinux-devel libsepol-devel make openldap-devel \ 6 | openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \ 7 | ed gcc gdb git openssh pkg-config procps which 8 | RUN useradd -ms /bin/bash build 9 | -------------------------------------------------------------------------------- /docker/fedora/rawhide/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/fedora:rawhide 2 | ENV TZ=America/Denver 3 | 4 | RUN dnf -y install audit-libs-devel cyrus-sasl-devel glibc-devel krb5-devel \ 5 | libasan libubsan libselinux-devel libsepol-devel make openldap-devel \ 6 | openssl-devel pam-devel python3-devel rpm-build zlib-devel binutils \ 7 | ed gcc gdb git openssh pkg-config procps which 8 | RUN useradd -ms /bin/bash build 9 | -------------------------------------------------------------------------------- /docker/ubuntu/devel/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/ubuntu:devel 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ 4 | DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ 5 | build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ 6 | libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ 7 | libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ 8 | lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ 9 | ssh zlib1g-dev 10 | RUN useradd -ms /bin/bash build 11 | -------------------------------------------------------------------------------- /docker/ubuntu/latest/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/ubuntu:latest 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ 4 | DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ 5 | build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ 6 | libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ 7 | libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ 8 | lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ 9 | ssh zlib1g-dev 10 | RUN useradd -ms /bin/bash build 11 | -------------------------------------------------------------------------------- /docker/ubuntu/rolling/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker.io/library/ubuntu:rolling 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get update && \ 4 | DEBIAN_FRONTEND=noninteractive TZ=America/Denver apt-get install -y \ 5 | build-essential curl dpkg-dev ed fakeroot file git libapparmor-dev \ 6 | libaudit-dev libkrb5-dev libldap2-dev libpam0g-dev libpython3-dev \ 7 | libsasl2-dev libselinux1-dev libsepol-dev libssl-dev libwolfssl-dev \ 8 | lsb-release ncurses-term openssh-client pkg-config procps python3-dev \ 9 | ssh zlib1g-dev 10 | RUN useradd -ms /bin/bash build 11 | -------------------------------------------------------------------------------- /docs/CODEOWNERS: -------------------------------------------------------------------------------- 1 | @millert 2 | -------------------------------------------------------------------------------- /docs/fixmdoc.sed: -------------------------------------------------------------------------------- 1 | # Replace "0 minutes" with "unlimited" 2 | /^\.Li 0$/ { 3 | N 4 | s/^\.Li 0\nminutes\.$/unlimited./ 5 | } 6 | -------------------------------------------------------------------------------- /docs/sudo.conf.man.in.sed: -------------------------------------------------------------------------------- 1 | s/^\(.TH .*\)/.nr SL @SEMAN@\ 2 | \1/ 3 | 4 | /^\.TP 6n$/ { 5 | N 6 | /^.TP 6n\nsesh$/ { 7 | i\ 8 | .if \\n(SL \\{\\ 9 | } 10 | } 11 | 12 | /^\\fI@sesh_file@\\fR\.$/ { 13 | a\ 14 | .\\} 15 | } 16 | -------------------------------------------------------------------------------- /etc/codespell.ignore: -------------------------------------------------------------------------------- 1 | SOM 2 | VAS 3 | alloced 4 | anull 5 | clen 6 | edn 7 | exect 8 | fIDN 9 | fpt 10 | ist 11 | nome 12 | numer 13 | pleas 14 | sav 15 | servent 16 | siz 17 | statics 18 | thur 19 | toke 20 | vas 21 | wit 22 | -------------------------------------------------------------------------------- /etc/codespell.skip: -------------------------------------------------------------------------------- 1 | \.in\.sed$ 2 | /data 3 | Makefile\.in 4 | ^ChangeLog$ 5 | ^MANIFEST$ 6 | ^aclocal\.m4$ 7 | ^autogen\.sh$ 8 | ^config\.h\.in$ 9 | ^configure$ 10 | ^docs/.*\.man\.in$ 11 | ^docs/CONTRIBUTORS$ 12 | ^etc/codespell 13 | ^lib/util/fnmatch\.c$ 14 | ^lib/util/getaddrinfo\.c$ 15 | ^lib/zlib/ 16 | ^libtool$ 17 | ^m4/libtool\.m4$ 18 | ^m4/lt.*\.m4$ 19 | ^plugins/sudoers/po/ 20 | ^po/ 21 | ^scripts/config\.guess$ 22 | ^scripts/config\.sub$ 23 | ^scripts/ltmain\.sh$ 24 | ^scripts/mkinstalldirs$ 25 | ^scripts/pp$ 26 | -------------------------------------------------------------------------------- /etc/init.d/aix.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Simple AIX rc.d script to remove the sudo timestamp directory on boot. 4 | # This is needed because AIX does not have /var/run. 5 | # Install as /etc/rc.d/init.d/sudo with a link /etc/rc.d/rc2.d/S90sudo 6 | # 7 | 8 | PATH=/usr/sbin:/usr/bin:/sbin 9 | export PATH 10 | 11 | TSDIR="@rundir@/ts" 12 | rval=0 13 | 14 | case "$1" in 15 | start) 16 | echo "Removing the $TSDIR directory" 17 | rm -rf "$TSDIR" 18 | ;; 19 | *) 20 | echo "usage: $0 start" 21 | rval=1 22 | ;; 23 | esac 24 | 25 | exit $rval 26 | -------------------------------------------------------------------------------- /etc/init.d/hpux.sh.in: -------------------------------------------------------------------------------- 1 | #!/sbin/sh 2 | # 3 | # Simple HP-UX init.d script to remove the sudo timestamp directory on boot. 4 | # This is needed because HP-UX does not clear /var/run on its own. 5 | # Install as /sbin/init.d/sudo with a link /sbin/rc2.d/S900sudo 6 | # 7 | 8 | PATH=/usr/sbin:/usr/bin:/sbin 9 | export PATH 10 | 11 | TSDIR="@rundir@/ts" 12 | rval=0 13 | 14 | case "$1" in 15 | start_msg) 16 | echo "Removing the $TSDIR directory" 17 | ;; 18 | start) 19 | rm -rf "$TSDIR" 20 | ;; 21 | *) 22 | echo "usage: $0 {start|start_msg}" 23 | rval=1 24 | ;; 25 | esac 26 | 27 | exit $rval 28 | -------------------------------------------------------------------------------- /etc/init.d/sudo.conf.in: -------------------------------------------------------------------------------- 1 | # Create an empty sudo time stamp directory on OSes using systemd. 2 | # Sudo will create the directory itself but this can cause problems 3 | # on systems that have SELinux enabled since the directories will be 4 | # created with the user's security context. 5 | d @rundir@ 0711 root root 6 | D @rundir@/ts 0700 root root 7 | -------------------------------------------------------------------------------- /etc/macos-background.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/etc/macos-background.png -------------------------------------------------------------------------------- /lib/eventlog/regress/eventlog_store/test1.sudo.out.ok: -------------------------------------------------------------------------------- 1 | HOST=xerxes.sudo.ws ; TTY=ttypb ; CWD=/etc/mail ; USER=root ; TSID=0003FI ; ENV=KRB5CCNAME=bogus LD_LIBRARY_PATH=/opt/sudo/libexec ; COMMAND=/usr/bin/ci -u aliases#012 2 | HOST=xerxes.sudo.ws ; TTY=ttypb ; CWD=/etc/mail ; USER=root ; TSID=0003FI ; ENV=KRB5CCNAME=bogus LD_LIBRARY_PATH=/opt/sudo/libexec ; COMMAND=/usr/bin/ci -u aliases#012 ; EXIT=1 3 | -------------------------------------------------------------------------------- /lib/eventlog/regress/eventlog_store/test2.json.out.ok: -------------------------------------------------------------------------------- 1 | { 2 | "submituser": "millert", 3 | "command": "/usr/bin/id", 4 | "runuser": "root", 5 | "source": "sudoRole %wheel", 6 | "ttyname": "/dev/ttyp0", 7 | "submithost": "xerxes.sudo.ws", 8 | "submitcwd": "/usr/src/local/millert/sudo/trunk", 9 | "runuid": 0, 10 | "columns": 80, 11 | "lines": 24, 12 | "runargv": [ 13 | "id" 14 | ], 15 | "runenv": [ 16 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 17 | "TERM=tmux", 18 | "LANG=en_US.UTF-8", 19 | "MAIL=/var/mail/root", 20 | "LOGNAME=root", 21 | "USER=root", 22 | "HOME=/root", 23 | "SHELL=/bin/bash", 24 | "SUDO_COMMAND=/usr/bin/id", 25 | "SUDO_USER=millert", 26 | "SUDO_UID=8036", 27 | "SUDO_GID=20" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /lib/eventlog/regress/eventlog_store/test2.sudo.out.ok: -------------------------------------------------------------------------------- 1 | HOST=xerxes.sudo.ws ; TTY=ttyp0 ; CWD=/usr/src/local/millert/sudo/trunk ; USER=root ; TSID=00035Q ; ENV=KRB5CCNAME=bogus ; COMMAND=/usr/bin/id 2 | HOST=xerxes.sudo.ws ; TTY=ttyp0 ; CWD=/usr/src/local/millert/sudo/trunk ; USER=root ; TSID=00035Q ; ENV=KRB5CCNAME=bogus ; COMMAND=/usr/bin/id ; EXIT=0 3 | -------------------------------------------------------------------------------- /lib/eventlog/regress/eventlog_store/test3.sudo.out.ok: -------------------------------------------------------------------------------- 1 | HOST=linux-build ; TTY=pts/1 ; CWD=/home/millert/sudo/oss-fuzz ; USER=root ; TSID=00005H ; COMMAND=/usr/bin/find build/out/sudoers/ 2 | HOST=linux-build ; TTY=pts/1 ; CWD=/home/millert/sudo/oss-fuzz ; USER=root ; TSID=00005H ; COMMAND=/usr/bin/find build/out/sudoers/ ; SIGNAL=QUIT ; EXIT=131 3 | -------------------------------------------------------------------------------- /lib/eventlog/regress/eventlog_store/test4.sudo.out.ok: -------------------------------------------------------------------------------- 1 | HOST=xerxes.sudo.ws ; TTY=ttypb ; CWD=/etc/mail ; USER=root ; TSID=0003FG ; COMMAND=/usr/bin/vi aliases 2 | HOST=xerxes.sudo.ws ; TTY=ttypb ; CWD=/etc/mail ; USER=root ; TSID=0003FG ; COMMAND=/usr/bin/vi aliases ; EXIT=0 3 | -------------------------------------------------------------------------------- /lib/eventlog/regress/logwrap/check_wrap.in: -------------------------------------------------------------------------------- 1 | Jul 11 11:30:17 : tu2sp3-a : command not allowed ; TTY=pts/1 ; PWD=/home/tu2sp3-a ; USER=root ; COMMAND=/opt/quest/bin/vastool list users 2 | 0,60-80,120,140 3 | Jun 26 18:00:06 : millert : TTY=ttypm ; PWD=/usr/src/local/millert/hg/sudo/build ; USER=root ; TSID=0004KT ; COMMAND=/bin/rm /root/.bash_profile 4 | 0,60-80,120,140 5 | -------------------------------------------------------------------------------- /lib/eventlog/regress/parse_json/test3.in: -------------------------------------------------------------------------------- 1 | { 2 | "true": false, 3 | "false": true, 4 | "number": 1234567890, 5 | "null": null, 6 | "string": "non\u0073ense", 7 | "scope": { 8 | "a": "b", 9 | "bah": null 10 | }, 11 | "array1": [ 12 | "foo", 13 | "bar", 14 | [ 15 | 123, 16 | null, 17 | false, 18 | "fizz", 19 | "buzz" 20 | ] 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /lib/eventlog/regress/parse_json/test3.out.ok: -------------------------------------------------------------------------------- 1 | { 2 | "true": false, 3 | "false": true, 4 | "number": 1234567890, 5 | "null": null, 6 | "string": "nonsense", 7 | "scope": { 8 | "a": "b", 9 | "bah": null 10 | }, 11 | "array1": [ 12 | "foo", 13 | "bar", 14 | [ 15 | 123, 16 | null, 17 | false, 18 | "fizz", 19 | "buzz" 20 | ] 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/id.log: -------------------------------------------------------------------------------- 1 | 1603746837:millert:root::/dev/ttypb:24:80 2 | /usr/src/local/millert/sudo/trunk/lib/eventlog/regress 3 | /usr/bin/id 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/less.log: -------------------------------------------------------------------------------- 1 | 1611859113:bob:bob:ldap:/dev/console:24:80 2 | /var/tmp 3 | /usr/bin/less /etc/ldapd.conf 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/ls.log: -------------------------------------------------------------------------------- 1 | 1584790549:millert:root::/dev/ttyp3:24:80 2 | /usr/src/local/millert/hg/sudo/1.7 3 | /bin/ls 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/mailq.log: -------------------------------------------------------------------------------- 1 | 1584884264:millert:root::/dev/ttyp3:24:80 2 | /home/millert 3 | /usr/bin/mailq 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/make.log: -------------------------------------------------------------------------------- 1 | 1584977889:millert:root::/dev/ttypi:24:80 2 | /home/millert/tmp/src/usr.bin/sort 3 | /usr/bin/make -C /usr/src/usr.bin/sort install 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log: -------------------------------------------------------------------------------- 1 | 1595281300:millert:root::/dev/ttypd:24:80 2 | /usr/src/local/Music/chordpro 3 | /usr/sbin/pkg_add p5-PDF-API2 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log: -------------------------------------------------------------------------------- 1 | 1595620314:millert:root::/dev/ttypd:24:80 2 | /usr/ports/textproc/chordpro/pkg 3 | /usr/sbin/pkg_delete chordpro 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/printenv.log: -------------------------------------------------------------------------------- 1 | 1601411718:testdude:root::/dev/ttypb:24:80 2 | /usr/src/local/millert/sudo/trunk/plugins/sudoers 3 | /usr/bin/printenv 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/smtpctl.log: -------------------------------------------------------------------------------- 1 | 1666108884:aemon:root::/dev/pts/4:64:128 2 | /home/aemon 3 | /usr/sbin/smtpctl remove 272a4d27e1fd732e 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/log_legacy/vi.log: -------------------------------------------------------------------------------- 1 | 1611849879:alice:root::/dev/pts/0:24:80 2 | /export/home/alice 3 | /usr/bin/vi /etc/nsswitch.conf 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/timing/timing.4: -------------------------------------------------------------------------------- 1 | 2 0.025750192 5 2 | 0 0.670737828 2 3 | 0 2.832110312 2 4 | 0 0.903947334 2 5 | 0 1.727798521 3 6 | 0 2.040329883 2 7 | 2 0.001192523 2 8 | 1 0.001253839 77 9 | -------------------------------------------------------------------------------- /lib/iolog/regress/corpus/seed/timing/timing.7: -------------------------------------------------------------------------------- 1 | 3 0.731998581 1 2 | 4 0.001916416 2 3 | 7 0.002850082 TSTP 4 | 7 0.683456735 CONT 5 | 3 0.688967687 1 6 | 4 0.001667674 2 7 | 7 0.002277631 TSTP 8 | 7 0.515107145 CONT 9 | 3 0.343713993 1 10 | 4 0.002050968 2 11 | -------------------------------------------------------------------------------- /lib/iolog/regress/fuzz/fuzz_iolog_json.dict: -------------------------------------------------------------------------------- 1 | # I/O log JSON keywords 2 | "\"columns\"" 3 | "\"command\"" 4 | "\"dumped_core\"" 5 | "\"exit_value\"" 6 | "\"lines\"" 7 | "\"run_time\"" 8 | "\"runargv\"" 9 | "\"runenv\"" 10 | "\"rungid\"" 11 | "\"rungroup\"" 12 | "\"runuid\"" 13 | "\"runuser\"" 14 | "\"runchroot\"" 15 | "\"runcwd\"" 16 | "\"signal\"" 17 | "\"submitcwd\"" 18 | "\"submithost\"" 19 | "\"submituser\"" 20 | "\"timestamp\"" 21 | "\"ttyname\""" 22 | -------------------------------------------------------------------------------- /lib/iolog/regress/fuzz/fuzz_iolog_legacy.dict: -------------------------------------------------------------------------------- 1 | # Legacy I/O log info file: 2 | # timestamp:submit_user:run_user:run_group:tty:lines:columns 3 | # working directory 4 | # command [args] 5 | 6 | # users and groups 7 | "millert" 8 | "root" 9 | "bin" 10 | "wheel" 11 | "operator" 12 | "testuser" 13 | "alice" 14 | "bob" 15 | "users" 16 | 17 | # terminals 18 | "/dev/console" 19 | "/dev/tty00" 20 | "/dev/tty01" 21 | "/dev/pts/0" 22 | "/dev/pts/1" 23 | "/dev/ttyp2" 24 | "/dev/ttyp3" 25 | 26 | # directories 27 | "/root" 28 | "/home/millert" 29 | "/home/alice" 30 | "/home/bob" 31 | "/tmp" 32 | "/usr/local" 33 | "/usr/src" 34 | 35 | # commands 36 | "/bin/ls" 37 | "/usr/bin/id -u" 38 | "/usr/bin/su -" 39 | "/usr/bin/mailq" 40 | "/usr/bin/make -C /usr/src/usr.bin/sort install" 41 | "/usr/bin/apt update" 42 | "/usr/bin/rpm -e sudo" 43 | -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test1/log: -------------------------------------------------------------------------------- 1 | 1645151020:millert:root::/dev/ttypb:24:80 2 | /home/millert 3 | /usr/bin/passwd 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test1/ttyin: -------------------------------------------------------------------------------- 1 | A new password? A bad password...  -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test1/ttyin.filtered: -------------------------------------------------------------------------------- 1 | *************** ***************** * -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test1/ttyout: -------------------------------------------------------------------------------- 1 | Changing password for millert. 2 | New password: 3 | Retype new password: 4 | Mismatch; try again, EOF to quit. 5 | New password: 6 | 7 | Password unchanged. 8 | -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test2/log: -------------------------------------------------------------------------------- 1 | 1645153850:millert:millert::/dev/ttypb:24:80 2 | /home/millert 3 | /usr/bin/su testdude 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test2/ttyin: -------------------------------------------------------------------------------- 1 | test123 echo hi ereherethere!  -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test2/ttyin.filtered: -------------------------------------------------------------------------------- 1 | ******* echo hi ereherethere!  -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test2/ttyout: -------------------------------------------------------------------------------- 1 | Password: 2 | xerxes$ echo hi ere   here    there! 3 | hi there! 4 | xerxes$ ^D 5 | -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test3/log: -------------------------------------------------------------------------------- 1 | 1645201461:millert:root::/dev/ttyp0:24:80 2 | /home/millert 3 | /usr/bin/ssh -oPubkeyAuthentication=no localhost 4 | -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test3/ttyin: -------------------------------------------------------------------------------- 1 | not a password nope, sorry try again please -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test3/ttyin.filtered: -------------------------------------------------------------------------------- 1 | ************** *********** **************** -------------------------------------------------------------------------------- /lib/iolog/regress/iolog_filter/test3/ttyout: -------------------------------------------------------------------------------- 1 | root@localhost's password: 2 | Permission denied, please try again. 3 | root@localhost's password: 4 | Permission denied, please try again. 5 | root@localhost's password: 6 | root@localhost: Permission denied (publickey,password,keyboard-interactive). 7 | -------------------------------------------------------------------------------- /lib/util/regress/fnmatch/fnm_test.in: -------------------------------------------------------------------------------- 1 | /bin/[[:alpha:][:alnum:]]* /bin/ls FNM_PATHNAME 0 2 | /bin/[[:alpha:][:alnum:]]* /bin/LS FNM_CASEFOLD 0 3 | /bin/[[:opper:][:alnum:]]* /bin/ls NONE 1 4 | [[:alpha:][:alnum:]]*.c foo1.c FNM_PERIOD 0 5 | [[:upper:]]* FOO NONE 0 6 | [![:space:]]* bar NONE 0 7 | -------------------------------------------------------------------------------- /lib/util/regress/fuzz/fuzz_sudo_conf.dict: -------------------------------------------------------------------------------- 1 | # sudo.conf keywords 2 | "Debug" 3 | "Path" 4 | "Plugin" 5 | "Set" 6 | 7 | # Paths 8 | "askpass" 9 | "sesh" 10 | "noexec" 11 | "plugin_dir" 12 | "devsearch" 13 | 14 | # Variables 15 | "disable_coredump" 16 | "group_source" 17 | "max_groups" 18 | "probe_interfaces" 19 | -------------------------------------------------------------------------------- /lib/util/regress/glob/files: -------------------------------------------------------------------------------- 1 | fake/bin/[ 2 | fake/bin/cat 3 | fake/bin/chgrp 4 | fake/bin/chio 5 | fake/bin/chmod 6 | fake/bin/cksum 7 | fake/bin/cp 8 | fake/bin/cpio 9 | fake/bin/csh 10 | fake/bin/date 11 | fake/bin/dd 12 | fake/bin/df 13 | fake/bin/domainname 14 | fake/bin/echo 15 | fake/bin/ed 16 | fake/bin/eject 17 | fake/bin/expr 18 | fake/bin/hostname 19 | fake/bin/kill 20 | fake/bin/ksh 21 | fake/bin/ln 22 | fake/bin/ls 23 | fake/bin/md5 24 | fake/bin/mkdir 25 | fake/bin/mt 26 | fake/bin/mv 27 | fake/bin/pax 28 | fake/bin/ps 29 | fake/bin/pwd 30 | fake/bin/rcp 31 | fake/bin/rksh 32 | fake/bin/rm 33 | fake/bin/rmail 34 | fake/bin/rmd160 35 | fake/bin/rmdir 36 | fake/bin/sh 37 | fake/bin/sha1 38 | fake/bin/sha256 39 | fake/bin/sha384 40 | fake/bin/sha512 41 | fake/bin/sleep 42 | fake/bin/stty 43 | fake/bin/sum 44 | fake/bin/sync 45 | fake/bin/systrace 46 | fake/bin/tar 47 | fake/bin/test 48 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test1.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump false 2 | Set group_source static 3 | Set max_groups -1 4 | Set probe_interfaces true 5 | Path askpass /usr/X11R6/bin/ssh-askpass 6 | Path noexec /usr/libexec/sudo_noexec.so 7 | Plugin sudoers_policy sudoers.so 8 | Plugin sudoers_io sudoers.so 9 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test2.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/lib/util/regress/sudo_conf/test2.in -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test2.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump true 2 | Set group_source adaptive 3 | Set max_groups -1 4 | Set probe_interfaces true 5 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test3.in: -------------------------------------------------------------------------------- 1 | Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0 2 | Plugin sudoers_io sudoers.so 3 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test3.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump true 2 | Set group_source adaptive 3 | Set max_groups -1 4 | Set probe_interfaces true 5 | Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0 6 | Plugin sudoers_io sudoers.so 7 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test4.err.ok: -------------------------------------------------------------------------------- 1 | conf_test: invalid value for disable_coredump "foo" in regress/sudo_conf/test4.in, line 1 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test4.in: -------------------------------------------------------------------------------- 1 | Set disable_coredump foo 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test4.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump true 2 | Set group_source adaptive 3 | Set max_groups -1 4 | Set probe_interfaces true 5 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test5.err.ok: -------------------------------------------------------------------------------- 1 | conf_test: invalid max groups "0" in regress/sudo_conf/test5.in, line 1 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test5.in: -------------------------------------------------------------------------------- 1 | Set max_groups 0 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test5.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump true 2 | Set group_source adaptive 3 | Set max_groups -1 4 | Set probe_interfaces true 5 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test6.in: -------------------------------------------------------------------------------- 1 | Set max_groups 16 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test6.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump true 2 | Set group_source adaptive 3 | Set max_groups 16 4 | Set probe_interfaces true 5 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test7.in: -------------------------------------------------------------------------------- 1 | Debug sudo /var/log/sudo_debug all@info 2 | Debug sudo /var/log/sudo_debug util@debug 3 | Debug visudo /var/log/sudo_debug match@debug 4 | Debug sudoers.so /var/log/sudoers_debug match@debug,nss@info 5 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_conf/test7.out.ok: -------------------------------------------------------------------------------- 1 | Set disable_coredump true 2 | Set group_source adaptive 3 | Set max_groups -1 4 | Set probe_interfaces true 5 | Debug sudo /var/log/sudo_debug all@info 6 | Debug sudo /var/log/sudo_debug util@debug 7 | Debug visudo /var/log/sudo_debug match@debug 8 | Debug sudoers.so /var/log/sudoers_debug match@debug,nss@info 9 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test2.in: -------------------------------------------------------------------------------- 1 | this \ 2 | is all \ 3 | one line 4 | # this is a comment, and does not get continued\ 5 | trim the \ 6 | leading \ 7 | white \ 8 | space 9 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test2.out.ok: -------------------------------------------------------------------------------- 1 | 3 this is all one line 2 | 4 3 | 8 trim the leading white space 4 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test3.in: -------------------------------------------------------------------------------- 1 | line continuation at EOF \ 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test3.out.ok: -------------------------------------------------------------------------------- 1 | 1 line continuation at EOF 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test4.in: -------------------------------------------------------------------------------- 1 | line contin\ 2 | uation raw 3 | line contin\ 4 | uation indented 5 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test4.out.ok: -------------------------------------------------------------------------------- 1 | 2 line continuation raw 2 | 4 line continuation indented 3 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test5.in: -------------------------------------------------------------------------------- 1 | \ 2 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test5.out.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/lib/util/regress/sudo_parseln/test5.out.ok -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test6.in: -------------------------------------------------------------------------------- 1 | leading and trailing white space 2 | # a comment 3 | \ 4 | -------------------------------------------------------------------------------- /lib/util/regress/sudo_parseln/test6.out.ok: -------------------------------------------------------------------------------- 1 | 1 leading and trailing white space 2 | 2 3 | -------------------------------------------------------------------------------- /lib/zlib/gzclose.c: -------------------------------------------------------------------------------- 1 | /* gzclose.c -- zlib gzclose() function 2 | * Copyright (C) 2004, 2010 Mark Adler 3 | * For conditions of distribution and use, see copyright notice in zlib.h 4 | */ 5 | 6 | #include "gzguts.h" 7 | 8 | /* gzclose() is in a separate file so that it is linked in only if it is used. 9 | That way the other gzclose functions can be used instead to avoid linking in 10 | unneeded compression or decompression routines. */ 11 | int ZEXPORT gzclose(gzFile file) { 12 | #ifndef NO_GZCOMPRESS 13 | gz_statep state; 14 | 15 | if (file == NULL) 16 | return Z_STREAM_ERROR; 17 | state = (gz_statep)file; 18 | 19 | return state->mode == GZ_READ ? gzclose_r(file) : gzclose_w(file); 20 | #else 21 | return gzclose_r(file); 22 | #endif 23 | } 24 | -------------------------------------------------------------------------------- /lib/zlib/inffast.h: -------------------------------------------------------------------------------- 1 | /* inffast.h -- header to use inffast.c 2 | * Copyright (C) 1995-2003, 2010 Mark Adler 3 | * For conditions of distribution and use, see copyright notice in zlib.h 4 | */ 5 | 6 | /* WARNING: this file should *not* be used by applications. It is 7 | part of the implementation of the compression library and is 8 | subject to change. Applications should only use zlib.h. 9 | */ 10 | 11 | void ZLIB_INTERNAL inflate_fast(z_streamp strm, unsigned start); 12 | -------------------------------------------------------------------------------- /logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict: -------------------------------------------------------------------------------- 1 | "[server]" 2 | "listen_address" 3 | "pid_file" 4 | "tcp_keepalive" 5 | "timeout" 6 | "tls_verify" 7 | "tls_checkpeer" 8 | "tls_cacert" 9 | "tls_cert" 10 | "tls_key" 11 | "tls_ciphers_v12" 12 | "tls_ciphers_v13" 13 | "tls_dhparams" 14 | 15 | "[relay]" 16 | "relay_host" 17 | "connect_timeout" 18 | 19 | "[iolog]" 20 | "iolog_dir" 21 | "iolog_file" 22 | "iolog_compress" 23 | "iolog_flush" 24 | "iolog_group" 25 | "iolog_user" 26 | "iolog_mode" 27 | "log_passwords" 28 | "maxseq" 29 | "passprompt_regex" 30 | 31 | "[eventlog]" 32 | "log_type" 33 | "log_format" 34 | 35 | "[syslog]" 36 | "maxlen" 37 | "facility" 38 | "accept_priority" 39 | "reject_priority" 40 | "alert_priority" 41 | 42 | "[logfile]" 43 | "path" 44 | "time_format" 45 | -------------------------------------------------------------------------------- /logsrvd/regress/logsrvd_conf/logsrvd_dhparams.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIIBCAKCAQEA/QJRAmmGCZw79LyKinHUA0fEEzDiUkhuILieN0LLruznj4RBebQi 3 | 0sEa7YrFPG7z/eLU/aoBaJmWiX3ZOGReM1NoMJgZJezkY3HBiHombb9lBJHOSaHK 4 | rT6viG3tBiu3DiByC+hdcp9xWfXkxgC944tIiTdFJtgYWw1KUBRHnSMob+ulZ2VE 5 | COZE8HX7Nbp26fsfOKgcb/AX0fMLOetG0aaSgYAtyOGx1toRAFhEcdq/lusdkbzy 6 | SUWwXfMXZorZoPudn31w7IN2wvDtP7v5fGqx6e9c91Orhy96sC7jmwedK/BGnkRi 7 | XwnI6LNXwg30g4vLuinegqcNzmqcFY0wIwIBAg== 8 | -----END DH PARAMETERS----- 9 | -------------------------------------------------------------------------------- /m4/ltversion.m4: -------------------------------------------------------------------------------- 1 | # ltversion.m4 -- version numbers -*- Autoconf -*- 2 | # 3 | # Copyright (C) 2004, 2011-2019, 2021-2024 Free Software Foundation, 4 | # Inc. 5 | # Written by Scott James Remnant, 2004 6 | # 7 | # This file is free software; the Free Software Foundation gives 8 | # unlimited permission to copy and/or distribute it, with or without 9 | # modifications, as long as this notice is preserved. 10 | 11 | # @configure_input@ 12 | 13 | # serial 4392 ltversion.m4 14 | # This file is part of GNU Libtool 15 | 16 | m4_define([LT_PACKAGE_VERSION], [2.5.3]) 17 | m4_define([LT_PACKAGE_REVISION], [2.5.3]) 18 | 19 | AC_DEFUN([LTVERSION_VERSION], 20 | [macro_version='2.5.3' 21 | macro_revision='2.5.3' 22 | _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) 23 | _LT_DECL(, macro_revision, 0) 24 | ]) 25 | -------------------------------------------------------------------------------- /m4/runlog.m4: -------------------------------------------------------------------------------- 1 | ## -*- Autoconf -*- 2 | # Copyright (C) 2001-2020 Free Software Foundation, Inc. 3 | # 4 | # This file is free software; the Free Software Foundation 5 | # gives unlimited permission to copy and/or distribute it, 6 | # with or without modifications, as long as this notice is preserved. 7 | 8 | # AM_RUN_LOG(COMMAND) 9 | # ------------------- 10 | # Run COMMAND, save the exit status in ac_status, and log it. 11 | # (This has been adapted from Autoconf's _AC_RUN_LOG macro.) 12 | AC_DEFUN([AM_RUN_LOG], 13 | [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD 14 | ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD 15 | ac_status=$? 16 | echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD 17 | (exit $ac_status); }]) 18 | -------------------------------------------------------------------------------- /plugins/audit_json/audit_json.exp: -------------------------------------------------------------------------------- 1 | audit_json 2 | -------------------------------------------------------------------------------- /plugins/group_file/group_file.exp: -------------------------------------------------------------------------------- 1 | group_plugin 2 | -------------------------------------------------------------------------------- /plugins/python/example_approval_plugin.py: -------------------------------------------------------------------------------- 1 | import sudo 2 | 3 | from datetime import datetime 4 | 5 | 6 | class BusinessHoursApprovalPlugin(sudo.Plugin): 7 | def check(self, command_info: tuple, run_argv: tuple, 8 | run_env: tuple) -> int: 9 | error_msg = "" 10 | now = datetime.now() 11 | if now.weekday() >= 5: 12 | error_msg = "That is not allowed on the weekend!" 13 | if now.hour < 8 or now.hour > 17: 14 | error_msg = "That is not allowed outside the business hours!" 15 | 16 | if error_msg: 17 | sudo.log_info(error_msg) 18 | raise sudo.PluginReject(error_msg) 19 | -------------------------------------------------------------------------------- /plugins/python/lsan_suppr.txt: -------------------------------------------------------------------------------- 1 | leak:libpython 2 | -------------------------------------------------------------------------------- /plugins/python/python_plugin.exp: -------------------------------------------------------------------------------- 1 | group_plugin 2 | python_approval 3 | python_approval_clone 4 | python_audit 5 | python_audit_clone 6 | python_io 7 | python_io_clone 8 | python_policy 9 | -------------------------------------------------------------------------------- /plugins/python/regress/plugin_conflict.py: -------------------------------------------------------------------------------- 1 | import sudo 2 | 3 | import sys 4 | 5 | sys.path = [] 6 | 7 | class ConflictPlugin(sudo.Plugin): 8 | def __init__(self, plugin_options, **kwargs): 9 | sudo.log_info("PATH before: {} (should be empty)".format(sys.path)) 10 | sys.path = [sudo.options_as_dict(plugin_options).get("Path")] 11 | sudo.log_info("PATH set: {}".format(sys.path)) 12 | -------------------------------------------------------------------------------- /plugins/python/regress/plugin_errorstr.py: -------------------------------------------------------------------------------- 1 | import sudo 2 | 3 | 4 | # The purpose of this class is that all methods you call on its object 5 | # raises a PluginError with a message containing the name of the called method. 6 | # Eg. if you call "ErrorMsgPlugin().some_method()" it will raise 7 | # "Something wrong in some_method" 8 | class ErrorMsgPlugin(sudo.Plugin): 9 | def __getattr__(self, name): 10 | def raiser_func(*args): 11 | raise sudo.PluginError("Something wrong in " + name) 12 | 13 | return raiser_func 14 | 15 | 16 | class ConstructErrorPlugin(sudo.Plugin): 17 | def __init__(self, **kwargs): 18 | raise sudo.PluginError("Something wrong in plugin constructor") 19 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_audit_plugin_receives_accept.stdout: -------------------------------------------------------------------------------- 1 | (AUDIT) -- Started by user testuser1 (123) -- 2 | (AUDIT) Requested command: id --help 3 | (AUDIT) Accepted command: /sbin/id --help 4 | (AUDIT) By the plugin: accepter plugin name (type=POLICY) 5 | (AUDIT) Environment: KEY1=VALUE1 KEY2=VALUE2 6 | (AUDIT) Command returned with exit code 2 7 | (AUDIT) -- Finished -- 8 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_audit_plugin_receives_error.stdout: -------------------------------------------------------------------------------- 1 | (AUDIT) -- Started by user ??? (???) -- 2 | (AUDIT) Requested command: id 3 | (AUDIT) Plugin errorer plugin name (type=AUDIT) got an error: Some error has happened 4 | (AUDIT) Sudo has run into an error: 222 5 | (AUDIT) -- Finished -- 6 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_audit_plugin_receives_reject.stdout: -------------------------------------------------------------------------------- 1 | (AUDIT) -- Started by user root (0) -- 2 | (AUDIT) Requested command: passwd 3 | (AUDIT) Rejected by plugin rejecter plugin name (type=IO): Rejected just because! 4 | (AUDIT) The command was not executed 5 | (AUDIT) -- Finished -- 6 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_audit_plugin_version_display.stdout: -------------------------------------------------------------------------------- 1 | (AUDIT) -- Started by user root (0) -- 2 | Python Example Audit Plugin 3 | Python audit plugin (API 1.0): SudoAuditPlugin (loaded from 'SRC_DIR/example_audit_plugin.py') 4 | Python Example Audit Plugin (version=1.0) 5 | (AUDIT) Sudo has run into an error: 222 6 | (AUDIT) -- Finished -- 7 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stderr: -------------------------------------------------------------------------------- 1 | sudo: loading more than 8 sudo python audit plugins is not supported 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_audit_plugin_workflow_multiple.stdout: -------------------------------------------------------------------------------- 1 | (AUDIT1) -- Started by user default (1000) -- 2 | (AUDIT1) Requested command: id --help 3 | (AUDIT2) -- Started by user default (1000) -- 4 | (AUDIT2) Requested command: id --help 5 | (AUDIT1) Accepted command: /sbin/id --help 6 | (AUDIT1) By the plugin: accepter plugin name (type=POLICY) 7 | (AUDIT1) Environment: KEY1=VALUE1 KEY2=VALUE2 8 | (AUDIT2) Accepted command: /sbin/id --help 9 | (AUDIT2) By the plugin: accepter plugin name (type=POLICY) 10 | (AUDIT2) Environment: KEY1=VALUE1 KEY2=VALUE2 11 | (AUDIT1) Command exited due to signal 11 12 | (AUDIT1) -- Finished -- 13 | (AUDIT2) Command exited due to signal 11 14 | (AUDIT2) -- Finished -- 15 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.conversation: -------------------------------------------------------------------------------- 1 | Question count: 2 2 | Question 0: <> (timeout: 120, msg_type=2) 3 | Question 1: <> (timeout: 120, msg_type=5) 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stdout: -------------------------------------------------------------------------------- 1 | Please provide your reason for executing ('/bin/whoami',) 2 | conversation suspend: signal SIGTSTP 3 | conversation resume: signal was SIGCONT 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_with_suspend.stored: -------------------------------------------------------------------------------- 1 | Executed /bin/whoami 2 | Reason: my fake reason 3 | Hidden reason: my real secret reason 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.conversation: -------------------------------------------------------------------------------- 1 | Question count: 2 2 | Question 0: <> (timeout: 120, msg_type=2) 3 | Question 1: <> (timeout: 120, msg_type=5) 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stdout: -------------------------------------------------------------------------------- 1 | Please provide your reason for executing ('/bin/whoami',) 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_reason_log_without_suspend.stored: -------------------------------------------------------------------------------- 1 | Executed /bin/whoami 2 | Reason: my fake reason 3 | Hidden reason: my real secret reason 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conv: -------------------------------------------------------------------------------- 1 | Question count: 2 2 | Question 0: <> (timeout: 120, msg_type=2) 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.conversation: -------------------------------------------------------------------------------- 1 | Question count: 2 2 | Question 0: <> (timeout: 120, msg_type=2) 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stderr: -------------------------------------------------------------------------------- 1 | You did not answer in time 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_conversation_plugin_user_interrupts.stdout: -------------------------------------------------------------------------------- 1 | Please provide your reason for executing ('/bin/whoami',) 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_c_calls@diag.log: -------------------------------------------------------------------------------- 1 | sudo.debug was called with arguments: (DEBUG.ERROR, 'My demo purpose plugin shows this ERROR level debug message') 2 | sudo.debug was called with arguments: (DEBUG.INFO, 'My demo purpose plugin shows this INFO level debug message') 3 | LogHandler.emit was called 4 | LogHandler.emit was called 5 | sudo.options_as_dict was called with arguments: (('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin'),) 6 | sudo.options_as_dict returned result: [('ClassName', 'DebugDemoPlugin'), ('ModulePath', 'SRC_DIR/example_debugging.py')] 7 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_c_calls@info.log: -------------------------------------------------------------------------------- 1 | __init__ @ SRC_DIR/example_debugging.py:58 calls C function: 2 | sudo.debug was called with arguments: (DEBUG.ERROR, 'My demo purpose plugin shows this ERROR level debug message') 3 | __init__ @ SRC_DIR/example_debugging.py:63 calls C function: 4 | sudo.debug was called with arguments: (DEBUG.INFO, 'My demo purpose plugin shows this INFO level debug message') 5 | handle @ logging/__init__.py calls C function: 6 | LogHandler.emit was called 7 | handle @ logging/__init__.py calls C function: 8 | LogHandler.emit was called 9 | __init__ @ SRC_DIR/example_debugging.py:85 calls C function: 10 | sudo.options_as_dict was called with arguments: (('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin'),) 11 | sudo.options_as_dict returned result: [('ClassName', 'DebugDemoPlugin'), ('ModulePath', 'SRC_DIR/example_debugging.py')] 12 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_load@diag.log: -------------------------------------------------------------------------------- 1 | importing module: SRC_DIR/example_debugging.py 2 | Extending python 'path' with 'SRC_DIR' 3 | Deinit was called for a python plugin 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_plugin@err.log: -------------------------------------------------------------------------------- 1 | My demo purpose plugin shows this ERROR level debug message 2 | Python log system shows this ERROR level debug message 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_plugin@info.log: -------------------------------------------------------------------------------- 1 | __init__ @ SRC_DIR/example_debugging.py:58 debugs: 2 | My demo purpose plugin shows this ERROR level debug message 3 | __init__ @ SRC_DIR/example_debugging.py:63 debugs: 4 | My demo purpose plugin shows this INFO level debug message 5 | handle @ logging/__init__.py debugs: 6 | Python log system shows this ERROR level debug message 7 | handle @ logging/__init__.py debugs: 8 | Python log system shows this INFO level debug message 9 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_py_calls@diag.log: -------------------------------------------------------------------------------- 1 | DebugDemoPlugin.__init__ was called with arguments: () [('plugin_options', ('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin')), ('settings', ('debug_flags=/tmp/sudo_check_python_exampleXXXXXX/debug.log py_calls@diag', 'plugin_path=python_plugin.so')), ('user_env', ()), ('user_info', ()), ('version', '1.0')] 2 | DebugDemoPlugin.__init__ returned result: 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_py_calls@info.log: -------------------------------------------------------------------------------- 1 | DebugDemoPlugin.__init__ was called with arguments: () [('plugin_options', ('ModulePath=SRC_DIR/example_debugging.py', 'ClassName=DebugDemoPlugin')), ('settings', ('debug_flags=/tmp/sudo_check_python_exampleXXXXXX/debug.log py_calls@info', 'plugin_path=python_plugin.so')), ('user_env', ()), ('user_info', ()), ('version', '1.0')] 2 | DebugDemoPlugin.__init__ returned result: 3 | DebugDemoPlugin function 'log_ttyin' is not implemented 4 | DebugDemoPlugin function 'log_ttyout' is not implemented 5 | DebugDemoPlugin function 'log_stdin' is not implemented 6 | DebugDemoPlugin function 'log_stdout' is not implemented 7 | DebugDemoPlugin function 'log_stderr' is not implemented 8 | DebugDemoPlugin function 'change_winsize' is not implemented 9 | DebugDemoPlugin function 'log_suspend' is not implemented 10 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_debugging_sudo_cb@info.log: -------------------------------------------------------------------------------- 1 | Skipping close call, because there was no command run 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_group_plugin_is_able_to_debug.log: -------------------------------------------------------------------------------- 1 | SudoGroupPlugin.__init__ was called with arguments: () [('args', ('ModulePath=SRC_DIR/example_group_plugin.py', 'ClassName=SudoGroupPlugin')), ('version', '1.0')] 2 | SudoGroupPlugin.__init__ returned result: 3 | SudoGroupPlugin.query was called with arguments: ('user', 'group', ('pw_name', 'pw_passwd', 1001, 101, 'pw_gecos', 'pw_dir', 'pw_shell')) 4 | SudoGroupPlugin.query returned result: 0 5 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_io_plugin_command_log.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log.stdout: -------------------------------------------------------------------------------- 1 | Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log.stored: -------------------------------------------------------------------------------- 1 | -- Plugin STARTED -- 2 | EXEC id --help 3 | EXEC info [ 4 | "command=/bin/id", 5 | "runas_uid=0" 6 | ] 7 | STD IN some standard input 8 | STD OUT some standard output 9 | STD ERR some standard error 10 | SUSPEND SIGTSTP 11 | SUSPEND SIGCONT 12 | WINSIZE 200x100 13 | TTY IN some tty input 14 | TTY OUT some tty output 15 | CLOSE Command returned 1 16 | -- Plugin DESTROYED -- 17 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stderr: -------------------------------------------------------------------------------- 1 | sudo: loading more than 8 sudo python IO plugins is not supported 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple.stdout: -------------------------------------------------------------------------------- 1 | Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log 2 | Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX2/sudo.log 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple1.stored: -------------------------------------------------------------------------------- 1 | -- Plugin STARTED -- 2 | EXEC id --help 3 | EXEC info [ 4 | "command=/bin/id", 5 | "runas_uid=0" 6 | ] 7 | STD IN stdin for plugin 1 8 | STD OUT stdout for plugin 1 9 | STD ERR stderr for plugin 1 10 | SUSPEND SIGTSTP 11 | SUSPEND SIGCONT 12 | WINSIZE 20x10 13 | TTY IN tty input for plugin 1 14 | TTY OUT tty output for plugin 1 15 | CLOSE Command returned 1 16 | -- Plugin DESTROYED -- 17 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_command_log_multiple2.stored: -------------------------------------------------------------------------------- 1 | -- Plugin STARTED -- 2 | EXEC whoami 3 | EXEC info [ 4 | "command=/bin/whoami", 5 | "runas_uid=1" 6 | ] 7 | STD IN stdin for plugin 2 8 | STD OUT stdout for plugin 2 9 | STD ERR stderr for plugin 2 10 | SUSPEND SIGSTOP 11 | SUSPEND SIGCONT 12 | WINSIZE 30x40 13 | TTY IN tty input for plugin 2 14 | TTY OUT tty output for plugin 2 15 | CLOSE Command returned 2 16 | -- Plugin DESTROYED -- 17 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stdout: -------------------------------------------------------------------------------- 1 | Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_failed_to_start_command.stored: -------------------------------------------------------------------------------- 1 | -- Plugin STARTED -- 2 | EXEC cmd 3 | EXEC info [ 4 | "command=/usr/share/cmd", 5 | "runas_uid=0" 6 | ] 7 | CLOSE Failed to execute, execve returned 1 (EPERM) 8 | -- Plugin DESTROYED -- 9 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stderr: -------------------------------------------------------------------------------- 1 | Failed to construct plugin instance: [Errno 2] No such file or directory: '/some/not/writable/directory/sudo.log' 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_fails_with_python_backtrace.stdout: -------------------------------------------------------------------------------- 1 | Example sudo python plugin will log to /some/not/writable/directory/sudo.log 2 | Traceback: 3 | File "SRC_DIR/example_io_plugin.py", line 64, in __init__ 4 | self._open_log_file(path.join(log_path, "sudo.log")) 5 | File "SRC_DIR/example_io_plugin.py", line 134, in _open_log_file 6 | self._log_file = open(log_path, "a") 7 | 8 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_version_display.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_io_plugin_version_display.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_version_display.stdout: -------------------------------------------------------------------------------- 1 | Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log 2 | Python Example IO Plugin version: 1.0 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_version_display.stored: -------------------------------------------------------------------------------- 1 | -- Plugin STARTED -- 2 | -- Plugin DESTROYED -- 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_io_plugin_version_display_full.stdout: -------------------------------------------------------------------------------- 1 | Example sudo python plugin will log to /tmp/sudo_check_python_exampleXXXXXX/sudo.log 2 | Python io plugin (API 1.0): SudoIOPlugin (loaded from 'SRC_DIR/example_io_plugin.py') 3 | Python Example IO Plugin version: 1.0 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_accepted_execution.stdout: -------------------------------------------------------------------------------- 1 | The command returned with exit_status 3 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stderr: -------------------------------------------------------------------------------- 1 | You are not allowed to run this command! 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_policy_plugin_denied_execution.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stderr: -------------------------------------------------------------------------------- 1 | Failed to execute command, execve syscall returned 2 (ENOENT) 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_policy_plugin_failed_execution.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_list.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_policy_plugin_list.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_validate_invalidate.log: -------------------------------------------------------------------------------- 1 | SudoPolicyPlugin.__init__ was called with arguments: () [('plugin_options', ('ModulePath=SRC_DIR/example_policy_plugin.py', 'ClassName=SudoPolicyPlugin')), ('settings', ()), ('user_env', ()), ('user_info', ()), ('version', '1.0')] 2 | SudoPolicyPlugin.__init__ returned result: 3 | SudoPolicyPlugin.validate was called with arguments: () 4 | SudoPolicyPlugin.validate returned result: None 5 | SudoPolicyPlugin.invalidate was called with arguments: (1,) 6 | SudoPolicyPlugin.invalidate returned result: None 7 | SudoPolicyPlugin.invalidate was called with arguments: (0,) 8 | SudoPolicyPlugin.invalidate returned result: None 9 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_version_display.stderr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_example_policy_plugin_version_display.stderr -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_version_display.stdout: -------------------------------------------------------------------------------- 1 | Python Example Policy Plugin version: 1.0 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_example_policy_plugin_version_display_full.stdout: -------------------------------------------------------------------------------- 1 | Python policy plugin (API 1.0): SudoPolicyPlugin (loaded from 'SRC_DIR/example_policy_plugin.py') 2 | Python Example Policy Plugin version: 1.0 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_missing_classname.stderr: -------------------------------------------------------------------------------- 1 | No plugin class is specified for python module 'SRC_DIR/regress/plugin_errorstr.py'. Use 'ClassName' configuration option in 'sudo.conf' 2 | Possible plugins: ConstructErrorPlugin, ErrorMsgPlugin 3 | Failed during loading plugin class 4 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_missing_classname.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_loading_fails_missing_classname.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_missing_path.stderr: -------------------------------------------------------------------------------- 1 | No python module path is specified. Use 'ModulePath' plugin config option in 'sudo.conf' 2 | Failed during loading plugin class 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_missing_path.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_loading_fails_missing_path.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stderr: -------------------------------------------------------------------------------- 1 | Failed during loading plugin class: File 'SRC_DIR/example_debugging.py' must be owned by uid 0 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_loading_fails_not_owned_by_root.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_wrong_classname.stderr: -------------------------------------------------------------------------------- 1 | Failed to find plugin class 'MispelledPluginName' 2 | Failed during loading plugin class 3 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_wrong_classname.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_loading_fails_wrong_classname.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_wrong_path.stderr: -------------------------------------------------------------------------------- 1 | Failed during loading plugin class: No module named 'wrong_path' 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_fails_wrong_path.stdout: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/python/regress/testdata/check_loading_fails_wrong_path.stdout -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_loading_succeeds_with_missing_classname.stdout: -------------------------------------------------------------------------------- 1 | Python io plugin (API 1.0): DebugDemoPlugin (loaded from 'SRC_DIR/example_debugging.py') 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_multiple_approval_plugin_and_arguments.stderr: -------------------------------------------------------------------------------- 1 | sudo: loading more than 8 sudo python approval plugins is not supported 2 | -------------------------------------------------------------------------------- /plugins/python/regress/testdata/check_python_plugins_do_not_affect_each_other.stdout: -------------------------------------------------------------------------------- 1 | PATH before: [] (should be empty) 2 | PATH set: ['path_for_first_plugin'] 3 | PATH before: [] (should be empty) 4 | PATH set: ['path_for_second_plugin'] 5 | -------------------------------------------------------------------------------- /plugins/sample/sample_plugin.exp: -------------------------------------------------------------------------------- 1 | sample_policy 2 | sample_io 3 | -------------------------------------------------------------------------------- /plugins/sample_approval/sample_approval.exp: -------------------------------------------------------------------------------- 1 | sample_approval 2 | -------------------------------------------------------------------------------- /plugins/sudoers/po/README: -------------------------------------------------------------------------------- 1 | NLS Translations for sudo are coordinated through the Translation 2 | Project, at https://translationproject.org/ 3 | 4 | If you would like to contribute a translation for sudo, please join 5 | a translation team at the Translation Project instead of contributing 6 | a po file directly. This will avoid duplicated work if there is 7 | already a translation in progress. If you would like to become a 8 | member of a translation team, please follow the instructions at 9 | https://translationproject.org/html/translators.html 10 | 11 | The messages in sudo are split into two domains: sudo and sudoers. 12 | The former is used by the sudo front-end and utility functions. 13 | The latter is used by the sudoers policy and I/O logging plug-ins 14 | as well as the sudoers-specific commands visudo and sudoreplay. 15 | -------------------------------------------------------------------------------- /plugins/sudoers/po/ast.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ast.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/ca.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ca.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/cs.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/cs.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/da.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/da.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/de.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/de.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/el.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/el.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/eo.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/eo.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/es.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/es.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/eu.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/eu.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/fi.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/fi.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/fr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/fr.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/fur.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/fur.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/hr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/hr.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/hu.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/hu.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/id.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/id.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/it.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/it.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/ja.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ja.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/ka.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ka.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/ko.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ko.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/lt.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/lt.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/nb.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/nb.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/nl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/nl.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/pl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/pl.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/pt.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/pt.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/pt_BR.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/pt_BR.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/ro.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ro.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/ru.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/ru.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/sk.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/sk.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/sl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/sl.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/sr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/sr.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/sv.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/sv.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/tr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/tr.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/uk.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/uk.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/vi.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/vi.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/zh_CN.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/zh_CN.mo -------------------------------------------------------------------------------- /plugins/sudoers/po/zh_TW.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/po/zh_TW.mo -------------------------------------------------------------------------------- /plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif: -------------------------------------------------------------------------------- 1 | # Exercise the fix for https://github.com/sudo-project/sudo/pull/169 2 | # 3 | # If the last byte of the input file was a backslash, the parser would 4 | # read past the end of the buffer. 5 | # 6 | dn: cn= Manager\ -------------------------------------------------------------------------------- /plugins/sudoers/regress/corpus/seed/policy/policy.1: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/corpus/seed/policy/policy.2: -------------------------------------------------------------------------------- 1 | # Minimal test case 2 | user=root 3 | uid=0 4 | gid=0 5 | host=localhost 6 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/corpus/seed/policy/policy.4: -------------------------------------------------------------------------------- 1 | # sudo -u nobody /usr/bin/id 2 | 3 | plugin_path=/usr/libexec/sudo/sudoers.so 4 | runas_user=nobody 5 | progname=sudo 6 | network_addrs=127.0.0.1/255.255.255.0 7 | plugin_dir=/usr/libexec/sudo/ 8 | 9 | user=millert 10 | pid=1234 11 | ppid=1230 12 | pgid=1234 13 | tcpgid=1234 14 | sid=1230 15 | uid=1000 16 | euid=0 17 | gid=1000 18 | egid=1000 19 | groups=20,0,1000 20 | umask=022 21 | cwd=/home/millert 22 | tty=/dev/pts/1 23 | host=sudo.ws 24 | lines=24 25 | cols=80 26 | rlimit_core=infinity,infinity 27 | rlimit_cpu=infinity,infinity 28 | rlimit_data=1610612736,34359738368 29 | rlimit_fsize=infinity,infinity 30 | rlimit_memlock=2727370752,8182112256 31 | rlimit_nofile=256,1024 32 | rlimit_nproc=256,512 33 | rlimit_rss=8175603712,8182112256 34 | rlimit_stack=4194304,33554432 35 | 36 | argv=/usr/bin/id 37 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/corpus/seed/policy/policy.5: -------------------------------------------------------------------------------- 1 | # sudoedit /etc/hosts 2 | 3 | plugin_path=/usr/libexec/sudo/sudoers.so 4 | progname=sudoedit 5 | network_addrs=127.0.0.1/255.255.255.0 6 | plugin_dir=/usr/libexec/sudo/ 7 | 8 | user=millert 9 | pid=1234 10 | ppid=1230 11 | pgid=1234 12 | tcpgid=1234 13 | sid=1230 14 | uid=1000 15 | euid=0 16 | gid=1000 17 | egid=1000 18 | groups=20,0,1000 19 | umask=022 20 | cwd=/home/millert 21 | tty=/dev/pts/1 22 | host=sudo.ws 23 | lines=24 24 | cols=80 25 | rlimit_core=infinity,infinity 26 | rlimit_cpu=infinity,infinity 27 | rlimit_data=1610612736,34359738368 28 | rlimit_fsize=infinity,infinity 29 | rlimit_memlock=2727370752,8182112256 30 | rlimit_nofile=256,1024 31 | rlimit_nproc=256,512 32 | rlimit_rss=8175603712,8182112256 33 | rlimit_stack=4194304,33554432 34 | 35 | argv=sudoedit 36 | argv=/etc/hosts 37 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/sudoers.defs: -------------------------------------------------------------------------------- 1 | Defaults syslog=auth 2 | Defaults>ROOT !set_logname 3 | Defaults:FULLTIMERS !lecture 4 | Defaults:millert !authenticate 5 | Defaults@SERVERS log_year, logfile=/var/log/sudo.log 6 | Defaults!PAGERS noexec 7 | 8 | User_Alias FULLTIMERS = millert, mikef, dowdy 9 | User_Alias PARTTIMERS = bostley, jwfox, crawl 10 | 11 | Host_Alias SERVERS = primary, mail, www, ns 12 | Host_Alias CDROM = orion, perseus, hercules 13 | 14 | Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \ 15 | /usr/bin/chfn 16 | Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less 17 | 18 | Runas_Alias ROOT = root, toor 19 | Runas_Alias OPERATOR = operator, backup 20 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test1.out.ok: -------------------------------------------------------------------------------- 1 | Defaults syslog=auth 2 | Defaults>root !set_logname 3 | Defaults:FULLTIMERS !lecture 4 | Defaults:millert !authenticate 5 | Defaults!PAGERS noexec 6 | 7 | Host_Alias CDROM = orion, perseus, hercules 8 | User_Alias FULLTIMERS = millert, mikef, dowdy 9 | Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less 10 | 11 | FULLTIMERS ALL = NOPASSWD: ALL 12 | 13 | ALL CDROM = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o nosuid\,nodev\ 14 | /dev/cd0a /CDROM 15 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test user and host filters 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -m user=millert,host=hercules $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test10.out.ok: -------------------------------------------------------------------------------- 1 | Defaults!PAGERS noexec 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test10.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test command defaults filtering 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -s aliases,privileges -d command $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test11.out.ok: -------------------------------------------------------------------------------- 1 | Defaults!PAGERS noexec 2 | 3 | Host_Alias CDROM = orion, perseus, hercules 4 | Runas_Alias OPERATOR = operator, backup 5 | Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less 6 | User_Alias PARTTIMERS = bostley, jwfox, crawl 7 | Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test11.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test that Aliases are removed when filtering by defaults type 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -d command $TESTDIR/sudoers.defs 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test12.out.ok: -------------------------------------------------------------------------------- 1 | Defaults:FULLTIMERS !lecture 2 | Defaults:millert !authenticate 3 | 4 | Host_Alias CDROM = orion, perseus, hercules 5 | User_Alias FULLTIMERS = millert, mikef, dowdy 6 | Runas_Alias OPERATOR = operator, backup 7 | User_Alias PARTTIMERS = bostley, jwfox, crawl 8 | Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test12.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test that Aliases are removed when filtering by defaults type 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -d user $TESTDIR/sudoers.defs 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test13.out.ok: -------------------------------------------------------------------------------- 1 | Defaults@SERVERS log_year, logfile=/var/log/sudo.log 2 | 3 | Host_Alias CDROM = orion, perseus, hercules 4 | Runas_Alias OPERATOR = operator, backup 5 | User_Alias PARTTIMERS = bostley, jwfox, crawl 6 | Host_Alias SERVERS = primary, mail, www, ns 7 | Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test13.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test that Aliases are removed when filtering by defaults type 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -d host $TESTDIR/sudoers.defs 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test14.out.ok: -------------------------------------------------------------------------------- 1 | Defaults>ROOT !set_logname 2 | 3 | Host_Alias CDROM = orion, perseus, hercules 4 | Runas_Alias OPERATOR = operator, backup 5 | User_Alias PARTTIMERS = bostley, jwfox, crawl 6 | Runas_Alias ROOT = root, toor 7 | Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, /usr/bin/chfn 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test14.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test that Aliases are removed when filtering by defaults type 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -d runas $TESTDIR/sudoers.defs 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test15.out.ok: -------------------------------------------------------------------------------- 1 | user1 host1, host2, host3 = ALL 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test15.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test filters and pruning 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -p -m user=user1 <root !set_logname 3 | Defaults:FULLTIMERS !lecture 4 | Defaults@SERVERS log_year, logfile=/var/log/sudo.log 5 | Defaults!PAGERS noexec 6 | 7 | User_Alias FULLTIMERS = millert, mikef, dowdy 8 | Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less 9 | Host_Alias SERVERS = primary, mail, www, ns 10 | 11 | FULLTIMERS ALL = NOPASSWD: ALL 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test19.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test filters and pruning; alias contents don't get pruned 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -p -m user=FULLTIMERS,host=SERVERS $TESTDIR/sudoers 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test2.out.ok: -------------------------------------------------------------------------------- 1 | Defaults syslog=auth 2 | Defaults>root !set_logname 3 | Defaults:millert, mikef, dowdy !lecture 4 | Defaults:millert !authenticate 5 | Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec 6 | 7 | millert, mikef, dowdy ALL = NOPASSWD: ALL 8 | 9 | ALL orion, perseus, hercules = NOPASSWD: /sbin/umount /CDROM, /sbin/mount -o\ 10 | nosuid\,nodev /dev/cd0a /CDROM 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test user and host filters, expanding aliases 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -e -m user=millert,host=hercules $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test20.conf: -------------------------------------------------------------------------------- 1 | defaults = global 2 | expand_aliases = yes 3 | input_format = sudoers 4 | match = user=user2 5 | output_format = sudoers 6 | prune_matches = yes 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test20.out.ok: -------------------------------------------------------------------------------- 1 | user2 ALL = /usr/bin/id 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test20.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test cvtsudoers.conf 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c $TESTDIR/test20.conf < LDIF -> sudoers 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -b "ou=SUDOers,dc=sudo,dc=ws" $TESTDIR/test23.out.ok | \ 9 | $CVTSUDOERS -c "" -i LDIF -f sudoers | grep -v '^#' 10 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test24.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test round-tripping of LDIF -> sudoers -> LDIF 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -i LDIF -f sudoers $TESTDIR/test24.out.ok | \ 9 | $CVTSUDOERS -c "" -b "ou=SUDOers,dc=sudo,dc=ws" 10 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test25.out.ok: -------------------------------------------------------------------------------- 1 | dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: defaults 5 | description: Default sudoOption's go here 6 | sudoOption: log_output 7 | 8 | dn: cn=root,ou=SUDOers,dc=sudo,dc=ws 9 | objectClass: top 10 | objectClass: sudoRole 11 | cn: root 12 | sudoUser: root 13 | sudoHost: ALL 14 | sudoRunAsUser: ALL 15 | sudoRunAsGroup: ALL 16 | sudoOption: !authenticate 17 | sudoCommand: ALL 18 | sudoOrder: 10 19 | 20 | dn: cn=%wheel,ou=SUDOers,dc=sudo,dc=ws 21 | objectClass: top 22 | objectClass: sudoRole 23 | cn: %wheel 24 | sudoUser: %wheel 25 | sudoHost: +sudo-hosts 26 | sudoRunAsUser: ALL 27 | sudoRunAsGroup: ALL 28 | sudoOption: !authenticate 29 | sudoCommand: ALL 30 | sudoOrder: 20 31 | 32 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test26.err.ok: -------------------------------------------------------------------------------- 1 | cvtsudoers: invalid LDIF attribute: sudoOption:: bG9nX29@1dHB1dA== 2 | cvtsudoers: invalid LDIF attribute: dn:: Y249cm9vdCxvdT1TVURPZXJzLGRjPXN1ZG8sZGM9_d3M= 3 | cvtsudoers: invalid LDIF attribute: dn:: Y249JXdoZWVsLG91PVNVRE9lcnMsZGM9c3VkbyxkYz13cw!== 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test26.out.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/cvtsudoers/test26.out.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test27.out.ok: -------------------------------------------------------------------------------- 1 | dn:: Y249ZGVmYXVsdHMsb3U9U1VET2Vyc8KpLGRjPXN1ZG8sZGM9d3M= 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: defaults 5 | description: Default sudoOption's go here 6 | sudoOption:: YmFkcGFzc19tZXNzYWdlPUJhZCBwYXNzd29yZMKh 7 | 8 | dn:: Y249cm9vdCxvdT1TVURPZXJzwqksZGM9c3VkbyxkYz13cw== 9 | objectClass: top 10 | objectClass: sudoRole 11 | cn: root 12 | sudoUser: root 13 | sudoHost: ALL 14 | sudoCommand: ALL 15 | sudoOrder: 1 16 | 17 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test27.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test base64 encoding of non-safe strings 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -b "ou=SUDOers©,dc=sudo,dc=ws" <root !set_logname 3 | Defaults!PAGERS noexec 4 | 5 | Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less 6 | 7 | %wheel ALL = (ALL) ALL 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test3.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test group and host filters 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -m group=wheel,host=blackhole $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test30.out.ok: -------------------------------------------------------------------------------- 1 | { 2 | "User_Specs": [ 3 | { 4 | "User_List": [ 5 | { "username": "user1" }, 6 | { "username": "user2" }, 7 | { "username": "user3" } 8 | ], 9 | "Host_List": [ 10 | { "hostname": "ALL" } 11 | ], 12 | "Cmnd_Specs": [ 13 | { 14 | "Commands": [ 15 | { "command": "/path/to/cmda" }, 16 | { 17 | "command": "/path/to/cmdb", 18 | "negated": true 19 | }, 20 | { "command": "/path/to/cmdc" } 21 | ] 22 | } 23 | ] 24 | } 25 | ] 26 | } 27 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test30.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test alias expansion when converting to JSON. 4 | # See https://bugzilla.sudo.ws/show_bug.cgi?id=853 5 | # 6 | 7 | : ${CVTSUDOERS=cvtsudoers} 8 | 9 | $CVTSUDOERS -c "" -e -f json <root !set_logname 3 | Defaults!/usr/bin/more, /usr/bin/pg, /usr/bin/less noexec 4 | 5 | %wheel ALL = (ALL) ALL 6 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test group and host filters, expanding aliases 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -e -m group=wheel,host=blackhole $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test40.out.ok: -------------------------------------------------------------------------------- 1 | dn: cn=user0,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: user0 5 | sudoUser: user0 6 | sudoHost: A00 7 | sudoRunAsUser: 0 8 | sudoCommand: /bin/ls 9 | sudoOrder: 1 10 | 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test40.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test use-after-free in cvtsudoers when filtering by command. 4 | # 5 | # If compiled with address sanitizer, cvtsudoers will crash without the 6 | # fix in 9da99e0e671e. 7 | # 8 | 9 | : ${CVTSUDOERS=cvtsudoers} 10 | 11 | $CVTSUDOERS -c "" -i ldif -b "ou=SUDOers,dc=sudo,dc=ws" -m cmd='/bin/ls' -p <root !set_logname 3 | Defaults:FULLTIMERS !lecture 4 | Defaults:millert !authenticate 5 | Defaults@SERVERS log_year, logfile=/var/log/sudo.log 6 | Defaults!PAGERS noexec 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test5.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test defaults type filtering 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -s aliases,privileges -d all $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test6.out.ok: -------------------------------------------------------------------------------- 1 | Defaults syslog=auth 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test6.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test global defaults filtering 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -s aliases,privileges -d global $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test7.out.ok: -------------------------------------------------------------------------------- 1 | Defaults:FULLTIMERS !lecture 2 | Defaults:millert !authenticate 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test7.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test user defaults filtering 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -s aliases,privileges -d user $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test8.out.ok: -------------------------------------------------------------------------------- 1 | Defaults>root !set_logname 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test8.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test runas defaults filtering 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -s aliases,privileges -d runas $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test9.out.ok: -------------------------------------------------------------------------------- 1 | Defaults@SERVERS log_year, logfile=/var/log/sudo.log 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/cvtsudoers/test9.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test host defaults filtering 4 | # 5 | 6 | : ${CVTSUDOERS=cvtsudoers} 7 | 8 | $CVTSUDOERS -c "" -f sudoers -s aliases,privileges -d host $TESTDIR/sudoers 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict: -------------------------------------------------------------------------------- 1 | # Sudoers LDIF attributes 2 | 3 | "description" 4 | "objectClass" 5 | "organizationalRole" 6 | "sudoCommand" 7 | "sudoHost" 8 | "sudoOption" 9 | "sudoOption" 10 | "sudoOrder" 11 | "sudoRunAs" 12 | "sudoRunAsGroup" 13 | "sudoRunAsUser" 14 | "sudoUser" 15 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/parser/check_addr.in: -------------------------------------------------------------------------------- 1 | # 2 | interfaces: 10.5.54.73/255.255.240.0 3 | address: 10.5.48.0 1 4 | address: 10.5.54.0/20 1 5 | # 6 | interfaces: 128.138.243.151/255.255.255.0 128.138.241.53/255.255.255.0 7 | address: 128.138.243.0 1 8 | address: 128.138.243.0/24 1 9 | address: 128.138.241.0 1 10 | address: 128.138.241.0/24 1 11 | address: 128.138.242.0/24 0 12 | address: 128.138.0.0 0 13 | address: 128.138.0.0/16 1 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test1.in: -------------------------------------------------------------------------------- 1 | # 2 | # Verify that all command tags are parsed OK. 3 | # See https://bugzilla.sudo.ws/show_bug.cgi?id=437 4 | # 5 | user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su -:\ 6 | ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id 7 | user2 ALL = NOPASSWD: NOEXEC: SETENV: /usr/bin/vi:\ 8 | ALL = PASSWD: EXEC: NOSETENV: /usr/bin/echo 9 | user3 ALL = MAIL: /bin/sh:\ 10 | ALL = NOMAIL: /usr/bin/id 11 | user4 ALL = FOLLOW: sudoedit /etc/motd:\ 12 | ALL = NOFOLLOW: sudoedit /home/*/* 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user1, user1_1 2 | user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su -, NOLOG_INPUT: NOLOG_OUTPUT:\ 3 | /usr/bin/id 4 | 5 | # sudoRole user2, user2_1 6 | user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi, NOSETENV: EXEC: PASSWD:\ 7 | /usr/bin/echo 8 | 9 | # sudoRole user3, user3_1 10 | user3 ALL = MAIL: /bin/sh, NOMAIL: /usr/bin/id 11 | 12 | # sudoRole user4, user4_1 13 | user4 ALL = FOLLOW: sudoedit /etc/motd, NOFOLLOW: sudoedit /home/*/* 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test1.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | user1 ALL = LOG_INPUT: LOG_OUTPUT: /usr/bin/su - : ALL = NOLOG_INPUT: NOLOG_OUTPUT: /usr/bin/id 4 | user2 ALL = SETENV: NOEXEC: NOPASSWD: /usr/bin/vi : ALL = NOSETENV: EXEC: PASSWD: /usr/bin/echo 5 | user3 ALL = MAIL: /bin/sh : ALL = NOMAIL: /usr/bin/id 6 | user4 ALL = FOLLOW: sudoedit /etc/motd : ALL = NOFOLLOW: sudoedit /home/*/* 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test1.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # 4 | # 5 | WORD(6) ALL = LOG_INPUT LOG_OUTPUT COMMAND ARG : ALL = NOLOG_INPUT NOLOG_OUTPUT COMMAND 6 | WORD(6) ALL = NOPASSWD NOEXEC SETENV COMMAND : ALL = PASSWD EXEC NOSETENV COMMAND 7 | WORD(6) ALL = MAIL COMMAND : ALL = NOMAIL COMMAND 8 | WORD(6) ALL = FOLLOW COMMAND ARG : ALL = NOFOLLOW COMMAND ARG 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test10.in: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test10.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test10.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test10.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test10.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test10.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test10.toke.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test11.in: -------------------------------------------------------------------------------- 1 | bogus 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test11.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test11.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test11.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test11.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test11.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test11.toke.ok: -------------------------------------------------------------------------------- 1 | WORD(6) 2 | <*> -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test12.in: -------------------------------------------------------------------------------- 1 | user ALL = (ALL) 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test12.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test12.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test12.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test12.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test12.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test12.toke.ok: -------------------------------------------------------------------------------- 1 | WORD(6) ALL = ( ALL ) 2 | <*> -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test13.in: -------------------------------------------------------------------------------- 1 | user ALL = (ALL) -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test13.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test13.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test13.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test13.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test13.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test13.toke.ok: -------------------------------------------------------------------------------- 1 | WORD(6) ALL = ( ALL ) 2 | <*> -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test14.in: -------------------------------------------------------------------------------- 1 | Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls 2 | Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh 3 | 4 | millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill 5 | 6 | operator ALL = sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole millert 2 | millert ALL = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1,\ 3 | sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls,\ 4 | sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=,\ 5 | sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh,\ 6 | sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw\ 7 | /bin/kill 8 | 9 | # sudoRole operator 10 | operator ALL =\ 11 | sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu,\ 12 | sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test14.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1, sha224:d7910e1967342b4605cb73a550944044c631cd3514001900966962ac /bin/ls 4 | Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM=, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= /bin/sh 5 | 6 | millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill 7 | operator ALL = sha384:knMlCLkJ71K6uRrKo5C1CAvZ5kq+mRpjKDD/RofGosFjiGcYhiYYZORVyiRHgBnu, sha256:1IXHRCxXgSnIEnb+xBz4PAfWaPdXIBWKFF0QCwxJ5G4= ALL 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test14.toke.ok: -------------------------------------------------------------------------------- 1 | CMNDALIAS ALIAS = SHA224_TOK : DIGEST , SHA224_TOK : DIGEST COMMAND 2 | CMNDALIAS ALIAS = SHA256_TOK : DIGEST , SHA256_TOK : DIGEST COMMAND 3 | 4 | WORD(6) ALL = ALIAS , ALIAS , SHA512_TOK : DIGEST COMMAND 5 | 6 | WORD(6) ALL = SHA384_TOK : DIGEST , SHA256_TOK : DIGEST ALL 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test15.in: -------------------------------------------------------------------------------- 1 | # Test parsing of sudoedit rule 2 | user ALL = sudoedit /etc/motd 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test15.json.ok: -------------------------------------------------------------------------------- 1 | { 2 | "User_Specs": [ 3 | { 4 | "User_List": [ 5 | { "username": "user" } 6 | ], 7 | "Host_List": [ 8 | { "hostname": "ALL" } 9 | ], 10 | "Cmnd_Specs": [ 11 | { 12 | "Commands": [ 13 | { "command": "sudoedit /etc/motd" } 14 | ] 15 | } 16 | ] 17 | } 18 | ] 19 | } 20 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test15.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=user,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: user 5 | sudoUser: user 6 | sudoHost: ALL 7 | sudoCommand: sudoedit /etc/motd 8 | sudoOrder: 1 9 | 10 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user 2 | user ALL = sudoedit /etc/motd 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test15.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | user ALL = sudoedit /etc/motd 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test15.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | WORD(6) ALL = COMMAND ARG 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test16.in: -------------------------------------------------------------------------------- 1 | # Test parsing of sudoedit rule in a Cmnd_Alias 2 | Cmnd_Alias EDIT = sudoedit /etc/motd 3 | user ALL = EDIT 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test16.json.ok: -------------------------------------------------------------------------------- 1 | { 2 | "Command_Aliases": { 3 | "EDIT": [ 4 | { "command": "sudoedit /etc/motd" } 5 | ] 6 | }, 7 | "User_Specs": [ 8 | { 9 | "User_List": [ 10 | { "username": "user" } 11 | ], 12 | "Host_List": [ 13 | { "hostname": "ALL" } 14 | ], 15 | "Cmnd_Specs": [ 16 | { 17 | "Commands": [ 18 | { "cmndalias": "EDIT" } 19 | ] 20 | } 21 | ] 22 | } 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test16.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=user,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: user 5 | sudoUser: user 6 | sudoHost: ALL 7 | sudoCommand: sudoedit /etc/motd 8 | sudoOrder: 1 9 | 10 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user 2 | user ALL = sudoedit /etc/motd 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test16.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Cmnd_Alias EDIT = sudoedit /etc/motd 4 | 5 | user ALL = EDIT 6 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test16.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | CMNDALIAS ALIAS = COMMAND ARG 3 | WORD(6) ALL = ALIAS 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test17.in: -------------------------------------------------------------------------------- 1 | # Test parsing of command_timeout and TIMEOUT syntax 2 | Defaults command_timeout=2d8h10m59s 3 | user0 ALL = TIMEOUT=7D4H10M30S /usr/bin/id, /usr/bin/who, TIMEOUT=0 /bin/ls 4 | user1 ALL = TIMEOUT=7d4h10m30s /usr/bin/id 5 | user2 ALL = TIMEOUT=4h10m30s /usr/bin/id 6 | user3 ALL = TIMEOUT=10m30s /usr/bin/id 7 | user4 ALL = TIMEOUT=14d /usr/bin/id 8 | user5 ALL = TIMEOUT=5m /usr/bin/id 9 | user6 ALL = TIMEOUT=30s /usr/bin/id 10 | user7 ALL = TIMEOUT=45 /usr/bin/id 11 | user8 ALL = TIMEOUT=7d4h10m30s /usr/bin/id, TIMEOUT=4h10m30s /usr/bin/id, \ 12 | TIMEOUT=10m30s /usr/bin/id, TIMEOUT=14d /usr/bin/id, \ 13 | TIMEOUT=5m /usr/bin/id, TIMEOUT=30s /usr/bin/id 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | Defaults command_timeout=2d8h10m59s 2 | 3 | # sudoRole user0 4 | user0 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/who, /bin/ls 5 | 6 | # sudoRole user1 7 | user1 ALL = TIMEOUT=619830 /usr/bin/id 8 | 9 | # sudoRole user2 10 | user2 ALL = TIMEOUT=15030 /usr/bin/id 11 | 12 | # sudoRole user3 13 | user3 ALL = TIMEOUT=630 /usr/bin/id 14 | 15 | # sudoRole user4 16 | user4 ALL = TIMEOUT=1209600 /usr/bin/id 17 | 18 | # sudoRole user5 19 | user5 ALL = TIMEOUT=300 /usr/bin/id 20 | 21 | # sudoRole user6 22 | user6 ALL = TIMEOUT=30 /usr/bin/id 23 | 24 | # sudoRole user7 25 | user7 ALL = TIMEOUT=45 /usr/bin/id 26 | 27 | # sudoRole user8 28 | user8 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/id, /usr/bin/id, /usr/bin/id,\ 29 | /usr/bin/id, /usr/bin/id 30 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test17.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults command_timeout=2d8h10m59s 4 | 5 | user0 ALL = TIMEOUT=619830 /usr/bin/id, /usr/bin/who, /bin/ls 6 | user1 ALL = TIMEOUT=619830 /usr/bin/id 7 | user2 ALL = TIMEOUT=15030 /usr/bin/id 8 | user3 ALL = TIMEOUT=630 /usr/bin/id 9 | user4 ALL = TIMEOUT=1209600 /usr/bin/id 10 | user5 ALL = TIMEOUT=300 /usr/bin/id 11 | user6 ALL = TIMEOUT=30 /usr/bin/id 12 | user7 ALL = TIMEOUT=45 /usr/bin/id 13 | user8 ALL = TIMEOUT=619830 /usr/bin/id, TIMEOUT=15030 /usr/bin/id, TIMEOUT=630 /usr/bin/id, TIMEOUT=1209600 /usr/bin/id, TIMEOUT=300 /usr/bin/id, TIMEOUT=30 /usr/bin/id 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test17.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR = WORD(2) 3 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND , COMMAND , CMND_TIMEOUT = WORD(6) COMMAND 4 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 5 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 6 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 7 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 8 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 9 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 10 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND 11 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND , CMND_TIMEOUT = WORD(6) COMMAND 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test18.in: -------------------------------------------------------------------------------- 1 | # Test command_timeout and TIMEOUT syntax errors 2 | Defaults command_timeout=2d8h10m59ss 3 | Defaults:root command_timeout=15f 4 | user0 ALL = TIMEOUT=7dd4h10m30s /usr/bin/id, /usr/bin/who, TIMEOUT=0 /bin/ls 5 | user1 ALL = TIMEOUT=7d4h10mm30s /usr/bin/id 6 | user2 ALL = TIMEOUT=4hg10m30s /usr/bin/id 7 | user3 ALL = TIMEOUT=10m30ss /usr/bin/id 8 | user4 ALL = TIMEOUT=14g /usr/bin/id 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test18.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test18.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test18.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test18.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test18.out.ok: -------------------------------------------------------------------------------- 1 | 2 | Defaults command_timeout=2d8h10m59ss 3 | Defaults:root command_timeout=15f 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test18.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR = WORD(2) 3 | DEFAULTS_USER WORD(6) DEFVAR = WORD(2) 4 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND , COMMAND , CMND_TIMEOUT = WORD(6) COMMAND 5 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND 6 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND 7 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND 8 | WORD(6) ALL = CMND_TIMEOUT = WORD(6) <*> COMMAND 9 | sudoers:2:26: value "2d8h10m59ss" is invalid for option "command_timeout" 10 | sudoers:3:31: value "15f" is invalid for option "command_timeout" 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test19.in: -------------------------------------------------------------------------------- 1 | # Test parsing of NOTBEFORE and NOTAFTER syntax 2 | # Local time zone parsing is checked in visudo/test10.sh 3 | user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, /bin/ls 4 | user1 ALL = NOTBEFORE=201702140830Z /usr/bin/id, NOTAFTER=20170301083000Z /bin/ls 5 | user2 ALL = NOTBEFORE=201702140830.3Z /usr/bin/id 6 | user3 ALL = NOTBEFORE=2017021408Z /usr/bin/id 7 | user4 ALL = NOTBEFORE=2017021408.4Z /usr/bin/id 8 | user5 ALL = NOTBEFORE=20170214083000.5Z /usr/bin/id 9 | user6 ALL = NOTBEFORE=20170214083000\,5Z /usr/bin/id 10 | user7 ALL = NOTBEFORE=20170214033000-0500 /usr/bin/id 11 | user8 ALL = NOTBEFORE=20170214033000.0-0500 /usr/bin/id 12 | user9 ALL = NOTBEFORE=20170214033000\,0-0500 /usr/bin/id 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user0 2 | user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id,\ 3 | /bin/ls 4 | 5 | # sudoRole user1 6 | user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, /bin/ls 7 | 8 | # sudoRole user2 9 | user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id 10 | 11 | # sudoRole user3 12 | user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id 13 | 14 | # sudoRole user4 15 | user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id 16 | 17 | # sudoRole user5 18 | user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 19 | 20 | # sudoRole user6 21 | user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 22 | 23 | # sudoRole user7 24 | user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 25 | 26 | # sudoRole user8 27 | user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 28 | 29 | # sudoRole user9 30 | user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 31 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test19.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | user0 ALL = NOTBEFORE=20170214083000Z NOTAFTER=20170301083000Z /usr/bin/id, /bin/ls 4 | user1 ALL = NOTBEFORE=20170214083000Z /usr/bin/id, NOTAFTER=20170301083000Z /bin/ls 5 | user2 ALL = NOTBEFORE=20170214083018Z /usr/bin/id 6 | user3 ALL = NOTBEFORE=20170214080000Z /usr/bin/id 7 | user4 ALL = NOTBEFORE=20170214082400Z /usr/bin/id 8 | user5 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 9 | user6 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 10 | user7 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 11 | user8 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 12 | user9 ALL = NOTBEFORE=20170214083000Z /usr/bin/id 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test19.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | WORD(6) ALL = NOTBEFORE = WORD(6) NOTAFTER = WORD(6) COMMAND , COMMAND 4 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND , NOTAFTER = WORD(6) COMMAND 5 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 6 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 7 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 8 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 9 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 10 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 11 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 12 | WORD(6) ALL = NOTBEFORE = WORD(6) COMMAND 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test20.in: -------------------------------------------------------------------------------- 1 | # Test parsing of tuples 2 | Defaults lecture 3 | Defaults !lecture 4 | Defaults lecture=never 5 | Defaults lecture=once 6 | Defaults lecture=always 7 | 8 | Defaults listpw 9 | Defaults !listpw 10 | Defaults listpw=never 11 | Defaults listpw=any 12 | Defaults listpw=all 13 | Defaults listpw=always 14 | 15 | Defaults verifypw 16 | Defaults !verifypw 17 | Defaults verifypw=never 18 | Defaults verifypw=any 19 | Defaults verifypw=all 20 | Defaults verifypw=always 21 | 22 | Defaults fdexec 23 | Defaults !fdexec 24 | Defaults fdexec=never 25 | Defaults fdexec=digest_only 26 | Defaults fdexec=always 27 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test20.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: defaults 5 | description: Default sudoOption's go here 6 | sudoOption: lecture 7 | sudoOption: !lecture 8 | sudoOption: lecture=never 9 | sudoOption: lecture=once 10 | sudoOption: lecture=always 11 | sudoOption: listpw 12 | sudoOption: !listpw 13 | sudoOption: listpw=never 14 | sudoOption: listpw=any 15 | sudoOption: listpw=all 16 | sudoOption: listpw=always 17 | sudoOption: verifypw 18 | sudoOption: !verifypw 19 | sudoOption: verifypw=never 20 | sudoOption: verifypw=any 21 | sudoOption: verifypw=all 22 | sudoOption: verifypw=always 23 | sudoOption: fdexec 24 | sudoOption: !fdexec 25 | sudoOption: fdexec=never 26 | sudoOption: fdexec=digest_only 27 | sudoOption: fdexec=always 28 | 29 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | Defaults lecture 2 | Defaults !lecture 3 | Defaults lecture=never 4 | Defaults lecture=once 5 | Defaults lecture=always 6 | Defaults listpw 7 | Defaults !listpw 8 | Defaults listpw=never 9 | Defaults listpw=any 10 | Defaults listpw=all 11 | Defaults listpw=always 12 | Defaults verifypw 13 | Defaults !verifypw 14 | Defaults verifypw=never 15 | Defaults verifypw=any 16 | Defaults verifypw=all 17 | Defaults verifypw=always 18 | Defaults fdexec 19 | Defaults !fdexec 20 | Defaults fdexec=never 21 | Defaults fdexec=digest_only 22 | Defaults fdexec=always 23 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test20.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults lecture 4 | Defaults !lecture 5 | Defaults lecture=never 6 | Defaults lecture=once 7 | Defaults lecture=always 8 | Defaults listpw 9 | Defaults !listpw 10 | Defaults listpw=never 11 | Defaults listpw=any 12 | Defaults listpw=all 13 | Defaults listpw=always 14 | Defaults verifypw 15 | Defaults !verifypw 16 | Defaults verifypw=never 17 | Defaults verifypw=any 18 | Defaults verifypw=all 19 | Defaults verifypw=always 20 | Defaults fdexec 21 | Defaults !fdexec 22 | Defaults fdexec=never 23 | Defaults fdexec=digest_only 24 | Defaults fdexec=always 25 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test20.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR 3 | DEFAULTS !DEFVAR 4 | DEFAULTS DEFVAR = WORD(2) 5 | DEFAULTS DEFVAR = WORD(2) 6 | DEFAULTS DEFVAR = WORD(2) 7 | 8 | DEFAULTS DEFVAR 9 | DEFAULTS !DEFVAR 10 | DEFAULTS DEFVAR = WORD(2) 11 | DEFAULTS DEFVAR = WORD(2) 12 | DEFAULTS DEFVAR = WORD(2) 13 | DEFAULTS DEFVAR = WORD(2) 14 | 15 | DEFAULTS DEFVAR 16 | DEFAULTS !DEFVAR 17 | DEFAULTS DEFVAR = WORD(2) 18 | DEFAULTS DEFVAR = WORD(2) 19 | DEFAULTS DEFVAR = WORD(2) 20 | DEFAULTS DEFVAR = WORD(2) 21 | 22 | DEFAULTS DEFVAR 23 | DEFAULTS !DEFVAR 24 | DEFAULTS DEFVAR = WORD(2) 25 | DEFAULTS DEFVAR = WORD(2) 26 | DEFAULTS DEFVAR = WORD(2) 27 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test22.in: -------------------------------------------------------------------------------- 1 | # Test parsing of empty Runas_List 2 | 3 | user1 ALL = ( : ) ALL 4 | user2 ALL = (:) ALL 5 | user3 ALL = ( ) ALL 6 | user4 ALL = () ALL 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test22.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: user1 5 | sudoUser: user1 6 | sudoHost: ALL 7 | sudoRunAsUser: 8 | sudoCommand: ALL 9 | sudoOrder: 1 10 | 11 | dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws 12 | objectClass: top 13 | objectClass: sudoRole 14 | cn: user2 15 | sudoUser: user2 16 | sudoHost: ALL 17 | sudoRunAsUser: 18 | sudoCommand: ALL 19 | sudoOrder: 2 20 | 21 | dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws 22 | objectClass: top 23 | objectClass: sudoRole 24 | cn: user3 25 | sudoUser: user3 26 | sudoHost: ALL 27 | sudoRunAsUser: 28 | sudoCommand: ALL 29 | sudoOrder: 3 30 | 31 | dn: cn=user4,ou=SUDOers,dc=sudo,dc=ws 32 | objectClass: top 33 | objectClass: sudoRole 34 | cn: user4 35 | sudoUser: user4 36 | sudoHost: ALL 37 | sudoRunAsUser: 38 | sudoCommand: ALL 39 | sudoOrder: 4 40 | 41 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user1 2 | user1 ALL = () ALL 3 | 4 | # sudoRole user2 5 | user2 ALL = () ALL 6 | 7 | # sudoRole user3 8 | user3 ALL = () ALL 9 | 10 | # sudoRole user4 11 | user4 ALL = () ALL 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test22.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | user1 ALL = (root) ALL 4 | user2 ALL = (root) ALL 5 | user3 ALL = (root) ALL 6 | user4 ALL = (root) ALL 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test22.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | 3 | WORD(6) ALL = ( : ) ALL 4 | WORD(6) ALL = ( : ) ALL 5 | WORD(6) ALL = ( ) ALL 6 | WORD(6) ALL = ( ) ALL 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test23.in: -------------------------------------------------------------------------------- 1 | # Test parsing of env_check, env_delete and env_keep 2 | Defaults env_check = "COLORTERM LANG LANGUAGE LC_* LINGUAS" 3 | Defaults env_check += "TERM TZ" 4 | 5 | Defaults env_delete = "IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" 6 | Defaults env_delete += "NLSPATH PATH_LOCALE LD_* _RLD*" 7 | 8 | Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" 9 | Defaults env_keep -= _XKB_CHARSET 10 | Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" 11 | Defaults env_keep += XDG_SESSION_COOKIE 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test23.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=defaults,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: defaults 5 | description: Default sudoOption's go here 6 | sudoOption: env_check=COLORTERM LANG LANGUAGE LC_* LINGUAS 7 | sudoOption: env_check+=TERM TZ 8 | sudoOption: env_delete=IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES 9 | sudoOption: env_delete+=NLSPATH PATH_LOCALE LD_* _RLD* 10 | sudoOption: env_keep+=LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET 11 | sudoOption: env_keep-=_XKB_CHARSET 12 | sudoOption: env_keep+=XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH 13 | sudoOption: env_keep+=XDG_SESSION_COOKIE 14 | 15 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" 2 | Defaults env_check+="TERM TZ" 3 | Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" 4 | Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" 5 | Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" 6 | Defaults env_keep-=_XKB_CHARSET 7 | Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" 8 | Defaults env_keep+=XDG_SESSION_COOKIE 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test23.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults env_check="COLORTERM LANG LANGUAGE LC_* LINGUAS" 4 | Defaults env_check+="TERM TZ" 5 | Defaults env_delete="IFS CDPATH LOCALDOMAIN RES_OPTIONS HOSTALIASES" 6 | Defaults env_delete+="NLSPATH PATH_LOCALE LD_* _RLD*" 7 | Defaults env_keep+="LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" 8 | Defaults env_keep-=_XKB_CHARSET 9 | Defaults env_keep+="XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" 10 | Defaults env_keep+=XDG_SESSION_COOKIE 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test23.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) 3 | DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) 4 | 5 | DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) 6 | DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) 7 | 8 | DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) 9 | DEFAULTS DEFVAR -= WORD(2) 10 | DEFAULTS DEFVAR += BEGINSTR STRBODY ENDSTR WORD(4) 11 | DEFAULTS DEFVAR += WORD(2) 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test24.in: -------------------------------------------------------------------------------- 1 | # Test parsing of CHROOT and CWD syntax, quoted and unquoted 2 | Defaults runcwd=~ 3 | Defaults runcwd="~" 4 | Defaults runchroot=/ 5 | Defaults runchroot="/" 6 | # 7 | user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh 8 | user1 ALL = CHROOT="/var/www" CWD="/htdocs" /bin/ksh 9 | user2 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls 10 | user3 ALL = CWD="~root" /usr/bin/id, CWD="/tmp" /bin/ls 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | Defaults runcwd=~ 2 | Defaults runcwd=~ 3 | Defaults runchroot=/ 4 | Defaults runchroot=/ 5 | 6 | # sudoRole user0 7 | user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh 8 | 9 | # sudoRole user1 10 | user1 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh 11 | 12 | # sudoRole user2, user2_1 13 | user2 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls 14 | 15 | # sudoRole user3, user3_1 16 | user3 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls 17 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test24.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults runcwd=~ 4 | Defaults runcwd=~ 5 | Defaults runchroot=/ 6 | Defaults runchroot=/ 7 | 8 | user0 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh 9 | user1 ALL = CHROOT=/var/www CWD=/htdocs /bin/ksh 10 | user2 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls 11 | user3 ALL = CWD=~root /usr/bin/id, CWD=/tmp /bin/ls 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test24.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR = WORD(2) 3 | DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) 4 | DEFAULTS DEFVAR = WORD(2) 5 | DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) 6 | # 7 | WORD(6) ALL = CHROOT = WORD(5) CWD = WORD(5) COMMAND 8 | WORD(6) ALL = CHROOT = BEGINSTR STRBODY ENDSTR WORD(4) CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND 9 | WORD(6) ALL = CWD = WORD(5) COMMAND , CWD = WORD(5) COMMAND 10 | WORD(6) ALL = CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND , CWD = BEGINSTR STRBODY ENDSTR WORD(4) COMMAND 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test25.in: -------------------------------------------------------------------------------- 1 | # Test continuation character when there is nothing to continue 2 | # Used to leak "~ron" when run under address sanitizer 3 | foo ALL = CWD=~ron /bin/ls \ 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test25.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test25.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test25.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test25.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test25.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test25.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | WORD(6) ALL = CWD = WORD(5) COMMAND <*> -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test27.in: -------------------------------------------------------------------------------- 1 | # Query the group plugin too (if there is one) 2 | Defaults always_query_group_plugin 3 | 4 | # Test RunasGroup with and without RunasUser 5 | root ALL = ( root : wheel ) ALL 6 | millert ALL = ( : wheel ) ALL 7 | %sudo ALL = ( : ALL ) ALL 8 | 9 | # Test RunasUser with %group syntax 10 | operator ALL = ( %wheel ) ALL 11 | 12 | # Test netgroup for user and host 13 | +netusers +nethosts = ( +netrunas ) ALL 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | Defaults always_query_group_plugin 2 | 3 | # sudoRole root 4 | root ALL = (root : wheel) ALL 5 | 6 | # sudoRole millert 7 | millert ALL = ( : wheel) ALL 8 | 9 | # sudoRole %sudo 10 | %sudo ALL = ( : ALL) ALL 11 | 12 | # sudoRole operator 13 | operator ALL = (%wheel) ALL 14 | 15 | # sudoRole +netusers 16 | +netusers +nethosts = (+netrunas) ALL 17 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test27.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults always_query_group_plugin 4 | 5 | root ALL = (root : wheel) ALL 6 | millert ALL = (root : wheel) ALL 7 | %sudo ALL = (root : ALL) ALL 8 | operator ALL = (%wheel) ALL 9 | +netusers +nethosts = (+netrunas) ALL 10 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test27.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR 3 | 4 | # 5 | WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL 6 | WORD(6) ALL = ( : WORD(6) ) ALL 7 | USERGROUP ALL = ( : ALL ) ALL 8 | 9 | # 10 | WORD(6) ALL = ( USERGROUP ) ALL 11 | 12 | # 13 | NETGROUP NETGROUP = ( NETGROUP ) ALL 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | Defaults passprompt_regex="(?i)password: *" 2 | 3 | # sudoRole user, user_1, user_2, user_3, user_4, user_5, user_6, user_7, 4 | # user_8, user_9, user_10, user_11 5 | user ALL = /bin/ls ^/etc/(hosts|motd|issue)$, /usr/bin/c*\ 6 | ^/etc/(hosts|motd|issue)$, ^/usr/bin/(who|w|id|whoami)$,\ 7 | ^/usr/bin/(who|w|id|whoami)$ "", ^/usr/bin/(who|w|id|whoami)$ root,\ 8 | ^/usr/bin/(who|w|id|whoami)$ -*, ^/usr/bin/(who|w|id|whoami)$ ^(-[ahi]\ 9 | ?)+$, sudoedit ^/etc/(hosts|motd|issue)$, ^/usr/bin/\$tree$ : host1 =\ 10 | /bin/ls ^/etc/(hosts|motd|issue)$, /usr/bin/c* ^/etc/(hosts|motd|issue)$ :\ 11 | host2 = ^/usr/bin/(who|w|id|whoami)$ "", ^/usr/bin/(who|w|id|whoami)$ root\ 12 | : host3 = /bin/echo ^\$foo$ 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test28.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults passprompt_regex="(?i)password: *" 4 | 5 | user ALL = /bin/ls ^/etc/(hosts|motd|issue)$ 6 | user ALL = /usr/bin/c* ^/etc/(hosts|motd|issue)$ 7 | user ALL = ^/usr/bin/(who|w|id|whoami)$ 8 | user ALL = ^/usr/bin/(who|w|id|whoami)$ "" 9 | user ALL = ^/usr/bin/(who|w|id|whoami)$ root 10 | user ALL = ^/usr/bin/(who|w|id|whoami)$ -* 11 | user ALL = ^/usr/bin/(who|w|id|whoami)$ ^(-[ahi] ?)+$ 12 | user ALL = sudoedit ^/etc/(hosts|motd|issue)$ 13 | user ALL = ^/usr/bin/\$tree$ 14 | user host1 = /bin/ls ^/etc/(hosts|motd|issue)$, /usr/bin/c* ^/etc/(hosts|motd|issue)$ : host2 = ^/usr/bin/(who|w|id|whoami)$ "", ^/usr/bin/(who|w|id|whoami)$ root : host3 = /bin/echo ^\$foo$ 15 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test28.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS DEFVAR = BEGINSTR STRBODY ENDSTR WORD(4) 3 | 4 | # 5 | WORD(6) ALL = COMMAND ARG REGEX 6 | 7 | # 8 | WORD(6) ALL = COMMAND ARG REGEX 9 | 10 | # 11 | WORD(6) ALL = COMMAND 12 | 13 | # 14 | WORD(6) ALL = COMMAND ARG 15 | 16 | # 17 | WORD(6) ALL = COMMAND ARG 18 | 19 | # 20 | WORD(6) ALL = COMMAND ARG 21 | 22 | # 23 | WORD(6) ALL = COMMAND ARG REGEX 24 | 25 | # 26 | WORD(6) ALL = COMMAND ARG REGEX 27 | 28 | # 29 | WORD(6) ALL = COMMAND 30 | 31 | # 32 | WORD(6) WORD(6) = COMMAND ARG REGEX , COMMAND ARG REGEX : WORD(6) = COMMAND ARG , COMMAND ARG : WORD(6) = COMMAND ARG REGEX QUOTEDCHAR 33 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test29.in: -------------------------------------------------------------------------------- 1 | # Test lexer regex syntax errors 2 | # We don't test regcomp() errors since regerror() strings are not 3 | # standardized. 4 | 5 | user ALL = /bin/ls ^/etc/(hosts|motd|issue 6 | 7 | user ALL = ^/bin/ls 8 | 9 | user ALL = ^/bin/ls$ ^error 10 | 11 | user ALL = ^/bin/ls$ ^error # comment 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test29.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test29.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test29.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test29.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test29.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test29.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | # 4 | 5 | WORD(6) ALL = COMMAND ARG REGEX ERROR <*> 6 | 7 | WORD(6) ALL = WORD(6) <*> 8 | 9 | WORD(6) ALL = COMMAND ARG REGEX ERROR <*> 10 | 11 | WORD(6) ALL = COMMAND ARG REGEX ERROR <*> # 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test3.in: -------------------------------------------------------------------------------- 1 | # Test whitespace in User_List as part of a per-user Defaults entry 2 | User_Alias FOO = foo, bar 3 | Defaults:FOO env_reset 4 | Defaults:foo,bar env_reset 5 | Defaults:foo,\ bar env_reset 6 | Defaults:foo, bar env_reset 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test3.ldif.ok: -------------------------------------------------------------------------------- 1 | # Unable to translate stdin:3:23: 2 | # Defaults:foo, bar env_reset 3 | 4 | # Unable to translate stdin:4:27: 5 | # Defaults:foo, bar env_reset 6 | 7 | # Unable to translate stdin:5:29: 8 | # Defaults:foo, " bar" env_reset 9 | 10 | # Unable to translate stdin:6:28: 11 | # Defaults:foo, bar env_reset 12 | 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test3.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults:FOO env_reset 4 | Defaults:foo, bar env_reset 5 | Defaults:foo, " bar" env_reset 6 | Defaults:foo, bar env_reset 7 | 8 | User_Alias FOO = foo, bar 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test3.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | USERALIAS ALIAS = WORD(6) , WORD(6) 3 | DEFAULTS_USER ALIAS DEFVAR 4 | DEFAULTS_USER WORD(6) , WORD(6) DEFVAR 5 | DEFAULTS_USER WORD(6) , WORD(6) DEFVAR 6 | DEFAULTS_USER WORD(6) , WORD(6) DEFVAR 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test30.in: -------------------------------------------------------------------------------- 1 | # Test parsing of "list" pseudo-command. 2 | # It should be allowed as a command but also as a user or host. 3 | 4 | user1 ALL = list 5 | 6 | list ALL = ALL 7 | 8 | user2 ALL = (list : list) ALL 9 | 10 | user3 list = ALL 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test30.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: user1 5 | sudoUser: user1 6 | sudoHost: ALL 7 | sudoCommand: list 8 | sudoOrder: 1 9 | 10 | dn: cn=list,ou=SUDOers,dc=sudo,dc=ws 11 | objectClass: top 12 | objectClass: sudoRole 13 | cn: list 14 | sudoUser: list 15 | sudoHost: ALL 16 | sudoCommand: ALL 17 | sudoOrder: 2 18 | 19 | dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws 20 | objectClass: top 21 | objectClass: sudoRole 22 | cn: user2 23 | sudoUser: user2 24 | sudoHost: ALL 25 | sudoRunAsUser: list 26 | sudoRunAsGroup: list 27 | sudoCommand: ALL 28 | sudoOrder: 3 29 | 30 | dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws 31 | objectClass: top 32 | objectClass: sudoRole 33 | cn: user3 34 | sudoUser: user3 35 | sudoHost: list 36 | sudoCommand: ALL 37 | sudoOrder: 4 38 | 39 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test30.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user1 2 | user1 ALL = list 3 | 4 | # sudoRole list 5 | list ALL = ALL 6 | 7 | # sudoRole user2 8 | user2 ALL = (list : list) ALL 9 | 10 | # sudoRole user3 11 | user3 list = ALL 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test30.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | user1 ALL = list 4 | list ALL = ALL 5 | user2 ALL = (list : list) ALL 6 | user3 list = ALL 7 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test30.sudo.ok: -------------------------------------------------------------------------------- 1 | user1 ALL = list 2 | 3 | list ALL = ALL 4 | 5 | user2 ALL = (list : list) ALL 6 | 7 | user3 list = ALL 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test30.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | # 3 | 4 | WORD(6) ALL = WORD(6) 5 | 6 | WORD(6) ALL = ALL 7 | 8 | WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL 9 | 10 | WORD(6) WORD(6) = ALL 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test31.in: -------------------------------------------------------------------------------- 1 | # Test parsing of SELinux, AppArmor and Solaris privilege parsing. 2 | 3 | user1 ALL = ROLE=foo_r TYPE=bar_t ALL 4 | 5 | user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump 6 | 7 | user3 ALL = PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" LIMITPRIVS=default ALL 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test31.ldif.ok: -------------------------------------------------------------------------------- 1 | dn: cn=user1,ou=SUDOers,dc=sudo,dc=ws 2 | objectClass: top 3 | objectClass: sudoRole 4 | cn: user1 5 | sudoUser: user1 6 | sudoHost: ALL 7 | sudoOption: role=foo_r 8 | sudoOption: type=bar_t 9 | sudoCommand: ALL 10 | sudoOrder: 1 11 | 12 | dn: cn=user2,ou=SUDOers,dc=sudo,dc=ws 13 | objectClass: top 14 | objectClass: sudoRole 15 | cn: user2 16 | sudoUser: user2 17 | sudoHost: ALL 18 | sudoOption: apparmor_profile=usr.bin.tcpdump 19 | sudoCommand: /usr/bin/tcpdump 20 | sudoOrder: 2 21 | 22 | dn: cn=user3,ou=SUDOers,dc=sudo,dc=ws 23 | objectClass: top 24 | objectClass: sudoRole 25 | cn: user3 26 | sudoUser: user3 27 | sudoHost: ALL 28 | sudoOption: privs=file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session 29 | sudoOption: limitprivs=default 30 | sudoCommand: ALL 31 | sudoOrder: 3 32 | 33 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test31.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole user1 2 | user1 ALL = ROLE=foo_r TYPE=bar_t ALL 3 | 4 | # sudoRole user2 5 | user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump 6 | 7 | # sudoRole user3 8 | user3 ALL =\ 9 | PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session"\ 10 | LIMITPRIVS="default" ALL 11 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test31.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | user1 ALL = ROLE=foo_r TYPE=bar_t ALL 4 | user2 ALL = APPARMOR_PROFILE=usr.bin.tcpdump /usr/bin/tcpdump 5 | user3 ALL = PRIVS="file_link_any,net_access,proc_exec,proc_fork,proc_info,proc_session" LIMITPRIVS="default" ALL 6 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test31.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | 3 | WORD(6) ALL = ROLE = WORD(6) TYPE = WORD(6) ALL 4 | 5 | WORD(6) ALL = APPARMOR_PROFILE = WORD(6) COMMAND 6 | 7 | WORD(6) ALL = PRIVS = BEGINSTR STRBODY ENDSTR WORD(4) LIMITPRIVS = WORD(6) ALL 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test4.in: -------------------------------------------------------------------------------- 1 | # Test line continuation with anchored matches 2 | User_Alias FOO = foo \ 3 | : BAR = bar 4 | 5 | # This used to pass for sudo < 1.8.1 (though it should not have) 6 | User_Alias FOO = foo \ 7 | User_Alias BAR = bar 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test4.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test4.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test4.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test4.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test4.out.ok: -------------------------------------------------------------------------------- 1 | 2 | User_Alias BAR = bar 3 | User_Alias FOO = foo 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test4.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | USERALIAS ALIAS = WORD(6) : ALIAS = WORD(6) 3 | 4 | # 5 | USERALIAS ALIAS = WORD(6) ERROR <*> ALIAS = WORD(6) 6 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test5.in: -------------------------------------------------------------------------------- 1 | # Test empty string in User_Alias and Command_Spec 2 | User_Alias FOO = "" 3 | "" ALL = ALL 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test5.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test5.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test5.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test5.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test5.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test5.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | USERALIAS ALIAS = BEGINSTR ENDSTR ERROR <*> 3 | BEGINSTR ENDSTR ERROR <*> ALL = ALL 4 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test6.in: -------------------------------------------------------------------------------- 1 | # Check that uids work in per-user and per-runas Defaults 2 | Defaults:#123 set_home 3 | Defaults>#123 set_home 4 | Defaults:"#123" set_home 5 | Defaults>"#123" set_home 6 | 7 | # Check that uids work in a Command_Spec 8 | #0 ALL = ALL 9 | #0 ALL = (#0 : #0) ALL 10 | "#0" ALL = ALL 11 | "#0" ALL = ("#0" : "#0") ALL 12 | 13 | # Check that gids work in a Command_Spec 14 | %#0 ALL = ALL 15 | "%#0" ALL = ALL 16 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok: -------------------------------------------------------------------------------- 1 | # sudoRole #0, #0_1, #0_2, #0_3 2 | #0 ALL = ALL, (#0 : #0) ALL, ALL, (#0 : #0) ALL 3 | 4 | # sudoRole %#0, %#0_1 5 | %#0 ALL = ALL, ALL 6 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test6.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Defaults:#123 set_home 4 | Defaults>#123 set_home 5 | Defaults:#123 set_home 6 | Defaults>#123 set_home 7 | 8 | #0 ALL = ALL 9 | #0 ALL = (#0 : #0) ALL 10 | #0 ALL = ALL 11 | #0 ALL = (#0 : #0) ALL 12 | %#0 ALL = ALL 13 | %#0 ALL = ALL 14 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test6.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | DEFAULTS_USER WORD(6) DEFVAR 3 | DEFAULTS_RUNAS WORD(6) DEFVAR 4 | DEFAULTS_USER BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR 5 | DEFAULTS_RUNAS BEGINSTR STRBODY ENDSTR WORD(4) DEFVAR 6 | 7 | # 8 | WORD(6) ALL = ALL 9 | WORD(6) ALL = ( WORD(6) : WORD(6) ) ALL 10 | BEGINSTR STRBODY ENDSTR WORD(4) ALL = ALL 11 | BEGINSTR STRBODY ENDSTR WORD(4) ALL = ( BEGINSTR STRBODY ENDSTR WORD(4) : BEGINSTR STRBODY ENDSTR WORD(4) ) ALL 12 | 13 | # 14 | USERGROUP ALL = ALL 15 | BEGINSTR STRBODY ENDSTR USERGROUP ALL = ALL 16 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test7.in: -------------------------------------------------------------------------------- 1 | # These should all be syntax errors 2 | User_Alias FOO1 = "%" 3 | User_Alias FOO2 = "%:" 4 | User_Alias FOO3 = "+" 5 | User_Alias FOO4 = % 6 | User_Alias FOO5 = %: 7 | User_Alias FOO6 = + 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test7.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test7.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test7.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test7.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test7.out.ok: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test7.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> 3 | USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> 4 | USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR ERROR <*> 5 | USERALIAS ALIAS = ERROR <*> 6 | USERALIAS ALIAS = ERROR <*> 7 | USERALIAS ALIAS = ERROR <*> 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test8.in: -------------------------------------------------------------------------------- 1 | # Test quoted strings 2 | User_Alias UA1 = "xy" 3 | User_Alias UA2 = "x\ 4 | y" 5 | User_Alias UA3 = x\"y 6 | 7 | # A newline in the middle of a string is an error 8 | User_Alias UA4 = "x 9 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test8.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test8.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test8.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test8.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test8.out.ok: -------------------------------------------------------------------------------- 1 | 2 | User_Alias UA1 = xy 3 | User_Alias UA2 = xy 4 | User_Alias UA3 = x\"y 5 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test8.toke.ok: -------------------------------------------------------------------------------- 1 | # 2 | USERALIAS ALIAS = BEGINSTR STRBODY ENDSTR WORD(4) 3 | USERALIAS ALIAS = BEGINSTR STRBODY STRBODY ENDSTR WORD(4) 4 | USERALIAS ALIAS = WORD(6) 5 | 6 | # 7 | USERALIAS ALIAS = BEGINSTR STRBODY ERROR <*> 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test9.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test9.in -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test9.json.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test9.json.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test9.ldif.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test9.ldif.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test9.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/sudoers/test9.toke.ok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/plugins/sudoers/regress/sudoers/test9.toke.ok -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/group: -------------------------------------------------------------------------------- 1 | wheel:*:0:root 2 | daemon:*:1:daemon 3 | kmem:*:2:root 4 | sys:*:3:root 5 | tty:*:4:root 6 | operator:*:5:root 7 | bin:*:7: 8 | wsrc:*:9: 9 | users:*:10: 10 | auth:*:11: 11 | games:*:13: 12 | staff:*:20:root 13 | guest:*:31:root 14 | admin:*:1000: 15 | fakeshell:*:1001: 16 | nogroup:*:32766: 17 | nobody:*:32767: 18 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/passwd: -------------------------------------------------------------------------------- 1 | root:*:0:0:Charlie &:/root:/bin/sh 2 | daemon:*:1:1:The devil himself:/root:/sbin/nologin 3 | operator:*:2:5:System &:/operator:/sbin/nologin 4 | bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin 5 | admin:*:1000:1000:Admin user:/home/admin:/bin/sh 6 | fakeshell:*:1001:1001:Shell test user:/home/fakeshell:/shell/does/not/exist 7 | nobody:*:32767:32767:Unprivileged user:/nonexistent:/sbin/nologin 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test1.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user root: 4 | 5 | ALL = ALL 6 | host allowed 7 | runas unmatched 8 | 9 | Password required 10 | 11 | Command unmatched 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test for NULL dereference with "sudo -g group" when the sudoers rule 4 | # has no runas user or group listed. 5 | # This is RedHat bug Bug 667103. 6 | # 7 | 8 | : ${TESTSUDOERS=testsudoers} 9 | 10 | exec 2>&1 11 | $TESTSUDOERS -g bin -P ${TESTDIR}/group root id <&1 | sed 's/\(syntax error\), .*/\1/' 15 | @include sudoers.local womp womp 16 | EOF 17 | 18 | echo "" 19 | echo "Testing #include with garbage after the path name" 20 | echo "" 21 | $TESTSUDOERS -U $MYUID -G $MYGID root id <&1 | sed 's/\(syntax error\), .*/\1/' 22 | #include sudoers.local womp womp 23 | EOF 24 | 25 | exit 0 26 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test12.out.ok: -------------------------------------------------------------------------------- 1 | Testing sudoers with multiple syntax errors 2 | 3 | sudoers:1:20: syntax error 4 | User_Alias A1 = u1 u2 : A2 = u3, u4 5 | ^~ 6 | sudoers:3:26: syntax error 7 | millert ALL = /fail : foo 8 | ^ 9 | sudoers:5:16: syntax error 10 | root ALL = ALL bar 11 | ^~~ 12 | sudoers:7:12: expected a fully-qualified path name 13 | root ALL = baz 14 | ^~~ 15 | 16 | User_Alias A1 = u1 17 | 18 | millert ALL = /fail 19 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test12.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test sudoers file with multiple syntax errors 4 | # The standard error output is dup'd to the standard output. 5 | # 6 | 7 | : ${TESTSUDOERS=testsudoers} 8 | 9 | echo "Testing sudoers with multiple syntax errors" 10 | echo "" 11 | $TESTSUDOERS -d <&1 | sed 's/\(syntax error\), .*/\1/' 12 | User_Alias A1 = u1 u2 : A2 = u3, u4 13 | 14 | millert ALL = /fail : foo 15 | 16 | root ALL = ALL bar 17 | 18 | root ALL = baz 19 | EOF 20 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test13.out.ok: -------------------------------------------------------------------------------- 1 | Testing alias definitions using reserved words 2 | 3 | sudoers:1:12: syntax error, reserved word ALL used as an alias name 4 | Cmnd_Alias ALL=ALL 5 | ^~~ 6 | sudoers:2:12: syntax error, reserved word CHROOT used as an alias name 7 | Cmnd_Alias CHROOT=foo 8 | ^~~~~~ 9 | sudoers:3:12: syntax error, reserved word CMND_TIMEOUT used as an alias name 10 | User_Alias TIMEOUT=foo 11 | ^~~~~~~ 12 | sudoers:4:13: syntax error, reserved word CWD used as an alias name 13 | Runas_Alias CWD=bar 14 | ^~~ 15 | sudoers:5:12: syntax error, reserved word NOTBEFORE used as an alias name 16 | Host_Alias NOTBEFORE=baz 17 | ^~~~~~~~~ 18 | sudoers:6:12: syntax error, reserved word NOTAFTER used as an alias name 19 | Host_Alias NOTAFTER=biff 20 | ^~~~~~~~ 21 | 22 | root ALL = ALL 23 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test13.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test sudoers file with reserved words as alias names. 4 | # The standard error output is dup'd to the standard output. 5 | # 6 | 7 | : ${TESTSUDOERS=testsudoers} 8 | 9 | echo "Testing alias definitions using reserved words" 10 | echo "" 11 | $TESTSUDOERS -d <&1 12 | Cmnd_Alias ALL=ALL 13 | Cmnd_Alias CHROOT=foo 14 | User_Alias TIMEOUT=foo 15 | Runas_Alias CWD=bar 16 | Host_Alias NOTBEFORE=baz 17 | Host_Alias NOTAFTER=biff 18 | 19 | root ALL = ALL 20 | EOF 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test14.out.ok: -------------------------------------------------------------------------------- 1 | 2 | Testing user privilege without a newline 3 | 4 | Parses OK 5 | 6 | millert ALL = ALL 7 | 8 | Testing alias without a newline 9 | 10 | Parses OK 11 | 12 | Cmnd_Alias FOO = /bin/bar 13 | 14 | Testing Defaults without a newline 15 | 16 | Parses OK 17 | 18 | Defaults log_output 19 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test14.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test entries with no trailing newline. 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | exec 2>&1 9 | 10 | echo "" 11 | echo "Testing user privilege without a newline" 12 | echo "" 13 | printf "millert ALL = ALL" | $TESTSUDOERS -d 14 | 15 | echo "" 16 | echo "Testing alias without a newline" 17 | echo "" 18 | printf "Cmnd_Alias FOO=/bin/bar" | $TESTSUDOERS -d 19 | 20 | echo "" 21 | echo "Testing Defaults without a newline" 22 | echo "" 23 | printf "Defaults log_output" | $TESTSUDOERS -d 24 | 25 | exit 0 26 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test15.out.ok: -------------------------------------------------------------------------------- 1 | Testing @include of a file with a missing newline 2 | 3 | Parses OK 4 | 5 | Entries for user root: 6 | 7 | ALL = /usr/bin/id 8 | host allowed 9 | runas allowed 10 | cmnd unmatched 11 | 12 | ALL = ALL 13 | host allowed 14 | runas allowed 15 | cmnd allowed 16 | 17 | Password required 18 | 19 | Command allowed 20 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test15.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test @include of a file with a missing newline 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | # Create test file 9 | TESTDIR="`pwd`/regress/testsudoers" 10 | printf "root ALL = ALL" >"$TESTDIR/test15.inc" 11 | 12 | MYUID=`\ls -lnd "$TESTDIR/test15.inc" | awk '{print $3}'` 13 | MYGID=`\ls -lnd "$TESTDIR/test15.inc" | awk '{print $4}'` 14 | exec 2>&1 15 | 16 | echo "Testing @include of a file with a missing newline" 17 | echo "" 18 | $TESTSUDOERS -U $MYUID -G $MYGID root id <<-EOF 19 | @include $TESTDIR/test15.inc 20 | ALL ALL = /usr/bin/id 21 | EOF 22 | 23 | rm -f "$TESTDIR/test15.inc" 24 | exit 0 25 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test16.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user root: 4 | 5 | ALL = (ALL) ALL 6 | host allowed 7 | runas allowed 8 | cmnd allowed 9 | 10 | Password required 11 | 12 | Command allowed 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test17.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user root: 4 | 5 | ALL = (ALL) sha224:fIoq2MAfM/PZKTbkn9RE4VZ8YHjwnwTgE28Hxw== ALL 6 | host allowed 7 | runas allowed 8 | cmnd allowed 9 | 10 | Password required 11 | 12 | Command allowed 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test19.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user root: 4 | 5 | ALL = /bin/ls "" 6 | host allowed 7 | runas allowed 8 | cmnd allowed 9 | 10 | Password required 11 | 12 | Command allowed 13 | Parses OK 14 | 15 | Entries for user root: 16 | 17 | ALL = /bin/ls "" 18 | host allowed 19 | runas allowed 20 | cmnd unmatched 21 | 22 | Password required 23 | 24 | Command unmatched 25 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test19.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Verify that "" in sudoers does not match a literal "" on the command line. 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | exec 2>&1 9 | 10 | # This should succeed 11 | $TESTSUDOERS root /bin/ls <<'EOF' 12 | root ALL = /bin/ls "" 13 | EOF 14 | 15 | # This should fail 16 | $TESTSUDOERS root /bin/ls '""' <<'EOF' 17 | root ALL = /bin/ls "" 18 | EOF 19 | 20 | exit 0 21 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test2.inc: -------------------------------------------------------------------------------- 1 | root ALL = ALL 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test2.out.ok: -------------------------------------------------------------------------------- 1 | Testing @include 2 | 3 | Parses OK 4 | 5 | Entries for user root: 6 | 7 | ALL = ALL 8 | host allowed 9 | runas allowed 10 | cmnd allowed 11 | 12 | Password required 13 | 14 | Command allowed 15 | 16 | Testing #include 17 | 18 | Parses OK 19 | 20 | Entries for user root: 21 | 22 | ALL = ALL 23 | host allowed 24 | runas allowed 25 | cmnd allowed 26 | 27 | Password required 28 | 29 | Command allowed 30 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test @include facility 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | MYUID=`\ls -ln $TESTDIR/test2.inc | awk '{print $3}'` 9 | MYGID=`\ls -ln $TESTDIR/test2.inc | awk '{print $4}'` 10 | exec 2>&1 11 | 12 | echo "Testing @include" 13 | echo "" 14 | $TESTSUDOERS -U $MYUID -G $MYGID root id <&1 10 | 11 | # Exercise double free of user_cmnd in set_cmnd_path() under ASAN. 12 | # We need more than one rule where the last rule matches and has CHROOT. 13 | $TESTSUDOERS root /bin/ls <<'EOF' 14 | root ALL = CWD=/ /bin/pwd 15 | root ALL = CHROOT=/ /bin/ls 16 | EOF 17 | 18 | exit 0 19 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test21.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user admin: 4 | 5 | ALL = (USERALIAS : GROUPALIAS) /bin/ls 6 | host allowed 7 | runas allowed 8 | cmnd allowed 9 | 10 | Password required 11 | 12 | Command allowed 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test21.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Verify that a Runas_Alias works in both user and group lists. 4 | # This tests a bug fixed in sudo 1.9.14. 5 | # 6 | 7 | : ${TESTSUDOERS=testsudoers} 8 | 9 | exec 2>&1 10 | 11 | # The user in USERALIAS must *not* belong to the group in GROUPALIAS 12 | # in the group or passwd file in order to reproduce the bug. 13 | $TESTSUDOERS -u root -g bin -p ${TESTDIR}/passwd -P ${TESTDIR}/group \ 14 | admin /bin/ls <<'EOF' 15 | Runas_Alias USERALIAS = root 16 | Runas_Alias GROUPALIAS = bin 17 | admin ALL = (USERALIAS : GROUPALIAS) /bin/ls 18 | EOF 19 | 20 | exit 0 21 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test22.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user admin: 4 | 5 | ALL = /bin/ls 6 | host allowed 7 | runas unmatched 8 | 9 | Password required 10 | 11 | Command unmatched 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test22.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Verify that a user is only allowed to run commands with a group 4 | # that is specified by sudoers (or that the runas user is a member of). 5 | # This tests a bug fixed in sudo 1.9.14. 6 | # 7 | 8 | : ${TESTSUDOERS=testsudoers} 9 | 10 | exec 2>&1 11 | 12 | # The root user must *not* belong to the group specified below. 13 | $TESTSUDOERS -u root -g bin -p ${TESTDIR}/passwd -P ${TESTDIR}/group \ 14 | admin /bin/ls <<'EOF' 15 | admin ALL = /bin/ls 16 | EOF 17 | 18 | exit 0 19 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test23.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user admin: 4 | 5 | ALL = (root) /bin/ls 6 | host allowed 7 | runas unmatched 8 | 9 | Password required 10 | 11 | Command unmatched 12 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test23.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Verify that a user is not allowed to run commands with their own 4 | # user and group if sudoers doesn't explicitly permit it. 5 | # This tests a bug fixed in sudo 1.9.14. 6 | # 7 | 8 | : ${TESTSUDOERS=testsudoers} 9 | 10 | exec 2>&1 11 | 12 | $TESTSUDOERS -u admin -g admin -p ${TESTDIR}/passwd -P ${TESTDIR}/group \ 13 | admin /bin/ls <<'EOF' 14 | admin ALL = (root) /bin/ls 15 | EOF 16 | 17 | exit 0 18 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test24.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user root: 4 | 5 | ALL = NOTBEFORE=20170214083000Z /bin/ls 6 | host allowed 7 | date allowed 8 | runas allowed 9 | cmnd allowed 10 | 11 | Password required 12 | 13 | Command allowed 14 | Parses OK 15 | 16 | Entries for user root: 17 | 18 | ALL = NOTBEFORE=20170214083001Z /bin/ls 19 | host allowed 20 | date denied 21 | 22 | Password required 23 | 24 | Command unmatched 25 | Parses OK 26 | 27 | Entries for user root: 28 | 29 | ALL = NOTAFTER=20170214083000Z /bin/ls 30 | host allowed 31 | date allowed 32 | runas allowed 33 | cmnd allowed 34 | 35 | Password required 36 | 37 | Command allowed 38 | Parses OK 39 | 40 | Entries for user root: 41 | 42 | ALL = NOTAFTER=20170214083000Z /bin/ls 43 | host allowed 44 | date denied 45 | 46 | Password required 47 | 48 | Command unmatched 49 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test27.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user admin: 4 | 5 | ALL = (ALL) /bin/ls 6 | host allowed 7 | runas allowed 8 | cmnd allowed 9 | 10 | Invalid shell for user fakeshell: /shell/does/not/exist 11 | 12 | Password required 13 | 14 | Command denied 15 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test27.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Verify that runas_check_shell works as expected. 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | exec 2>&1 9 | 10 | # This should fail due to fakeshell's shell 11 | $TESTSUDOERS -u fakeshell -p ${TESTDIR}/passwd -P ${TESTDIR}/group \ 12 | admin /bin/ls <<'EOF' 13 | Defaults runas_check_shell 14 | admin ALL = (ALL) /bin/ls 15 | EOF 16 | 17 | # Expected failure 18 | if [ $? -eq 0 ]; then 19 | exit 1 20 | else 21 | exit 0 22 | fi 23 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test4.out.ok: -------------------------------------------------------------------------------- 1 | testsudoers: test2.inc should be owned by uid 1 2 | 3 | Entries for user root: 4 | 5 | Password required 6 | 7 | Parse error 8 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test4.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test sudoers owner check 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | exec 2>&1 9 | $TESTSUDOERS -U 1 root id <"$TESTFILE" <&1 17 | 18 | # Test world writable 19 | chmod 666 $TESTFILE 20 | $TESTSUDOERS -U $MYUID -G $MYGID root id <&1 9 | $TESTSUDOERS root id <&1 9 | $TESTSUDOERS root id <&1 12 | 13 | echo "Testing @include without a newline" 14 | echo "" 15 | printf "@include $TESTDIR/test2.inc" | \ 16 | $TESTSUDOERS -U $MYUID -G $MYGID root id 17 | 18 | echo "" 19 | echo "Testing #include without a newline" 20 | echo "" 21 | printf "#include $TESTDIR/test2.inc" | \ 22 | $TESTSUDOERS -U $MYUID -G $MYGID root id 23 | 24 | exit 0 25 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test9.out.ok: -------------------------------------------------------------------------------- 1 | Parses OK 2 | 3 | Entries for user root: 4 | 5 | ALL = ALL 6 | host allowed 7 | runas allowed 8 | cmnd allowed 9 | 10 | Password required 11 | 12 | Command allowed 13 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/testsudoers/test9.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test #include facility 4 | # 5 | 6 | : ${TESTSUDOERS=testsudoers} 7 | 8 | MYUID=`\ls -ln $TESTDIR/test2.inc | awk '{print $3}'` 9 | MYGID=`\ls -ln $TESTDIR/test2.inc | awk '{print $4}'` 10 | exec 2>&1 11 | $TESTSUDOERS -U $MYUID -G $MYGID root id <root !set_logname 11 | Defaults:FULLTIMERS !lecture 12 | Defaults:millert !authenticate 13 | Defaults@SERVERS log_year, logfile=/var/log/sudo.log 14 | Defaults!PAGERS noexec 15 | 16 | Defaults env_keep -= "HOME" 17 | Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" 18 | Defaults env_keep += "MAIL PS1 PS2 QTDIR LANG LC_ADDRESS LC_CTYPE" 19 | 20 | User_Alias FULLTIMERS = millert, mikef, dowdy 21 | 22 | Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less 23 | 24 | Host_Alias SERVERS = primary, mail, www, ns 25 | EOF 26 | 27 | exit 0 28 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/visudo/test7.out.ok: -------------------------------------------------------------------------------- 1 | stdin: parsed OK 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/visudo/test7.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test sudoers_locale early Defaults 4 | # 5 | 6 | : ${VISUDO=visudo} 7 | 8 | LANG=C; export LANG 9 | LC_NUMERIC=fr_FR.UTF-8; export LC_NUMERIC 10 | 11 | # First check that visudo supports non-C locales 12 | # Note that older versions of sudo did not set the locale 13 | # until sudoers was read so this check will fail on them. 14 | $VISUDO -csf - >/dev/null 2>&1 <<-EOF 15 | Defaults sudoers_locale = fr_FR.UTF-8 16 | Defaults passwd_timeout = "2,5" 17 | EOF 18 | 19 | # Now make sure we can set passwd_timeout to a floating point value 20 | # using a non-C locale. 21 | if [ $? -eq 0 ]; then 22 | $VISUDO -csf - <<-EOF 23 | Defaults passwd_timeout = "2,5" 24 | Defaults sudoers_locale = fr_FR.UTF-8 25 | EOF 26 | else 27 | # No support for LC_NUMERIC? 28 | echo "stdin: parsed OK" 29 | fi 30 | 31 | exit 0 32 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/visudo/test8.err.ok: -------------------------------------------------------------------------------- 1 | visudo: stdin:1: value "2.5" is invalid for option "passwd_timeout" 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/visudo/test8.out.ok: -------------------------------------------------------------------------------- 1 | parse error in stdin near line 1 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/visudo/test9.out.ok: -------------------------------------------------------------------------------- 1 | stdin: parsed OK 2 | -------------------------------------------------------------------------------- /plugins/sudoers/regress/visudo/test9.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Test IP and network address in host-based Defaults statements 4 | # Bugzilla #766 5 | # 6 | 7 | : ${VISUDO=visudo} 8 | 9 | $VISUDO -cf - <<-EOF 10 | Defaults@127.0.0.1 !authenticate 11 | Defaults@10.0.0.0/8 !always_set_home 12 | EOF 13 | 14 | exit 0 15 | -------------------------------------------------------------------------------- /plugins/sudoers/sudoers.exp: -------------------------------------------------------------------------------- 1 | sudoers_policy 2 | sudoers_io 3 | sudoers_audit 4 | sudo_getgrgid 5 | sudo_getgrnam 6 | sudo_gr_addref 7 | sudo_gr_delref 8 | -------------------------------------------------------------------------------- /plugins/sudoers/testsudoers_pwutil.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Build pwutil_impl.c with a function prefix of "testsudoers_" instead 3 | * of "sudo_" and call our custom getpwnam/getpwuid/getgrnam/getgrgid. 4 | */ 5 | 6 | #define PWUTIL_PREFIX testsudoers 7 | 8 | #include 9 | #include 10 | #include "pwutil_impl.c" 11 | -------------------------------------------------------------------------------- /plugins/system_group/system_group.exp: -------------------------------------------------------------------------------- 1 | group_plugin 2 | -------------------------------------------------------------------------------- /po/README: -------------------------------------------------------------------------------- 1 | NLS Translations for sudo are coordinated through the Translation 2 | Project, at https://translationproject.org/ 3 | 4 | If you would like to contribute a translation for sudo, please join 5 | a translation team at the Translation Project instead of contributing 6 | a po file directly. This will avoid duplicated work if there is 7 | already a translation in progress. If you would like to become a 8 | member of a translation team, please follow the instructions at 9 | https://translationproject.org/html/translators.html 10 | 11 | The messages in sudo are split into two domains: sudo and sudoers. 12 | The former is used by the sudo front-end and utility functions. 13 | The latter is used by the sudoers policy and I/O logging plug-ins 14 | as well as the sudoers-specific commands visudo and sudoreplay. 15 | -------------------------------------------------------------------------------- /po/ast.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ast.mo -------------------------------------------------------------------------------- /po/ca.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ca.mo -------------------------------------------------------------------------------- /po/cs.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/cs.mo -------------------------------------------------------------------------------- /po/da.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/da.mo -------------------------------------------------------------------------------- /po/de.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/de.mo -------------------------------------------------------------------------------- /po/eo.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/eo.mo -------------------------------------------------------------------------------- /po/es.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/es.mo -------------------------------------------------------------------------------- /po/eu.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/eu.mo -------------------------------------------------------------------------------- /po/fa.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/fa.mo -------------------------------------------------------------------------------- /po/fi.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/fi.mo -------------------------------------------------------------------------------- /po/fr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/fr.mo -------------------------------------------------------------------------------- /po/fur.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/fur.mo -------------------------------------------------------------------------------- /po/gl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/gl.mo -------------------------------------------------------------------------------- /po/hr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/hr.mo -------------------------------------------------------------------------------- /po/hu.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/hu.mo -------------------------------------------------------------------------------- /po/id.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/id.mo -------------------------------------------------------------------------------- /po/it.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/it.mo -------------------------------------------------------------------------------- /po/ja.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ja.mo -------------------------------------------------------------------------------- /po/ka.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ka.mo -------------------------------------------------------------------------------- /po/ko.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ko.mo -------------------------------------------------------------------------------- /po/nb.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/nb.mo -------------------------------------------------------------------------------- /po/nl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/nl.mo -------------------------------------------------------------------------------- /po/nn.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/nn.mo -------------------------------------------------------------------------------- /po/pl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/pl.mo -------------------------------------------------------------------------------- /po/pt.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/pt.mo -------------------------------------------------------------------------------- /po/pt_BR.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/pt_BR.mo -------------------------------------------------------------------------------- /po/ro.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ro.mo -------------------------------------------------------------------------------- /po/ru.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/ru.mo -------------------------------------------------------------------------------- /po/sk.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/sk.mo -------------------------------------------------------------------------------- /po/sl.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/sl.mo -------------------------------------------------------------------------------- /po/sq.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/sq.mo -------------------------------------------------------------------------------- /po/sr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/sr.mo -------------------------------------------------------------------------------- /po/sv.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/sv.mo -------------------------------------------------------------------------------- /po/tr.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/tr.mo -------------------------------------------------------------------------------- /po/uk.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/uk.mo -------------------------------------------------------------------------------- /po/vi.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/vi.mo -------------------------------------------------------------------------------- /po/zh_CN.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/zh_CN.mo -------------------------------------------------------------------------------- /po/zh_TW.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sudo-project/sudo/a925829e607c343b99d12df861708c0bafb9241f/po/zh_TW.mo -------------------------------------------------------------------------------- /src/intercept.exp.in: -------------------------------------------------------------------------------- 1 | @INTERCEPT_EXP@execl 2 | execle 3 | execlp 4 | execv 5 | execve 6 | execvp 7 | system 8 | --------------------------------------------------------------------------------