1#!/usr/libexec/flua 2--- 3-- SPDX-License-Identifier: BSD-2-Clause 4-- 5-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org> 6 7local n = require("nuage") 8 9local root = os.getenv("NUAGE_FAKE_ROOTDIR") 10if not root then 11 root = "" 12end 13 14local function get_localbase() 15 local f = io.popen("sysctl -in user.localbase 2> /dev/null") 16 local lb = f:read("*l") 17 f:close() 18 if lb == nil or lb:len() == 0 then 19 lb = "/usr/local" 20 end 21 return lb 22end 23 24local function read_doasconf() 25 local path = root .. get_localbase() .. "/etc/doas.conf" 26 local f = io.open(path, "r") 27 if not f then 28 return nil 29 end 30 local content = f:read("*a") 31 f:close() 32 return content 33end 34 35-- test with a single string rule with %u substitution 36n.adddoas({ name = "testuser", doas = "permit persist %u as root" }) 37local content = read_doasconf() 38if not content then 39 n.err("doas.conf not created") 40end 41if content ~= "permit persist testuser as root\n" then 42 n.err("unexpected doas.conf content with %u: '" .. content .. "'") 43end 44 45-- remove file for next test 46os.remove(root .. get_localbase() .. "/etc/doas.conf") 47 48-- test with a table of rules 49n.adddoas({ 50 name = "testuser", 51 doas = { 52 "deny %u as foobar", 53 "permit persist %u as root cmd whoami" 54 } 55}) 56content = read_doasconf() 57if not content then 58 n.err("doas.conf not created for table") 59end 60if content ~= "deny testuser as foobar\npermit persist testuser as root cmd whoami\n" then 61 n.err("unexpected doas.conf content for table: '" .. content .. "'") 62end 63 64os.exit(0) 65