mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 09:57:41 +00:00
Add passprompt_override flag to sudoers that will cause the prompt
to be overridden in all cases. This flag is also set when the user specifies the -p flag.
This commit is contained in:
Todd C. Miller
parent
4efd981d68
commit
74c5dc4fad
@ -271,14 +271,14 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
|
|||||||
prompt = def_prompt;
|
prompt = def_prompt;
|
||||||
/* Only override PAM prompt if it matches /^Password: ?/ */
|
/* Only override PAM prompt if it matches /^Password: ?/ */
|
||||||
#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
|
#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
|
||||||
if (std_prompt ||
|
if (!def_passprompt_override && (std_prompt ||
|
||||||
(strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
|
(strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
|
||||||
strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:"))))
|
strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:")))))
|
||||||
prompt = pm->msg;
|
prompt = pm->msg;
|
||||||
#else
|
#else
|
||||||
if (std_prompt ||
|
if (!def_passprompt_override && (std_prompt ||
|
||||||
strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
|
strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
|
||||||
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0')))
|
&& (pm->msg[9] != ' ' || pm->msg[10] != '\0'))))
|
||||||
prompt = pm->msg;
|
prompt = pm->msg;
|
||||||
#endif
|
#endif
|
||||||
/* Read the password. */
|
/* Read the password. */
|
||||||
|
|||||||
@ -210,11 +210,14 @@ struct sudo_defs_types sudo_defs_table[] = {
|
|||||||
"passprompt", T_STR,
|
"passprompt", T_STR,
|
||||||
"Default password prompt: %s",
|
"Default password prompt: %s",
|
||||||
NULL,
|
NULL,
|
||||||
|
}, {
|
||||||
|
"passprompt_override", T_FLAG,
|
||||||
|
"If set, passprompt will override system prompt in all cases.",
|
||||||
|
NULL,
|
||||||
}, {
|
}, {
|
||||||
"runas_default", T_STR,
|
"runas_default", T_STR,
|
||||||
"Default user to run commands as: %s",
|
"Default user to run commands as: %s",
|
||||||
NULL,
|
NULL,
|
||||||
set_runaspw,
|
|
||||||
}, {
|
}, {
|
||||||
"secure_path", T_STR|T_BOOL,
|
"secure_path", T_STR|T_BOOL,
|
||||||
"Value to override user's $PATH with: %s",
|
"Value to override user's $PATH with: %s",
|
||||||
|
|||||||
62
def_data.h
62
def_data.h
@ -92,36 +92,38 @@
|
|||||||
#define I_EXEMPT_GROUP 45
|
#define I_EXEMPT_GROUP 45
|
||||||
#define def_passprompt (sudo_defs_table[46].sd_un.str)
|
#define def_passprompt (sudo_defs_table[46].sd_un.str)
|
||||||
#define I_PASSPROMPT 46
|
#define I_PASSPROMPT 46
|
||||||
#define def_runas_default (sudo_defs_table[47].sd_un.str)
|
#define def_passprompt_override (sudo_defs_table[47].sd_un.flag)
|
||||||
#define I_RUNAS_DEFAULT 47
|
#define I_PASSPROMPT_OVERRIDE 47
|
||||||
#define def_secure_path (sudo_defs_table[48].sd_un.str)
|
#define def_runas_default (sudo_defs_table[48].sd_un.str)
|
||||||
#define I_SECURE_PATH 48
|
#define I_RUNAS_DEFAULT 48
|
||||||
#define def_editor (sudo_defs_table[49].sd_un.str)
|
#define def_secure_path (sudo_defs_table[49].sd_un.str)
|
||||||
#define I_EDITOR 49
|
#define I_SECURE_PATH 49
|
||||||
#define def_listpw (sudo_defs_table[50].sd_un.tuple)
|
#define def_editor (sudo_defs_table[50].sd_un.str)
|
||||||
#define I_LISTPW 50
|
#define I_EDITOR 50
|
||||||
#define def_verifypw (sudo_defs_table[51].sd_un.tuple)
|
#define def_listpw (sudo_defs_table[51].sd_un.tuple)
|
||||||
#define I_VERIFYPW 51
|
#define I_LISTPW 51
|
||||||
#define def_noexec (sudo_defs_table[52].sd_un.flag)
|
#define def_verifypw (sudo_defs_table[52].sd_un.tuple)
|
||||||
#define I_NOEXEC 52
|
#define I_VERIFYPW 52
|
||||||
#define def_noexec_file (sudo_defs_table[53].sd_un.str)
|
#define def_noexec (sudo_defs_table[53].sd_un.flag)
|
||||||
#define I_NOEXEC_FILE 53
|
#define I_NOEXEC 53
|
||||||
#define def_ignore_local_sudoers (sudo_defs_table[54].sd_un.flag)
|
#define def_noexec_file (sudo_defs_table[54].sd_un.str)
|
||||||
#define I_IGNORE_LOCAL_SUDOERS 54
|
#define I_NOEXEC_FILE 54
|
||||||
#define def_closefrom (sudo_defs_table[55].sd_un.ival)
|
#define def_ignore_local_sudoers (sudo_defs_table[55].sd_un.flag)
|
||||||
#define I_CLOSEFROM 55
|
#define I_IGNORE_LOCAL_SUDOERS 55
|
||||||
#define def_closefrom_override (sudo_defs_table[56].sd_un.flag)
|
#define def_closefrom (sudo_defs_table[56].sd_un.ival)
|
||||||
#define I_CLOSEFROM_OVERRIDE 56
|
#define I_CLOSEFROM 56
|
||||||
#define def_setenv (sudo_defs_table[57].sd_un.flag)
|
#define def_closefrom_override (sudo_defs_table[57].sd_un.flag)
|
||||||
#define I_SETENV 57
|
#define I_CLOSEFROM_OVERRIDE 57
|
||||||
#define def_env_reset (sudo_defs_table[58].sd_un.flag)
|
#define def_setenv (sudo_defs_table[58].sd_un.flag)
|
||||||
#define I_ENV_RESET 58
|
#define I_SETENV 58
|
||||||
#define def_env_check (sudo_defs_table[59].sd_un.list)
|
#define def_env_reset (sudo_defs_table[59].sd_un.flag)
|
||||||
#define I_ENV_CHECK 59
|
#define I_ENV_RESET 59
|
||||||
#define def_env_delete (sudo_defs_table[60].sd_un.list)
|
#define def_env_check (sudo_defs_table[60].sd_un.list)
|
||||||
#define I_ENV_DELETE 60
|
#define I_ENV_CHECK 60
|
||||||
#define def_env_keep (sudo_defs_table[61].sd_un.list)
|
#define def_env_delete (sudo_defs_table[61].sd_un.list)
|
||||||
#define I_ENV_KEEP 61
|
#define I_ENV_DELETE 61
|
||||||
|
#define def_env_keep (sudo_defs_table[62].sd_un.list)
|
||||||
|
#define I_ENV_KEEP 62
|
||||||
|
|
||||||
enum def_tupple {
|
enum def_tupple {
|
||||||
never,
|
never,
|
||||||
|
|||||||
@ -152,6 +152,9 @@ exempt_group
|
|||||||
passprompt
|
passprompt
|
||||||
T_STR
|
T_STR
|
||||||
"Default password prompt: %s"
|
"Default password prompt: %s"
|
||||||
|
passprompt_override
|
||||||
|
T_FLAG
|
||||||
|
"If set, passprompt will override system prompt in all cases."
|
||||||
runas_default
|
runas_default
|
||||||
T_STR
|
T_STR
|
||||||
"Default user to run commands as: %s"
|
"Default user to run commands as: %s"
|
||||||
|
|||||||
1
sudo.c
1
sudo.c
@ -789,6 +789,7 @@ parse_args(argc, argv)
|
|||||||
usage(1);
|
usage(1);
|
||||||
|
|
||||||
user_prompt = NewArgv[1];
|
user_prompt = NewArgv[1];
|
||||||
|
def_passprompt_override = TRUE;
|
||||||
|
|
||||||
NewArgc--;
|
NewArgc--;
|
||||||
NewArgv++;
|
NewArgv++;
|
||||||
|
|||||||
4
sudo.pod
4
sudo.pod
@ -280,6 +280,10 @@ two consecutive C<%> characters are collapsed into a single C<%> character
|
|||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
|
The prompt specified by the B<-p> option will override the system
|
||||||
|
password prompt on systems that support PAM unless the
|
||||||
|
I<passprompt_override> flag is disabled in I<sudoers>.
|
||||||
|
|
||||||
=item -S
|
=item -S
|
||||||
|
|
||||||
The B<-S> (I<stdin>) option causes B<sudo> to read the password from
|
The B<-S> (I<stdin>) option causes B<sudo> to read the password from
|
||||||
|
|||||||
@ -632,6 +632,13 @@ the user's C<PATH>, B<sudo> will tell the user that they are not
|
|||||||
allowed to run it, which can be confusing. This flag is I<@path_info@>
|
allowed to run it, which can be confusing. This flag is I<@path_info@>
|
||||||
by default.
|
by default.
|
||||||
|
|
||||||
|
=item passprompt_override
|
||||||
|
|
||||||
|
The password prompt specified by I<passprompt> will normally only
|
||||||
|
be used if the passwod prompt provided by systems such as PAM matches
|
||||||
|
the string "Password:". If I<passprompt_override> is set, I<passprompt>
|
||||||
|
will always be used. This flag is I<off> by default.
|
||||||
|
|
||||||
=item preserve_groups
|
=item preserve_groups
|
||||||
|
|
||||||
By default B<sudo> will initialize the group vector to the list of
|
By default B<sudo> will initialize the group vector to the list of
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user