}, {
"insults", T_FLAG, { 0 },
"Insult the user when they enter an incorrect password"
+ }, {
+ "requiretty", T_FLAG, { 0 },
+ "Only allow the user to run sudo if they have a tty"
}, {
"loglinelen", T_INT, { 0 },
"Length at which to wrap log file lines (0 for no wrap): %d"
#define I_PATH_INFO 20
#define I_FQDN 21
#define I_INSULTS 22
+#define I_REQUIRETTY 23
/* Integer values */
-#define I_LOGLEN 23 /* wrap log file line after N chars */
-#define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */
-#define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */
-#define I_PW_TRIES 26 /* exit after N bad password tries */
-#define I_UMASK 27 /* umask to use or 0777 to use user's */
+#define I_LOGLEN 24 /* wrap log file line after N chars */
+#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */
+#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */
+#define I_PW_TRIES 27 /* exit after N bad password tries */
+#define I_UMASK 28 /* umask to use or 0777 to use user's */
/* Strings */
-#define I_LOGFILE 28 /* path to logfile (or NULL for none) */
-#define I_MAILERPATH 29 /* path to sendmail or other mailer */
-#define I_MAILERFLAGS 30 /* flags to pass to the mailer */
-#define I_MAILTO 31 /* who to send bitch mail to */
-#define I_MAILSUB 32 /* subject line of mail msg */
-#define I_BADPASS_MSG 33 /* what to say when passwd is wrong */
-#define I_TIMESTAMPDIR 34 /* path to timestamp dir */
-#define I_EXEMPT_GRP 35 /* no password or PATH override for these */
-#define I_PASSPROMPT 36 /* password prompt */
-#define I_RUNAS_DEF 37 /* default user to run commands as */
-#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */
+#define I_LOGFILE 29 /* path to logfile (or NULL for none) */
+#define I_MAILERPATH 30 /* path to sendmail or other mailer */
+#define I_MAILERFLAGS 31 /* flags to pass to the mailer */
+#define I_MAILTO 32 /* who to send bitch mail to */
+#define I_MAILSUB 33 /* subject line of mail msg */
+#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */
+#define I_TIMESTAMPDIR 35 /* path to timestamp dir */
+#define I_EXEMPT_GRP 36 /* no password or PATH override for these */
+#define I_PASSPROMPT 37 /* password prompt */
+#define I_RUNAS_DEF 38 /* default user to run commands as */
+#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */
/*
* Macros for accessing sudo_defs_table.
exit(1);
}
+ /* Bail if a tty is required and we don't have one. */
+ if (def_flag(I_REQUIRETTY)) {
+ if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
+ log_error(NO_MAIL, "sorry, you must have a tty to run sudo");
+ else
+ (void) close(fd);
+ }
+
/* Require a password unless the NOPASS tag was set. */
if (!(validated & FLAG_NOPASS))
check_user();
projects / sudo / commitdiff