"The umask specified in sudoers will override the user's, even if it is more permissive",
NULL,
}, {
- "script", T_FLAG,
+ "transcript", T_FLAG,
"Log a transcript of the command being run",
NULL,
}, {
#define I_FAST_GLOB 71
#define def_umask_override (sudo_defs_table[72].sd_un.flag)
#define I_UMASK_OVERRIDE 72
-#define def_script (sudo_defs_table[73].sd_un.flag)
-#define I_SCRIPT 73
+#define def_transcript (sudo_defs_table[73].sd_un.flag)
+#define I_TRANSCRIPT 73
enum def_tupple {
never,
umask_override
T_FLAG
"The umask specified in sudoers will override the user's, even if it is more permissive"
-script
+transcript
T_FLAG
"Log a transcript of the command being run"
#define EXEC 272
#define SETENV 273
#define NOSETENV 274
-#define SCRIPT 275
-#define NOSCRIPT 276
+#define TRANSCRIPT 275
+#define NOTRANSCRIPT 276
#define ALL 277
#define COMMENT 278
#define HOSTALIAS 279
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
-"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","SCRIPT","NOSCRIPT","ALL",
+"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","TRANSCRIPT","NOTRANSCRIPT","ALL",
"COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE",
"ROLE",
};
"cmndtag : cmndtag EXEC",
"cmndtag : cmndtag SETENV",
"cmndtag : cmndtag NOSETENV",
-"cmndtag : cmndtag SCRIPT",
-"cmndtag : cmndtag NOSCRIPT",
+"cmndtag : cmndtag TRANSCRIPT",
+"cmndtag : cmndtag NOTRANSCRIPT",
"cmnd : ALL",
"cmnd : ALIAS",
"cmnd : COMMAND",
if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
- if (yyvsp[0].cmndspec->tags.script == UNSPEC)
- yyvsp[0].cmndspec->tags.script = yyvsp[0].cmndspec->prev->tags.script;
+ if (yyvsp[0].cmndspec->tags.transcript == UNSPEC)
+ yyvsp[0].cmndspec->tags.transcript = yyvsp[0].cmndspec->prev->tags.transcript;
if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
(!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
case 51:
#line 428 "gram.y"
{
- yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.script = UNSPEC;
+ yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.transcript = UNSPEC;
}
break;
case 52:
case 58:
#line 449 "gram.y"
{
- yyval.tag.script = TRUE;
+ yyval.tag.transcript = TRUE;
}
break;
case 59:
#line 452 "gram.y"
{
- yyval.tag.script = FALSE;
+ yyval.tag.transcript = FALSE;
}
break;
case 60:
#define EXEC 272
#define SETENV 273
#define NOSETENV 274
-#define SCRIPT 275
-#define NOSCRIPT 276
+#define TRANSCRIPT 275
+#define NOTRANSCRIPT 276
#define ALL 277
#define COMMENT 278
#define HOSTALIAS 279
%token <tok> EXEC /* don't preload dummy execve() */
%token <tok> SETENV /* user may set environment for cmnd */
%token <tok> NOSETENV /* user may not set environment */
-%token <tok> SCRIPT /* log a transcript of the cmnd */
-%token <tok> NOSCRIPT /* don't log a transcript of the cmnd */
+%token <tok> TRANSCRIPT /* log a transcript of the cmnd */
+%token <tok> NOTRANSCRIPT /* don't log a transcript of the cmnd */
%token <tok> ALL /* ALL keyword */
%token <tok> COMMENT /* comment and/or carriage return */
%token <tok> HOSTALIAS /* Host_Alias keyword */
if ($3->tags.setenv == UNSPEC &&
$3->prev->tags.setenv != IMPLIED)
$3->tags.setenv = $3->prev->tags.setenv;
- if ($3->tags.script == UNSPEC)
- $3->tags.script = $3->prev->tags.script;
+ if ($3->tags.transcript == UNSPEC)
+ $3->tags.transcript = $3->prev->tags.transcript;
if ((tq_empty(&$3->runasuserlist) &&
tq_empty(&$3->runasgrouplist)) &&
(!tq_empty(&$3->prev->runasuserlist) ||
;
cmndtag : /* empty */ {
- $$.nopasswd = $$.noexec = $$.setenv = $$.script = UNSPEC;
+ $$.nopasswd = $$.noexec = $$.setenv = $$.transcript = UNSPEC;
}
| cmndtag NOPASSWD {
$$.nopasswd = TRUE;
| cmndtag NOSETENV {
$$.setenv = FALSE;
}
- | cmndtag SCRIPT {
- $$.script = TRUE;
+ | cmndtag TRANSCRIPT {
+ $$.transcript = TRUE;
}
- | cmndtag NOSCRIPT {
- $$.script = FALSE;
+ | cmndtag NOTRANSCRIPT {
+ $$.transcript = FALSE;
}
;
def_noexec = tags->noexec;
if (tags->setenv != UNSPEC)
def_setenv = tags->setenv;
- if (tags->script != UNSPEC)
- def_script = tags->script;
+ if (tags->transcript != UNSPEC)
+ def_transcript = tags->transcript;
}
} else if (match == DENY) {
SET(validated, VALIDATE_NOT_OK);
"PASSWD: ", NULL);
tags->nopasswd = cs->tags.nopasswd;
}
- if (TAG_CHANGED(script)) {
- lbuf_append(lbuf, cs->tags.script ? "SCRIPT: " :
+ if (TAG_CHANGED(transcript)) {
+ lbuf_append(lbuf, cs->tags.transcript ? "SCRIPT: " :
"NOSCRIPT: ", NULL);
- tags->script = cs->tags.script;
+ tags->transcript = cs->tags.transcript;
}
m = cs->cmnd;
print_member(lbuf, m->name, m->type, m->negated,
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
- tags.script = UNSPEC;
+ tags.transcript = UNSPEC;
lbuf_append(lbuf, " ", NULL);
tq_foreach_fwd(&priv->cmndlist, cs) {
if (cs != tq_first(&priv->cmndlist))
tags.noexec = UNSPEC;
tags.setenv = UNSPEC;
tags.nopasswd = UNSPEC;
- tags.script = UNSPEC;
+ tags.transcript = UNSPEC;
lbuf_print(lbuf); /* force a newline */
lbuf_append(lbuf, "Sudoers entry:", NULL);
lbuf_print(lbuf);
__signed char nopasswd;
__signed char noexec;
__signed char setenv;
- __signed char script;
+ __signed char transcript;
};
/*
}
/* Get next session ID so we can log it. */
- if (def_script && ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)))
+ if (def_transcript && ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)))
script_nextid();
log_allowed(validated);
audit_success(NewArgv);
/* Open tty as needed */
- if (def_script)
+ if (def_transcript)
script_setup();
/* Become specified user or root if executing a command. */
sudo_endgrent();
/* Move pty master/slave to low numbered fd and close the rest. */
- fd = def_script ? script_duplow(def_closefrom) : def_closefrom;
+ fd = def_transcript ? script_duplow(def_closefrom) : def_closefrom;
closefrom(fd);
#ifndef PROFILING
selinux_exec(user_role, user_type, NewArgv,
ISSET(sudo_mode, MODE_LOGIN_SHELL));
#endif
- if (def_script)
+ if (def_transcript)
script_execv(safe_cmnd, NewArgv);
else
execv(safe_cmnd, NewArgv);
sudo_endpwent();
sudo_endgrent();
}
- if (def_script)
+ if (def_transcript)
term_restore(STDIN_FILENO);
}
projects / sudo / commitdiff