From 292916f43c9948caced9b62018d5ff510a5e0497 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 17 Sep 2021 20:41:34 -0600
Subject: [PATCH] Test that digest matching works with LDAP sudoCommand: ALL

---
 MANIFEST                                      |  2 +
 .../sudoers/regress/testsudoers/test17.out.ok | 10 ++++
 plugins/sudoers/regress/testsudoers/test17.sh | 51 +++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 plugins/sudoers/regress/testsudoers/test17.out.ok
 create mode 100755 plugins/sudoers/regress/testsudoers/test17.sh

diff --git a/MANIFEST b/MANIFEST
index ab9403817..04f1581c7 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -940,6 +940,8 @@ plugins/sudoers/regress/testsudoers/test15.out.ok
 plugins/sudoers/regress/testsudoers/test15.sh
 plugins/sudoers/regress/testsudoers/test16.out.ok
 plugins/sudoers/regress/testsudoers/test16.sh
+plugins/sudoers/regress/testsudoers/test17.out.ok
+plugins/sudoers/regress/testsudoers/test17.sh
 plugins/sudoers/regress/testsudoers/test2.inc
 plugins/sudoers/regress/testsudoers/test2.out.ok
 plugins/sudoers/regress/testsudoers/test2.sh
diff --git a/plugins/sudoers/regress/testsudoers/test17.out.ok b/plugins/sudoers/regress/testsudoers/test17.out.ok
new file mode 100644
index 000000000..bb07d2c4b
--- /dev/null
+++ b/plugins/sudoers/regress/testsudoers/test17.out.ok
@@ -0,0 +1,10 @@
+Parses OK
+
+Entries for user root:
+
+ALL = (ALL) sha224:fIoq2MAfM/PZKTbkn9RE4VZ8YHjwnwTgE28Hxw== ALL
+	host  matched
+	runas matched
+	cmnd  allowed
+
+Command allowed
diff --git a/plugins/sudoers/regress/testsudoers/test17.sh b/plugins/sudoers/regress/testsudoers/test17.sh
new file mode 100755
index 000000000..b98b9076f
--- /dev/null
+++ b/plugins/sudoers/regress/testsudoers/test17.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# Test that digest matching works with LDAP sudoCommand: ALL
+#
+
+: ${TESTSUDOERS=testsudoers}
+
+# Create test command with known digest
+TESTDIR="`pwd`/regress/testsudoers"
+cat >"$TESTDIR/hello" <<EOF
+#!/bin/sh
+echo Hello World
+EOF
+chmod 755 "$TESTDIR/hello"
+SHA224_DIGEST="fIoq2MAfM/PZKTbkn9RE4VZ8YHjwnwTgE28Hxw=="
+
+$TESTSUDOERS -i ldif root "${TESTDIR}/hello" <<-EOF
+dn: dc=sudo,dc=ws
+objectClass: dcObject
+objectClass: organization
+dc: bigwheel
+o: Big Wheel
+description: Big Wheel
+
+# Organizational Role for Directory Manager
+dn: cn=Manager,dc=sudo,dc=ws
+objectClass: organizationalRole
+cn: Manager
+description: Directory Manager
+
+# SUDOers, sudo.ws
+dn: ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: organizationalUnit
+description: SUDO Configuration Subtree
+ou: SUDOers
+
+# root, SUDOers, sudo.ws
+dn: cn=root,ou=SUDOers,dc=sudo,dc=ws
+objectClass: top
+objectClass: sudoRole
+cn: root
+sudoUser: root
+sudoRunAs: ALL
+sudoHost: ALL
+sudoCommand: sha224:$SHA224_DIGEST ALL
+sudoOrder: 10
+EOF
+
+rm -f "$TESTDIR/hello"
+exit 0