diff --git a/test-framework/sudo-compliance-tests/src/sudo/env_reset.rs b/test-framework/sudo-compliance-tests/src/sudo/env_reset.rs index 8a455b5dc..d7a31ac0c 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/env_reset.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/env_reset.rs @@ -51,6 +51,11 @@ fn some_vars_are_set() -> Result<()> { // "Set to the login name of the user who invoked sudo" assert_eq!(Some("root"), sudo_env.remove("SUDO_USER")); + // "Set to the home directory of the user who invoked sudo." + if let Some(val) = sudo_env.remove("SUDO_HOME") { + assert_eq!("/root", val); + } + // "Set to the same value as LOGNAME" assert_eq!(Some("root"), sudo_env.remove("USER")); @@ -145,6 +150,9 @@ fn user_dependent_vars() -> Result<()> { assert_eq!(Some("0"), sudo_env.remove("SUDO_GID")); assert_eq!(Some("0"), sudo_env.remove("SUDO_UID")); assert_eq!(Some("root"), sudo_env.remove("SUDO_USER")); + if let Some(val) = sudo_env.remove("SUDO_HOME") { + assert_eq!("/root", val); + } assert_eq!(Some(SUDO_ENV_DEFAULT_PATH), sudo_env.remove("PATH")); assert_eq!(Some(SUDO_ENV_DEFAULT_TERM), sudo_env.remove("TERM")); @@ -209,6 +217,9 @@ fn some_vars_are_preserved() -> Result<()> { assert_eq!(Some("root"), sudo_env.remove("SUDO_USER")); assert_eq!(Some("0"), sudo_env.remove("SUDO_UID")); assert_eq!(Some("0"), sudo_env.remove("SUDO_GID")); + if let Some(val) = sudo_env.remove("SUDO_HOME") { + assert_eq!("/root", val); + } // preserved assert_eq!(Some(display), sudo_env.remove("DISPLAY")); diff --git a/test-framework/sudo-compliance-tests/src/sudo/flag_chdir.rs b/test-framework/sudo-compliance-tests/src/sudo/flag_chdir.rs index caa929167..01a9e837a 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/flag_chdir.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/flag_chdir.rs @@ -129,37 +129,88 @@ fn cwd_set_to_non_glob_value_then_cannot_use_that_path_with_chdir_flag() -> Resu } #[test] -#[ignore = "wontfix"] -fn any_chdir_value_is_accepted_if_it_matches_pwd_cwd_unset() -> Result<()> { +fn any_chdir_value_is_not_accepted_if_it_matches_pwd_cwd_unset() -> Result<()> { let path = "/root"; let env = Env("ALL ALL=(ALL:ALL) NOPASSWD: ALL").build()?; - let stdout = Command::new("sh") + + if sudo_test::is_original_sudo() { + let stdout = Command::new("sudo") + .arg("--version") + .output(&env)? + .stdout()?; + let version = stdout + .lines() + .next() + .unwrap() + .strip_prefix("Sudo version ") + .unwrap(); + if version < "1.9.14" { + // Older sudo had a special case where --chdir is accepted if it matches the cwd even if + // it would otherwise be denied. + // FIXME remove once bookworm is oldstable + return Ok(()); + } + } + + let output = Command::new("sh") .arg("-c") .arg(format!("cd {path}; sudo --chdir {path} pwd")) - .output(&env)? - .stdout()?; + .output(&env)?; - assert_eq!(path, stdout); + assert!(!output.status().success()); + assert_eq!(Some(1), output.status().code()); + + let diagnostic = if sudo_test::is_original_sudo() { + format!("you are not permitted to use the -D option with {BIN_PWD}") + } else { + format!("you are not allowed to use '--chdir {path}' with '{BIN_PWD}'") + }; + assert_contains!(output.stderr(), diagnostic); Ok(()) } -// NOTE unclear if we want to adopt this behavior #[test] -#[ignore = "wontfix"] -fn any_chdir_value_is_accepted_if_it_matches_pwd_cwd_set() -> Result<()> { +fn any_chdir_value_is_not_accepted_if_it_matches_pwd_cwd_set() -> Result<()> { let cwd_path = "/root"; let another_path = "/tmp"; let env = Env(format!("ALL ALL=(ALL:ALL) CWD={cwd_path} NOPASSWD: ALL")).build()?; - let stdout = Command::new("sh") + + if sudo_test::is_original_sudo() { + let stdout = Command::new("sudo") + .arg("--version") + .output(&env)? + .stdout()?; + let version = stdout + .lines() + .next() + .unwrap() + .strip_prefix("Sudo version ") + .unwrap(); + if version < "1.9.14" { + // Older sudo had a special case where --chdir is accepted if it matches the cwd even if + // it would otherwise be denied. + // FIXME remove once bookworm is oldstable + return Ok(()); + } + } + + let output = Command::new("sh") .arg("-c") .arg(format!( "cd {another_path}; sudo --chdir {another_path} pwd" )) - .output(&env)? - .stdout()?; + .output(&env)?; + + assert!(!output.status().success()); + assert_eq!(Some(1), output.status().code()); - assert_eq!(cwd_path, stdout); + let diagnostic = if sudo_test::is_original_sudo() { + format!("you are not permitted to use the -D option with {BIN_PWD}") + } else { + format!("you are not allowed to use '--chdir {another_path}' with '{BIN_PWD}'") + }; + assert_contains!(output.stderr(), diagnostic); Ok(()) } diff --git a/test-framework/sudo-compliance-tests/src/sudo/flag_list.rs b/test-framework/sudo-compliance-tests/src/sudo/flag_list.rs index 7f8da7cd7..0e2f7ba32 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/flag_list.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/flag_list.rs @@ -1,4 +1,4 @@ -use sudo_test::{Command, Env, TextFile, User, BIN_FALSE, BIN_LS, BIN_PWD, BIN_TRUE}; +use sudo_test::{Command, Env, TextFile, User, BIN_FALSE, BIN_LS, BIN_PWD, BIN_TRUE, ETC_SUDOERS}; use crate::{Result, PANIC_EXIT_CODE, PASSWORD, SUDOERS_ALL_ALL_NOPASSWD, USERNAME}; @@ -254,7 +254,10 @@ Sudoers entry: \tALL" ); let actual = output.stdout()?; - assert_eq!(actual, expected); + assert_eq!( + actual.replace(&format!("Sudoers entry: {ETC_SUDOERS}"), "Sudoers entry:"), + expected + ); Ok(()) } diff --git a/test-framework/sudo-compliance-tests/src/sudo/flag_list/long_format/mod.rs b/test-framework/sudo-compliance-tests/src/sudo/flag_list/long_format/mod.rs index 5b52b088b..610f74289 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/flag_list/long_format/mod.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/flag_list/long_format/mod.rs @@ -1,11 +1,14 @@ -use sudo_test::{Command, Env, BIN_FALSE, BIN_LS, BIN_TRUE}; +use sudo_test::{Command, Env, BIN_FALSE, BIN_LS, BIN_TRUE, ETC_SUDOERS}; use crate::{Result, HOSTNAME}; macro_rules! assert_snapshot { ($($tt:tt)*) => { insta::with_settings!({ - filters => vec![(BIN_LS, "")], + filters => vec![ + (BIN_LS, ""), + (&format!("Sudoers entry: {ETC_SUDOERS}"), "Sudoers entry:"), + ], prepend_module_to_snapshot => false, }, { insta::assert_snapshot!($($tt)*) diff --git a/test-framework/sudo-compliance-tests/src/sudo/flag_list/needs_auth.rs b/test-framework/sudo-compliance-tests/src/sudo/flag_list/needs_auth.rs index b7b7cde67..c2b3e2cf7 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/flag_list/needs_auth.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/flag_list/needs_auth.rs @@ -4,7 +4,8 @@ use crate::{Result, USERNAME}; #[test] fn when_other_user_is_self() -> Result<()> { - let env = Env("ALL ALL=(ALL:ALL) ALL").user(USERNAME).build()?; + let env = Env("Defaults !lecture +ALL ALL=(ALL:ALL) ALL").user(USERNAME).build()?; let output = Command::new("sudo") .args(["-S", "-l", "-U", USERNAME]) @@ -28,7 +29,8 @@ fn when_other_user_is_self() -> Result<()> { fn other_user_has_nopasswd_tag() -> Result<()> { let other_user = "ghost"; let env = Env(format!( - "{other_user} ALL=(ALL:ALL) NOPASSWD: ALL + "Defaults !lecture +{other_user} ALL=(ALL:ALL) NOPASSWD: ALL {USERNAME} ALL=(ALL:ALL) ALL" )) .user(USERNAME) diff --git a/test-framework/sudo-compliance-tests/src/sudo/flag_list/not_allowed.rs b/test-framework/sudo-compliance-tests/src/sudo/flag_list/not_allowed.rs index bb0924128..4cf18656e 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/flag_list/not_allowed.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/flag_list/not_allowed.rs @@ -68,14 +68,16 @@ fn flag_uppercase_u_plus_command() -> Result<()> { assert!(!output.status().success()); assert_eq!(Some(1), output.status().code()); - let command = if sudo_test::is_original_sudo() { - "list/usr/bin/true" - } else { - "list true" - }; - let diagnostic = - format!("Sorry, user {USERNAME} is not allowed to execute '{command}' as {other_user} on {hostname}."); - assert_contains!(output.stderr(), diagnostic); + // This is the output of older sudo versions + if !output.stderr().contains(&format!( + "Sorry, user {USERNAME} is not allowed to execute 'list/usr/bin/true' \ + as {other_user} on {hostname}." + )) { + // This is the output of newer sudo versions and sudo-rs + let diagnostic = + format!("Sorry, user {USERNAME} is not allowed to execute 'list true' as {other_user} on {hostname}."); + assert_contains!(output.stderr(), diagnostic); + } } } diff --git a/test-framework/sudo-compliance-tests/src/sudo/lecture.rs b/test-framework/sudo-compliance-tests/src/sudo/lecture.rs index 37f179ce6..d2c781168 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/lecture.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/lecture.rs @@ -117,28 +117,6 @@ fn negation_equals_never() -> Result<()> { Ok(()) } -#[test] -fn double_negation_also_equals_never() -> Result<()> { - let env = Env([ - SUDOERS_ROOT_ALL, - SUDOERS_USER_ALL_ALL, - "Defaults !!lecture", - ]) - .user(User(USERNAME).password(PASSWORD)) - .build()?; - - let output = Command::new("sudo") - .args(["-S", "true"]) - .as_user(USERNAME) - .stdin(PASSWORD) - .output(&env)?; - - assert!(output.status().success()); - assert_not_contains!(output.stderr(), OG_SUDO_STANDARD_LECTURE); - - Ok(()) -} - /// Lectures are only shown when password is asked for #[test] fn root_user_lecture_not_shown() -> Result<()> { diff --git a/test-framework/sudo-compliance-tests/src/sudo/sudoers/include.rs b/test-framework/sudo-compliance-tests/src/sudo/sudoers/include.rs index c37d95914..a937988a4 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/sudoers/include.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/sudoers/include.rs @@ -126,7 +126,7 @@ fn include_loop_error_messages() -> Result<()> { assert!(!output.status().success()); assert_eq!(Some(1), output.status().code()); let diagnostic = if sudo_test::is_original_sudo() { - "sudo: /etc/sudoers2: too many levels of includes" + "/etc/sudoers2: too many levels of includes" } else { "sudo-rs: include file limit reached opening '/etc/sudoers2'" }; @@ -145,7 +145,7 @@ fn include_loop_not_fatal() -> Result<()> { assert!(output.status().success()); let diagnostic = if sudo_test::is_original_sudo() { - "sudo: /etc/sudoers2: too many levels of includes" + "/etc/sudoers2: too many levels of includes" } else { "sudo-rs: include file limit reached opening '/etc/sudoers2'" }; diff --git a/test-framework/sudo-compliance-tests/src/sudo/sudoers/run_as.rs b/test-framework/sudo-compliance-tests/src/sudo/sudoers/run_as.rs index 8f48ef3e7..ffa7c2412 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/sudoers/run_as.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/sudoers/run_as.rs @@ -19,22 +19,6 @@ macro_rules! assert_snapshot { } // "If both Runas_Lists are empty, the command may only be run as the invoking user." -#[test] -#[ignore = "gh134"] -fn when_empty_then_implicit_as_self_is_allowed() -> Result<()> { - let env = Env("ALL ALL=() NOPASSWD: ALL").user(USERNAME).build()?; - - for user in ["root", USERNAME] { - Command::new("sudo") - .args(["true"]) - .as_user(user) - .output(&env)? - .assert_success()?; - } - - Ok(()) -} - #[test] fn when_empty_then_explicit_as_self_is_allowed() -> Result<()> { let env = Env("ALL ALL=() NOPASSWD: ALL").user(USERNAME).build()?; @@ -293,13 +277,11 @@ fn when_both_user_and_group_are_specified_then_as_that_group_is_allowed() -> Res .group(GROUPNAME) .build()?; - for user in ["root", USERNAME] { - Command::new("sudo") - .args(["-g", GROUPNAME, "true"]) - .as_user(user) - .output(&env)? - .assert_success()?; - } + Command::new("sudo") + .args(["-g", GROUPNAME, "true"]) + .as_user(USERNAME) + .output(&env)? + .assert_success()?; Ok(()) } diff --git a/test-framework/sudo-compliance-tests/src/sudo/sudoers/runas_alias.rs b/test-framework/sudo-compliance-tests/src/sudo/sudoers/runas_alias.rs index 98200f3bd..75688da5d 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/sudoers/runas_alias.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/sudoers/runas_alias.rs @@ -292,7 +292,7 @@ fn when_only_username_is_given_group_arg_fails() -> Result<()> { fn user_and_group_works_when_one_is_passed_as_arg() -> Result<()> { let env = Env([ &format!("Runas_Alias OP = otheruser, {GROUPNAME}"), - &format!("{USERNAME} ALL = (OP:OP) NOPASSWD: ALL"), + &format!("{USERNAME} ALL = (OP,{USERNAME}:OP) NOPASSWD: ALL"), ]) .user(User(USERNAME)) .user(User("otheruser")) @@ -346,7 +346,7 @@ fn different_aliases_user_and_group_works_when_one_is_passed_as_arg() -> Result< let env = Env([ &format!("Runas_Alias GROUPALIAS = {GROUPNAME}"), ("Runas_Alias USERALIAS = otheruser"), - &format!("{USERNAME} ALL = (USERALIAS:GROUPALIAS) NOPASSWD: ALL"), + "ALL ALL = (USERALIAS:GROUPALIAS) NOPASSWD: ALL", ]) .user(USERNAME) .user("otheruser") @@ -361,7 +361,7 @@ fn different_aliases_user_and_group_works_when_one_is_passed_as_arg() -> Result< Command::new("sudo") .args(["-g", GROUPNAME, "true"]) - .as_user(USERNAME) + .as_user("otheruser") .output(&env)? .assert_success()?; diff --git a/test-framework/sudo-compliance-tests/src/sudo/timestamp.rs b/test-framework/sudo-compliance-tests/src/sudo/timestamp.rs index b43de0411..63e95248b 100644 --- a/test-framework/sudo-compliance-tests/src/sudo/timestamp.rs +++ b/test-framework/sudo-compliance-tests/src/sudo/timestamp.rs @@ -199,3 +199,27 @@ fn cached_credential_not_shared_with_self_across_ttys() -> Result<()> { Ok(()) } + +#[test] +fn double_negation_also_equals_never() -> Result<()> { + let env = Env([ + "Defaults !!use_pty".to_string(), + format!("{USERNAME} ALL=(ALL:ALL) ALL"), + ]) + .user(User(USERNAME).password(PASSWORD)) + .build()?; + + let output = Command::new("sh") + .arg("-c") + .arg(format!( + "echo {PASSWORD} | sudo -S true; sudo -u {USERNAME} sudo -n true && true" + )) + .as_user(USERNAME) + .tty(true) + .output(&env)?; + + assert!(!output.status().success()); + assert_eq!(Some(1), output.status().code()); + + Ok(()) +} diff --git a/test-framework/sudo-compliance-tests/src/visudo.rs b/test-framework/sudo-compliance-tests/src/visudo.rs index dc9b3a5d8..8c7df11bd 100644 --- a/test-framework/sudo-compliance-tests/src/visudo.rs +++ b/test-framework/sudo-compliance-tests/src/visudo.rs @@ -35,8 +35,8 @@ const TMP_SUDOERS: &str = "/tmp/sudoers"; const DEFAULT_EDITOR: &str = "/usr/bin/editor"; const LOGS_PATH: &str = "/tmp/logs.txt"; const CHMOD_EXEC: &str = "100"; -const EDITOR_TRUE: &str = "#!/bin/sh -true"; +const EDITOR_DUMMY: &str = "#!/bin/sh +echo \"#\" >> \"$2\""; #[test] fn default_editor_is_usr_bin_editor() -> Result<()> { @@ -65,7 +65,7 @@ echo '{expected}' > {LOGS_PATH}" #[test] fn creates_sudoers_file_with_default_ownership_and_perms_if_it_doesnt_exist() -> Result<()> { let env = Env("") - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("rm") @@ -205,7 +205,14 @@ echo '{expected}' >> $2"# fn stderr_message_when_file_is_not_modified() -> Result<()> { let expected = SUDOERS_ALL_ALL_NOPASSWD; let env = Env(expected) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file( + DEFAULT_EDITOR, + TextFile( + "#!/bin/sh + true", + ) + .chmod(CHMOD_EXEC), + ) .build()?; let output = Command::new("visudo").output(&env)?; @@ -346,7 +353,7 @@ cp $2 {LOGS_PATH}" fn temporary_file_is_deleted_when_done() -> Result<()> { let expected = SUDOERS_ALL_ALL_NOPASSWD; let env = Env(expected) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("visudo").output(&env)?.assert_success()?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/flag_file.rs b/test-framework/sudo-compliance-tests/src/visudo/flag_file.rs index 526184937..c1515ffb5 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/flag_file.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/flag_file.rs @@ -1,7 +1,7 @@ use sudo_test::{helpers::assert_ls_output, Command, Env, TextFile, ROOT_GROUP}; use crate::{ - visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE, ETC_SUDOERS, LOGS_PATH, TMP_SUDOERS}, + visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY, ETC_SUDOERS, LOGS_PATH, TMP_SUDOERS}, Result, SUDOERS_ALL_ALL_NOPASSWD, SUDOERS_ROOT_ALL, USERNAME, }; @@ -20,7 +20,7 @@ macro_rules! assert_snapshot { #[test] fn creates_sudoers_file_with_default_ownership_and_perms_if_it_doesnt_exist() -> Result<()> { let env = Env("") - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; let file_path = TMP_SUDOERS; @@ -192,7 +192,7 @@ echo "$@" > {LOGS_PATH}"# #[test] fn regular_user_can_create_file() -> Result<()> { let env = Env("") - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod("111")) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod("755")) .user(USERNAME) .build()?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/flag_owner.rs b/test-framework/sudo-compliance-tests/src/visudo/flag_owner.rs index aa83340c8..ebb0b8ff1 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/flag_owner.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/flag_owner.rs @@ -1,7 +1,7 @@ use sudo_test::{Command, Env, TextFile, ROOT_GROUP}; use crate::{ - visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE, ETC_SUDOERS, TMP_SUDOERS}, + visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY, ETC_SUDOERS, TMP_SUDOERS}, Result, USERNAME, }; @@ -10,7 +10,7 @@ fn when_present_changes_ownership_of_existing_file() -> Result<()> { let file_path = TMP_SUDOERS; let env = Env("") .file(file_path, TextFile("").chown("root:users").chmod("777")) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("visudo") @@ -33,7 +33,7 @@ fn when_absent_ownership_is_preserved() -> Result<()> { let file_path = TMP_SUDOERS; let env = Env("") .file(file_path, TextFile("").chown("root:users").chmod("777")) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("visudo") @@ -55,7 +55,7 @@ fn when_absent_ownership_is_preserved() -> Result<()> { fn etc_sudoers_ownership_is_always_changed() -> Result<()> { let file_path = ETC_SUDOERS; let env = Env(TextFile("").chown(format!("{USERNAME}:users")).chmod("777")) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .user(USERNAME) .build()?; @@ -79,7 +79,7 @@ fn flag_check() -> Result<()> { file_path, TextFile("").chown(format!("{USERNAME}:users")).chmod("777"), ) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .user(USERNAME) .build()?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/flag_perms.rs b/test-framework/sudo-compliance-tests/src/visudo/flag_perms.rs index 30a7cfe25..e4e42b28e 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/flag_perms.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/flag_perms.rs @@ -1,7 +1,7 @@ use sudo_test::{Command, Env, TextFile}; use crate::{ - visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE, ETC_SUDOERS, TMP_SUDOERS}, + visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY, ETC_SUDOERS, TMP_SUDOERS}, Result, USERNAME, }; @@ -10,7 +10,7 @@ fn when_present_changes_perms_of_existing_file() -> Result<()> { let file_path = TMP_SUDOERS; let env = Env("") .file(file_path, TextFile("").chmod("777")) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("visudo") @@ -33,7 +33,7 @@ fn when_absent_perms_are_preserved() -> Result<()> { let file_path = TMP_SUDOERS; let env = Env("") .file(file_path, TextFile("").chmod("777")) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("visudo") @@ -55,7 +55,7 @@ fn when_absent_perms_are_preserved() -> Result<()> { fn etc_sudoers_perms_are_always_changed() -> Result<()> { let file_path = ETC_SUDOERS; let env = Env(TextFile("").chmod("777")) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; Command::new("visudo").output(&env)?.assert_success()?; @@ -78,7 +78,7 @@ fn flag_check() -> Result<()> { file_path, TextFile("").chown(format!("{USERNAME}:users")).chmod("777"), ) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .user(USERNAME) .build()?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/flag_quiet.rs b/test-framework/sudo-compliance-tests/src/visudo/flag_quiet.rs index 59b39bfbf..07b7b654f 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/flag_quiet.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/flag_quiet.rs @@ -2,13 +2,13 @@ use sudo_test::{Command, Env, TextFile}; use crate::Result; -use super::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE}; +use super::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY}; #[test] #[ignore = "gh657"] fn supresses_syntax_error_messages() -> Result<()> { let env = Env("this is fine") - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; let output = Command::new("visudo").arg("-q").output(&env)?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/flag_strict.rs b/test-framework/sudo-compliance-tests/src/visudo/flag_strict.rs index 94e6395b4..c06654844 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/flag_strict.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/flag_strict.rs @@ -1,7 +1,7 @@ use sudo_test::{Command, Env, TextFile}; use crate::{ - visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE}, + visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY}, Result, }; @@ -9,7 +9,7 @@ use crate::{ #[ignore = "gh657"] fn undefined_alias() -> Result<()> { let env = Env(["# User_Alias ADMINS = root", "ADMINS ALL=(ALL:ALL) ALL"]) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; let output = Command::new("visudo").arg("--strict").output(&env)?; @@ -34,7 +34,7 @@ fn undefined_alias() -> Result<()> { #[test] fn alias_cycle() -> Result<()> { let env = Env(["User_Alias FOO = FOO", "FOO ALL=(ALL:ALL) ALL"]) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; let output = Command::new("visudo").arg("--strict").output(&env)?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/include.rs b/test-framework/sudo-compliance-tests/src/visudo/include.rs index 0141a820d..ac71b0add 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/include.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/include.rs @@ -1,7 +1,7 @@ use sudo_test::{Command, Env, TextFile, ETC_DIR}; use crate::{ - visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE, LOGS_PATH}, + visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY, LOGS_PATH}, Result, }; @@ -10,7 +10,7 @@ use crate::{ fn prompt() -> Result<()> { let env = Env("@include sudoers2") .file(format!("{ETC_DIR}/sudoers2"), "") - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; let output = Command::new("visudo").output(&env)?; diff --git a/test-framework/sudo-compliance-tests/src/visudo/sudoers/env_editor.rs b/test-framework/sudo-compliance-tests/src/visudo/sudoers/env_editor.rs index 9d5d4e3dc..8d2d37904 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/sudoers/env_editor.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/sudoers/env_editor.rs @@ -1,7 +1,7 @@ use sudo_test::{Command, Env, TextFile}; use crate::{ - visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_TRUE, LOGS_PATH}, + visudo::{CHMOD_EXEC, DEFAULT_EDITOR, EDITOR_DUMMY, LOGS_PATH}, Result, }; @@ -19,7 +19,7 @@ rm -f {LOGS_PATH}" )) .chmod(CHMOD_EXEC), ) - .file(DEFAULT_EDITOR, TextFile(EDITOR_TRUE).chmod(CHMOD_EXEC)) + .file(DEFAULT_EDITOR, TextFile(EDITOR_DUMMY).chmod(CHMOD_EXEC)) .build()?; for var_name in var_names { @@ -74,7 +74,7 @@ echo {unexpected} >> {LOGS_PATH}" )) .chmod(CHMOD_EXEC), ) - .file(DEFAULT_EDITOR, EDITOR_TRUE) + .file(DEFAULT_EDITOR, EDITOR_DUMMY) .build()?; Ok(Fixture { @@ -161,7 +161,7 @@ fn falls_back_to_editor_list_when_env_editor_is_not_executable() -> Result<()> { let expected = "default editor was called"; let editor_path = "/tmp/editor"; let env = Env("") - .file(editor_path, EDITOR_TRUE) + .file(editor_path, EDITOR_DUMMY) .file( DEFAULT_EDITOR, TextFile(format!( diff --git a/test-framework/sudo-compliance-tests/src/visudo/what_now_prompt.rs b/test-framework/sudo-compliance-tests/src/visudo/what_now_prompt.rs index 012869f92..5a7d4c1ce 100644 --- a/test-framework/sudo-compliance-tests/src/visudo/what_now_prompt.rs +++ b/test-framework/sudo-compliance-tests/src/visudo/what_now_prompt.rs @@ -118,16 +118,8 @@ fn on_invalid_option_prompts_again() -> Result<()> { .file(DEFAULT_EDITOR, TextFile(editor()).chmod(CHMOD_EXEC)) .build()?; - let cases = [ - (2, "?"), - (2, "abc"), - (2, "\n"), - (2, "\r\n"), - (3, "a\nb"), - (3, "\n\r"), - (2, "a\rb"), - ]; - for (expected, input) in cases { + let cases = ["?", "abc", "\n", "\r\n", "a\nb", "\n\r", "a\rb"]; + for input in cases { dbg!(input); let output = Command::new("visudo").stdin(input).output(&env)?; @@ -138,7 +130,7 @@ fn on_invalid_option_prompts_again() -> Result<()> { .filter(|line| line.starts_with("What now?")) .count(); - assert_eq!(expected, num_prompts); + assert!(num_prompts >= 2); } Ok(())