Add compliance tests for umask

And fix Defaults !umask/Default umask=0777

Author: bjorn3

src/sudoers/mod.rs

@@ -320,7 +320,9 @@ impl Sudoers {
     }
 
     pub(crate) fn umask(&self) -> Umask {
-        if self.settings.umask_override() {
+        if self.settings.umask() == 0o777 {
+            Umask::Preserve
+        } else if self.settings.umask_override() {
             Umask::Override(
                 self.settings
                     .umask()

test-framework/sudo-compliance-tests/src/sudo.rs

@@ -28,4 +28,5 @@ mod sudo_ps1;
 mod sudoers;
 mod syslog;
 mod timestamp;
+mod umask;
 mod use_pty;

test-framework/sudo-compliance-tests/src/sudo/umask.rs

@@ -0,0 +1,53 @@
+use sudo_test::{Command, Env};
+
+use crate::SUDOERS_ALL_ALL_NOPASSWD;
+
+fn test_umask(config: &str, user_umask: &str, target_umask: &str) {
+    let env = Env([SUDOERS_ALL_ALL_NOPASSWD, config]).build();
+
+    let output = Command::new("sh")
+        .args(["-c", &format!("umask {user_umask}; sudo sh -c umask")])
+        .output(&env);
+    output.assert_success();
+
+    assert_eq!(output.stdout(), target_umask);
+}
+
+#[test]
+fn umask_unchanged() {
+    test_umask("Defaults umask=0777", "0123", "0123");
+    test_umask("Defaults !umask", "0123", "0123");
+}
+
+#[test]
+fn stricter_umask_respected() {
+    test_umask("Defaults umask=0776", "0022", "0776");
+}
+
+#[test]
+fn overlapping_umask_unioned() {
+    test_umask("Defaults umask=0770", "0022", "0772");
+}
+
+#[test]
+fn looser_umask_unchanged() {
+    test_umask("Defaults umask=0000", "0022", "0022");
+}
+
+#[test]
+fn umask_override() {
+    test_umask(
+        "Defaults umask=0700\nDefaults umask_override",
+        "0022",
+        "0700",
+    );
+}
+
+#[test]
+fn umask_override_0777() {
+    test_umask(
+        "Defaults umask=0777\nDefaults umask_override",
+        "0022",
+        "0022",
+    );
+}