From 0f9e7f96f4b07c4c54fa067af406a99d16e30581 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Wed, 5 Mar 2008 21:52:19 +0000 Subject: [PATCH] Add mailfrom Defaults option that sets the value of the From: field in the warning/error mail. If unset the login name of the invoking user is used. --- def_data.c | 4 ++ def_data.h | 102 +++++++++++++++++++++++++------------------------ def_data.in | 3 ++ logging.c | 2 +- sudoers.cat | 64 +++++++++++++++---------------- sudoers.man.in | 8 +++- sudoers.pod | 7 ++++ 7 files changed, 106 insertions(+), 84 deletions(-) diff --git a/def_data.c b/def_data.c index 95ec82340..eed0cab8d 100644 --- a/def_data.c +++ b/def_data.c @@ -186,6 +186,10 @@ struct sudo_defs_types sudo_defs_table[] = { "mailto", T_STR|T_BOOL, "Address to send mail to: %s", NULL, + }, { + "mailfrom", T_STR|T_BOOL, + "Address to send mail from: %s", + NULL, }, { "mailsub", T_STR, "Subject line for mail messages: %s", diff --git a/def_data.h b/def_data.h index cc2ff70ec..a01f41ae3 100644 --- a/def_data.h +++ b/def_data.h @@ -80,56 +80,58 @@ #define I_MAILERFLAGS 39 #define def_mailto (sudo_defs_table[40].sd_un.str) #define I_MAILTO 40 -#define def_mailsub (sudo_defs_table[41].sd_un.str) -#define I_MAILSUB 41 -#define def_badpass_message (sudo_defs_table[42].sd_un.str) -#define I_BADPASS_MESSAGE 42 -#define def_timestampdir (sudo_defs_table[43].sd_un.str) -#define I_TIMESTAMPDIR 43 -#define def_timestampowner (sudo_defs_table[44].sd_un.str) -#define I_TIMESTAMPOWNER 44 -#define def_exempt_group (sudo_defs_table[45].sd_un.str) -#define I_EXEMPT_GROUP 45 -#define def_passprompt (sudo_defs_table[46].sd_un.str) -#define I_PASSPROMPT 46 -#define def_passprompt_override (sudo_defs_table[47].sd_un.flag) -#define I_PASSPROMPT_OVERRIDE 47 -#define def_runas_default (sudo_defs_table[48].sd_un.str) -#define I_RUNAS_DEFAULT 48 -#define def_secure_path (sudo_defs_table[49].sd_un.str) -#define I_SECURE_PATH 49 -#define def_editor (sudo_defs_table[50].sd_un.str) -#define I_EDITOR 50 -#define def_listpw (sudo_defs_table[51].sd_un.tuple) -#define I_LISTPW 51 -#define def_verifypw (sudo_defs_table[52].sd_un.tuple) -#define I_VERIFYPW 52 -#define def_noexec (sudo_defs_table[53].sd_un.flag) -#define I_NOEXEC 53 -#define def_noexec_file (sudo_defs_table[54].sd_un.str) -#define I_NOEXEC_FILE 54 -#define def_ignore_local_sudoers (sudo_defs_table[55].sd_un.flag) -#define I_IGNORE_LOCAL_SUDOERS 55 -#define def_closefrom (sudo_defs_table[56].sd_un.ival) -#define I_CLOSEFROM 56 -#define def_closefrom_override (sudo_defs_table[57].sd_un.flag) -#define I_CLOSEFROM_OVERRIDE 57 -#define def_setenv (sudo_defs_table[58].sd_un.flag) -#define I_SETENV 58 -#define def_env_reset (sudo_defs_table[59].sd_un.flag) -#define I_ENV_RESET 59 -#define def_env_check (sudo_defs_table[60].sd_un.list) -#define I_ENV_CHECK 60 -#define def_env_delete (sudo_defs_table[61].sd_un.list) -#define I_ENV_DELETE 61 -#define def_env_keep (sudo_defs_table[62].sd_un.list) -#define I_ENV_KEEP 62 -#define def_role (sudo_defs_table[63].sd_un.str) -#define I_ROLE 63 -#define def_type (sudo_defs_table[64].sd_un.str) -#define I_TYPE 64 -#define def_askpass (sudo_defs_table[65].sd_un.str) -#define I_ASKPASS 65 +#define def_mailfrom (sudo_defs_table[41].sd_un.str) +#define I_MAILFROM 41 +#define def_mailsub (sudo_defs_table[42].sd_un.str) +#define I_MAILSUB 42 +#define def_badpass_message (sudo_defs_table[43].sd_un.str) +#define I_BADPASS_MESSAGE 43 +#define def_timestampdir (sudo_defs_table[44].sd_un.str) +#define I_TIMESTAMPDIR 44 +#define def_timestampowner (sudo_defs_table[45].sd_un.str) +#define I_TIMESTAMPOWNER 45 +#define def_exempt_group (sudo_defs_table[46].sd_un.str) +#define I_EXEMPT_GROUP 46 +#define def_passprompt (sudo_defs_table[47].sd_un.str) +#define I_PASSPROMPT 47 +#define def_passprompt_override (sudo_defs_table[48].sd_un.flag) +#define I_PASSPROMPT_OVERRIDE 48 +#define def_runas_default (sudo_defs_table[49].sd_un.str) +#define I_RUNAS_DEFAULT 49 +#define def_secure_path (sudo_defs_table[50].sd_un.str) +#define I_SECURE_PATH 50 +#define def_editor (sudo_defs_table[51].sd_un.str) +#define I_EDITOR 51 +#define def_listpw (sudo_defs_table[52].sd_un.tuple) +#define I_LISTPW 52 +#define def_verifypw (sudo_defs_table[53].sd_un.tuple) +#define I_VERIFYPW 53 +#define def_noexec (sudo_defs_table[54].sd_un.flag) +#define I_NOEXEC 54 +#define def_noexec_file (sudo_defs_table[55].sd_un.str) +#define I_NOEXEC_FILE 55 +#define def_ignore_local_sudoers (sudo_defs_table[56].sd_un.flag) +#define I_IGNORE_LOCAL_SUDOERS 56 +#define def_closefrom (sudo_defs_table[57].sd_un.ival) +#define I_CLOSEFROM 57 +#define def_closefrom_override (sudo_defs_table[58].sd_un.flag) +#define I_CLOSEFROM_OVERRIDE 58 +#define def_setenv (sudo_defs_table[59].sd_un.flag) +#define I_SETENV 59 +#define def_env_reset (sudo_defs_table[60].sd_un.flag) +#define I_ENV_RESET 60 +#define def_env_check (sudo_defs_table[61].sd_un.list) +#define I_ENV_CHECK 61 +#define def_env_delete (sudo_defs_table[62].sd_un.list) +#define I_ENV_DELETE 62 +#define def_env_keep (sudo_defs_table[63].sd_un.list) +#define I_ENV_KEEP 63 +#define def_role (sudo_defs_table[64].sd_un.str) +#define I_ROLE 64 +#define def_type (sudo_defs_table[65].sd_un.str) +#define I_TYPE 65 +#define def_askpass (sudo_defs_table[66].sd_un.str) +#define I_ASKPASS 66 enum def_tupple { never, diff --git a/def_data.in b/def_data.in index 7bc862b00..ae2d78433 100644 --- a/def_data.in +++ b/def_data.in @@ -134,6 +134,9 @@ mailerflags mailto T_STR|T_BOOL "Address to send mail to: %s" +mailfrom + T_STR|T_BOOL + "Address to send mail from: %s" mailsub T_STR "Subject line for mail messages: %s" diff --git a/logging.c b/logging.c index f8dcce569..91c8431c3 100644 --- a/logging.c +++ b/logging.c @@ -510,7 +510,7 @@ send_mail(line) /* Pipes are all setup, send message via sendmail. */ (void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ", - def_mailto, user_name, "auto-generated"); + def_mailto, def_mailfrom ? def_mailfrom : user_name, "auto-generated"); for (p = def_mailsub; *p; p++) { /* Expand escapes in the subject */ if (*p == '%' && *(p+1) != '%') { diff --git a/sudoers.cat b/sudoers.cat index 71f866eb0..11ca0eaa1 100644 --- a/sudoers.cat +++ b/sudoers.cat @@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN -1.7 March 2, 2008 1 +1.7 March 5, 2008 1 @@ -127,7 +127,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 2 +1.7 March 5, 2008 2 @@ -193,7 +193,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 3 +1.7 March 5, 2008 3 @@ -259,7 +259,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 4 +1.7 March 5, 2008 4 @@ -325,7 +325,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 5 +1.7 March 5, 2008 5 @@ -391,7 +391,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 6 +1.7 March 5, 2008 6 @@ -457,7 +457,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 7 +1.7 March 5, 2008 7 @@ -523,7 +523,7 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS -1.7 March 2, 2008 8 +1.7 March 5, 2008 8 @@ -589,7 +589,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 9 +1.7 March 5, 2008 9 @@ -655,7 +655,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 10 +1.7 March 5, 2008 10 @@ -721,7 +721,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 11 +1.7 March 5, 2008 11 @@ -787,7 +787,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 12 +1.7 March 5, 2008 12 @@ -853,7 +853,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 13 +1.7 March 5, 2008 13 @@ -919,7 +919,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 14 +1.7 March 5, 2008 14 @@ -985,7 +985,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 15 +1.7 March 5, 2008 15 @@ -994,6 +994,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + mailfrom Address to use for the "from" address when sending warning + and error mail. The address should be enclosed in double + quotes (") to protect against ssuuddoo interpreting the @ sign. + Defaults to the name of the user running ssuuddoo. + mailto Address to send warning and error mail to. The address should be enclosed in double quotes (") to protect against ssuuddoo interpreting the @ sign. Defaults to root. @@ -1043,15 +1048,10 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) disabled by using the =, +=, -=, and ! operators respectively. Regardless of whether the env_reset option is enabled or disabled, variables specified by - env_check will be preserved in the environment if they - pass the aforementioned check. The default list of - environment variables to check is displayed when ssuuddoo - is run by root with the _-_V option. - -1.7 March 2, 2008 16 +1.7 March 5, 2008 16 @@ -1060,6 +1060,11 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) + env_check will be preserved in the environment if they + pass the aforementioned check. The default list of + environment variables to check is displayed when ssuuddoo + is run by root with the _-_V option. + env_delete Environment variables to be removed from the user's environment. The argument may be a double-quoted, space-separated list or a single value without dou- @@ -1112,12 +1117,7 @@ EEXXAAMMPPLLEESS - - - - - -1.7 March 2, 2008 17 +1.7 March 5, 2008 17 @@ -1183,7 +1183,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 18 +1.7 March 5, 2008 18 @@ -1249,7 +1249,7 @@ SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4) -1.7 March 2, 2008 19 +1.7 March 5, 2008 19 @@ -1315,7 +1315,7 @@ SSEECCUURRIITTYY NNOOTTEESS -1.7 March 2, 2008 20 +1.7 March 5, 2008 20 @@ -1381,7 +1381,7 @@ PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS -1.7 March 2, 2008 21 +1.7 March 5, 2008 21 @@ -1447,6 +1447,6 @@ DDIISSCCLLAAIIMMEERR -1.7 March 2, 2008 22 +1.7 March 5, 2008 22 diff --git a/sudoers.man.in b/sudoers.man.in index 41be6c5cb..c03211b7e 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -150,7 +150,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "March 2, 2008" "1.7" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "March 5, 2008" "1.7" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -1104,6 +1104,12 @@ Flags to use when invoking mailer. Defaults to \fB\-t\fR. .IX Item "mailerpath" Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. +.IP "mailfrom" 12 +.IX Item "mailfrom" +Address to use for the \*(L"from\*(R" address when sending warning and error +mail. The address should be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to +protect against \fBsudo\fR interpreting the \f(CW\*(C`@\*(C'\fR sign. Defaults to +the name of the user running \fBsudo\fR. .IP "mailto" 12 .IX Item "mailto" Address to send warning and error mail to. The address should diff --git a/sudoers.pod b/sudoers.pod index 8d11f9dee..59a1ad3e4 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -1008,6 +1008,13 @@ Flags to use when invoking mailer. Defaults to B<-t>. Path to mail program used to send warning mail. Defaults to the path to sendmail found at configure time. +=item mailfrom + +Address to use for the "from" address when sending warning and error +mail. The address should be enclosed in double quotes (C<">) to +protect against B interpreting the C<@> sign. Defaults to +the name of the user running B. + =item mailto Address to send warning and error mail to. The address should -- 2.40.0