mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Add passprompt_override flag to sudoers that will cause the prompt

Browse Source 
to be overridden in all cases.  This flag is also set when the
user specifies the -p flag.
This commit is contained in:
Todd C. Miller 2007-12-02 17:13:48 +00:00
parent 4efd981d68
commit 74c5dc4fad
7 changed files with 55 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
auth/pam.c
View File

@ -271,14 +271,14 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
prompt = def_prompt;
/* Only override PAM prompt if it matches /^Password: ?/ */
#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
if (std_prompt ||
if (!def_passprompt_override && (std_prompt ||
(strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:"))))
strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:")))))
prompt = pm->msg;
#else
if (std_prompt ||
if (!def_passprompt_override && (std_prompt ||
strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0'))))
prompt = pm->msg;
#endif
/* Read the password. */

5
def_data.c
View File

@ -210,11 +210,14 @@ struct sudo_defs_types sudo_defs_table[] = {
"passprompt", T_STR,
"Default password prompt: %s",
NULL,
}, {
"passprompt_override", T_FLAG,
"If set, passprompt will override system prompt in all cases.",
NULL,
}, {
"runas_default", T_STR,
"Default user to run commands as: %s",
NULL,
set_runaspw,
}, {
"secure_path", T_STR|T_BOOL,
"Value to override user's $PATH with: %s",

62
def_data.h
View File

@ -92,36 +92,38 @@
#define I_EXEMPT_GROUP 45
#define def_passprompt (sudo_defs_table[46].sd_un.str)
#define I_PASSPROMPT 46
#define def_runas_default (sudo_defs_table[47].sd_un.str)
#define I_RUNAS_DEFAULT 47
#define def_secure_path (sudo_defs_table[48].sd_un.str)
#define I_SECURE_PATH 48
#define def_editor (sudo_defs_table[49].sd_un.str)
#define I_EDITOR 49
#define def_listpw (sudo_defs_table[50].sd_un.tuple)
#define I_LISTPW 50
#define def_verifypw (sudo_defs_table[51].sd_un.tuple)
#define I_VERIFYPW 51
#define def_noexec (sudo_defs_table[52].sd_un.flag)
#define I_NOEXEC 52
#define def_noexec_file (sudo_defs_table[53].sd_un.str)
#define I_NOEXEC_FILE 53
#define def_ignore_local_sudoers (sudo_defs_table[54].sd_un.flag)
#define I_IGNORE_LOCAL_SUDOERS 54
#define def_closefrom (sudo_defs_table[55].sd_un.ival)
#define I_CLOSEFROM 55
#define def_closefrom_override (sudo_defs_table[56].sd_un.flag)
#define I_CLOSEFROM_OVERRIDE 56
#define def_setenv (sudo_defs_table[57].sd_un.flag)
#define I_SETENV 57
#define def_env_reset (sudo_defs_table[58].sd_un.flag)
#define I_ENV_RESET 58
#define def_env_check (sudo_defs_table[59].sd_un.list)
#define I_ENV_CHECK 59
#define def_env_delete (sudo_defs_table[60].sd_un.list)
#define I_ENV_DELETE 60
#define def_env_keep (sudo_defs_table[61].sd_un.list)
#define I_ENV_KEEP 61
#define def_passprompt_override (sudo_defs_table[47].sd_un.flag)
#define I_PASSPROMPT_OVERRIDE 47
#define def_runas_default (sudo_defs_table[48].sd_un.str)
#define I_RUNAS_DEFAULT 48
#define def_secure_path (sudo_defs_table[49].sd_un.str)
#define I_SECURE_PATH 49
#define def_editor (sudo_defs_table[50].sd_un.str)
#define I_EDITOR 50
#define def_listpw (sudo_defs_table[51].sd_un.tuple)
#define I_LISTPW 51
#define def_verifypw (sudo_defs_table[52].sd_un.tuple)
#define I_VERIFYPW 52
#define def_noexec (sudo_defs_table[53].sd_un.flag)
#define I_NOEXEC 53
#define def_noexec_file (sudo_defs_table[54].sd_un.str)
#define I_NOEXEC_FILE 54
#define def_ignore_local_sudoers (sudo_defs_table[55].sd_un.flag)
#define I_IGNORE_LOCAL_SUDOERS 55
#define def_closefrom (sudo_defs_table[56].sd_un.ival)
#define I_CLOSEFROM 56
#define def_closefrom_override (sudo_defs_table[57].sd_un.flag)
#define I_CLOSEFROM_OVERRIDE 57
#define def_setenv (sudo_defs_table[58].sd_un.flag)
#define I_SETENV 58
#define def_env_reset (sudo_defs_table[59].sd_un.flag)
#define I_ENV_RESET 59
#define def_env_check (sudo_defs_table[60].sd_un.list)
#define I_ENV_CHECK 60
#define def_env_delete (sudo_defs_table[61].sd_un.list)
#define I_ENV_DELETE 61
#define def_env_keep (sudo_defs_table[62].sd_un.list)
#define I_ENV_KEEP 62
enum def_tupple {
never,

3
def_data.in
View File

@ -152,6 +152,9 @@ exempt_group
passprompt
T_STR
"Default password prompt: %s"
passprompt_override
T_FLAG
"If set, passprompt will override system prompt in all cases."
runas_default
T_STR
"Default user to run commands as: %s"

1
sudo.c
View File

@ -789,6 +789,7 @@ parse_args(argc, argv)
usage(1);
user_prompt = NewArgv[1];
def_passprompt_override = TRUE;
NewArgc--;
NewArgv++;

4
sudo.pod
View File

@ -280,6 +280,10 @@ two consecutive C<%> characters are collapsed into a single C<%> character
=back
The prompt specified by the B<-p> option will override the system
password prompt on systems that support PAM unless the
I<passprompt_override> flag is disabled in I<sudoers>.
=item -S
The B<-S> (I<stdin>) option causes B<sudo> to read the password from

7
sudoers.pod
View File

@ -632,6 +632,13 @@ the user's C<PATH>, B<sudo> will tell the user that they are not
allowed to run it, which can be confusing. This flag is I<@path_info@>
by default.
=item passprompt_override
The password prompt specified by I<passprompt> will normally only
be used if the passwod prompt provided by systems such as PAM matches
the string "Password:". If I<passprompt_override> is set, I<passprompt>
will always be used. This flag is I<off> by default.
=item preserve_groups
By default B<sudo> will initialize the group vector to the list of