From: Todd C. Miller Date: Fri, 8 Oct 1999 01:12:50 +0000 (+0000) Subject: o Add requiretty option X-Git-Tag: SUDO_1_6_0~46 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2c4fefde5add2bba86b0c31235ad86ffc8933f2f;p=sudo o Add requiretty option o Move O_NOCTTY to compat.h --- diff --git a/compat.h b/compat.h index 9dc54cf3a..6f4a1f459 100644 --- a/compat.h +++ b/compat.h @@ -155,4 +155,11 @@ # endif /* __hpux */ #endif /* HAVE_SETEUID */ +/* + * On POSIX systems, O_NOCTTY is the default so some OS's may lack this define. + */ +#ifndef O_NOCTTY +# define O_NOCTTY 0 +#endif /* O_NOCTTY */ + #endif /* _SUDO_COMPAT_H */ diff --git a/defaults.c b/defaults.c index 601d5baf8..9d6abea24 100644 --- a/defaults.c +++ b/defaults.c @@ -176,6 +176,9 @@ struct sudo_defs_types sudo_defs_table[] = { }, { "insults", T_FLAG, { 0 }, "Insult the user when they enter an incorrect password" + }, { + "requiretty", T_FLAG, { 0 }, + "Only allow the user to run sudo if they have a tty" }, { "loglinelen", T_INT, { 0 }, "Length at which to wrap log file lines (0 for no wrap): %d" diff --git a/defaults.h b/defaults.h index 7edec9129..6121cbe6c 100644 --- a/defaults.h +++ b/defaults.h @@ -98,26 +98,27 @@ struct sudo_defs_types { #define I_PATH_INFO 20 #define I_FQDN 21 #define I_INSULTS 22 +#define I_REQUIRETTY 23 /* Integer values */ -#define I_LOGLEN 23 /* wrap log file line after N chars */ -#define I_TS_TIMEOUT 24 /* timestamp stale after N minutes */ -#define I_PW_TIMEOUT 25 /* exit if pass not entered in N minutes */ -#define I_PW_TRIES 26 /* exit after N bad password tries */ -#define I_UMASK 27 /* umask to use or 0777 to use user's */ +#define I_LOGLEN 24 /* wrap log file line after N chars */ +#define I_TS_TIMEOUT 25 /* timestamp stale after N minutes */ +#define I_PW_TIMEOUT 26 /* exit if pass not entered in N minutes */ +#define I_PW_TRIES 27 /* exit after N bad password tries */ +#define I_UMASK 28 /* umask to use or 0777 to use user's */ /* Strings */ -#define I_LOGFILE 28 /* path to logfile (or NULL for none) */ -#define I_MAILERPATH 29 /* path to sendmail or other mailer */ -#define I_MAILERFLAGS 30 /* flags to pass to the mailer */ -#define I_MAILTO 31 /* who to send bitch mail to */ -#define I_MAILSUB 32 /* subject line of mail msg */ -#define I_BADPASS_MSG 33 /* what to say when passwd is wrong */ -#define I_TIMESTAMPDIR 34 /* path to timestamp dir */ -#define I_EXEMPT_GRP 35 /* no password or PATH override for these */ -#define I_PASSPROMPT 36 /* password prompt */ -#define I_RUNAS_DEF 37 /* default user to run commands as */ -#define I_SECURE_PATH 38 /* set $PATH to this if not NULL */ +#define I_LOGFILE 29 /* path to logfile (or NULL for none) */ +#define I_MAILERPATH 30 /* path to sendmail or other mailer */ +#define I_MAILERFLAGS 31 /* flags to pass to the mailer */ +#define I_MAILTO 32 /* who to send bitch mail to */ +#define I_MAILSUB 33 /* subject line of mail msg */ +#define I_BADPASS_MSG 34 /* what to say when passwd is wrong */ +#define I_TIMESTAMPDIR 35 /* path to timestamp dir */ +#define I_EXEMPT_GRP 36 /* no password or PATH override for these */ +#define I_PASSPROMPT 37 /* password prompt */ +#define I_RUNAS_DEF 38 /* default user to run commands as */ +#define I_SECURE_PATH 39 /* set $PATH to this if not NULL */ /* * Macros for accessing sudo_defs_table. diff --git a/sudo.c b/sudo.c index ce267cb4d..bf72ea2a8 100644 --- a/sudo.c +++ b/sudo.c @@ -304,6 +304,14 @@ main(argc, argv) exit(1); } + /* Bail if a tty is required and we don't have one. */ + if (def_flag(I_REQUIRETTY)) { + if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) + log_error(NO_MAIL, "sorry, you must have a tty to run sudo"); + else + (void) close(fd); + } + /* Require a password unless the NOPASS tag was set. */ if (!(validated & FLAG_NOPASS)) check_user(); diff --git a/tgetpass.c b/tgetpass.c index 7329f6402..f7fcb4772 100644 --- a/tgetpass.c +++ b/tgetpass.c @@ -77,10 +77,6 @@ #define TCSASOFT 0 #endif /* TCSASOFT */ -#ifndef O_NOCTTY -#define O_NOCTTY 0 -#endif /* O_NOCTTY */ - #ifndef lint static const char rcsid[] = "$Sudo$"; #endif /* lint */