add comment + unit tests

Author: squell

src/sudoers/test/mod.rs

@@ -250,6 +250,10 @@ fn permission_test() {
     pass!(["a\\,b ALL=ALL"], "a,b" => request! { root, root }, "server"; "/bin/foo");
     pass!(["\"a,b\" ALL=ALL"], "a,b" => request! { root, root }, "server"; "/bin/foo");
     pass!(["\"a\\b\" ALL=ALL"], "a\\b" => request! { root, root }, "server"; "/bin/foo");
+
+    // special chacters
+    pass!(["[email protected] ALL=ALL"], "[email protected]" => request! { root, root }, "server"; "/bin/foo");
+    pass!(["fnord$ ALL=ALL"], "fnord$" => request! { root, root }, "server"; "/bin/foo");
 }
 
 #[test]
@@ -346,6 +350,12 @@ fn invalid_directive() {
     parse_eval::<ast::Sudo>("User_Alias, user Alias = user1, user2");
 }
 
+#[test]
+#[should_panic]
+fn invalid_username() {
+    parse_eval::<ast::Sudo>("User_Alias FOO = $dollar");
+}
+
 #[test]
 fn directive_test() {
     let y = parse_eval::<Spec<UserSpecifier>>;
@@ -467,6 +477,12 @@ fn specific_defaults() {
     assert!(try_parse_line("Defaults >user !use_pty").is_none());
 }
 
+#[test]
+fn at_sign_ambiguity() {
+    assert!(parse_line("Defaults@host env_keep=ALL").is_decl());
+    assert!(parse_line("defaults@host env_keep=ALL").is_spec());
+}
+
 #[test]
 fn default_specific_test() {
     let sudoers = || {

src/sudoers/tokens.rs

@@ -12,6 +12,7 @@ pub struct Username(pub SudoString);
 // See: https://systemd.io/USER_NAMES/
 impl Token for Username {
     fn construct(text: String) -> Result<Self, String> {
+        // if a '$' occurs in a username, it has to be the final character
         if let Some((_, "")) | None = text.split_once('$') {
             SudoString::new(text)
                 .map_err(|e| e.to_string())