o Add requiretty option

o Move O_NOCTTY to compat.h

compat.h

@@ -155,4 +155,11 @@
 # endif /* __hpux */
 #endif /* HAVE_SETEUID */
 
+/*
+ * On POSIX systems, O_NOCTTY is the default so some OS's may lack this define.
+ */
+#ifndef O_NOCTTY
+# define O_NOCTTY	0
+#endif /* O_NOCTTY */
+
 #endif /* _SUDO_COMPAT_H */

defaults.c

@@ -176,6 +176,9 @@ struct sudo_defs_types sudo_defs_table[] = {
     }, {
 	"insults", T_FLAG, { 0 },
 	"Insult the user when they enter an incorrect password"
+    }, {
+	"requiretty", T_FLAG, { 0 },
+	"Only allow the user to run sudo if they have a tty"
     }, {
 	"loglinelen", T_INT, { 0 },
 	"Length at which to wrap log file lines (0 for no wrap): %d"

defaults.h

@@ -98,26 +98,27 @@ struct sudo_defs_types {
 #define I_PATH_INFO		20
 #define I_FQDN			21
 #define I_INSULTS		22
+#define I_REQUIRETTY		23
 
 /* Integer values */
-#define	I_LOGLEN	23	/* wrap log file line after N chars */
+#define	I_LOGLEN	24	/* wrap log file line after N chars */
-#define	I_TS_TIMEOUT	24	/* timestamp stale after N minutes */
+#define	I_TS_TIMEOUT	25	/* timestamp stale after N minutes */
-#define	I_PW_TIMEOUT	25	/* exit if pass not entered in N minutes */
+#define	I_PW_TIMEOUT	26	/* exit if pass not entered in N minutes */
-#define	I_PW_TRIES	26	/* exit after N bad password tries */
+#define	I_PW_TRIES	27	/* exit after N bad password tries */
-#define	I_UMASK		27	/* umask to use or 0777 to use user's */
+#define	I_UMASK		28	/* umask to use or 0777 to use user's */
 
 /* Strings */
-#define	I_LOGFILE	28	/* path to logfile (or NULL for none) */
+#define	I_LOGFILE	29	/* path to logfile (or NULL for none) */
-#define	I_MAILERPATH	29	/* path to sendmail or other mailer */
+#define	I_MAILERPATH	30	/* path to sendmail or other mailer */
-#define	I_MAILERFLAGS	30	/* flags to pass to the mailer */
+#define	I_MAILERFLAGS	31	/* flags to pass to the mailer */
-#define	I_MAILTO	31	/* who to send bitch mail to */
+#define	I_MAILTO	32	/* who to send bitch mail to */
-#define	I_MAILSUB	32	/* subject line of mail msg */
+#define	I_MAILSUB	33	/* subject line of mail msg */
-#define	I_BADPASS_MSG	33	/* what to say when passwd is wrong */
+#define	I_BADPASS_MSG	34	/* what to say when passwd is wrong */
-#define	I_TIMESTAMPDIR	34	/* path to timestamp dir */
+#define	I_TIMESTAMPDIR	35	/* path to timestamp dir */
-#define	I_EXEMPT_GRP	35	/* no password or PATH override for these */
+#define	I_EXEMPT_GRP	36	/* no password or PATH override for these */
-#define	I_PASSPROMPT	36	/* password prompt */
+#define	I_PASSPROMPT	37	/* password prompt */
-#define	I_RUNAS_DEF	37	/* default user to run commands as */
+#define	I_RUNAS_DEF	38	/* default user to run commands as */
-#define	I_SECURE_PATH	38	/* set $PATH to this if not NULL */
+#define	I_SECURE_PATH	39	/* set $PATH to this if not NULL */
 
 /*
  * Macros for accessing sudo_defs_table.

sudo.c

@@ -304,6 +304,14 @@ main(argc, argv)
 	exit(1);
     }
 
+    /* Bail if a tty is required and we don't have one.  */
+    if (def_flag(I_REQUIRETTY)) {
+	if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
+	    log_error(NO_MAIL, "sorry, you must have a tty to run sudo");
+	else
+	    (void) close(fd);
+    }
+
     /* Require a password unless the NOPASS tag was set.  */
     if (!(validated & FLAG_NOPASS))
 	check_user();

tgetpass.c

@@ -77,10 +77,6 @@
 #define TCSASOFT	0
 #endif /* TCSASOFT */
 
-#ifndef O_NOCTTY
-#define O_NOCTTY	0
-#endif /* O_NOCTTY */
-
 #ifndef lint
 static const char rcsid[] = "$Sudo$";
 #endif /* lint */