From 10d83e2cb4adf3265910a89634768982c39a1017 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 10 Jun 2010 17:16:27 -0400 Subject: [PATCH] Attempt to handle a default password prompt timeout of zero more gracefully. --- doc/sudo.man.in | 13 ++++++++----- doc/sudo.man.pl | 5 ++++- doc/sudo.pod | 8 ++++---- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 92cfb4d42..165ff0d6a 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -21,6 +21,7 @@ .nr SL @SEMAN@ .nr BA @BAMAN@ .nr LC @LCMAN@ +.nr PT @password_timeout@ .\" .\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" @@ -148,7 +149,7 @@ .\" ======================================================================== .\" .IX Title "SUDO @mansectsu@" -.TH SUDO @mansectsu@ "June 9, 2010" "1.8.0a2" "MAINTENANCE COMMANDS" +.TH SUDO @mansectsu@ "June 10, 2010" "1.8.0a2" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -209,10 +210,12 @@ is implied. .PP \&\fBsudo\fR determines who is an authorized user by consulting the file \&\fI@sysconfdir@/sudoers\fR. By running \fBsudo\fR with the \fB\-v\fR option, -a user can update the time stamp without running a \fIcommand\fR. The -password prompt itself will also time out if the user's password -is not entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden -via \fIsudoers\fR). +a user can update the time stamp without running a \fIcommand\fR. If +a password is required, \fBsudo\fR will exit if the user's password +is not entered within a configurable time limit. The default +password prompt timeout is +.ie \n(PT \f(CW\*(C`@password_timeout@\*(C'\fR minutes. +.el unlimited. .PP If a user who is not listed in the \fIsudoers\fR file tries to run a command via \fBsudo\fR, mail is sent to the proper authorities, as diff --git a/doc/sudo.man.pl b/doc/sudo.man.pl index 2306c7c0f..e8e6125af 100644 --- a/doc/sudo.man.pl +++ b/doc/sudo.man.pl @@ -7,7 +7,7 @@ BEGIN { # Initialize the numeric register we use for conditionals if ($cond == -1) { - $_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.\\\"\n$_"; + $_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.nr PT \@password_timeout\@\n.\\\"\n$_"; $cond = 0; } @@ -30,3 +30,6 @@ if (/-a.*auth_type/) { # Fix up broken pod2man formatting of F<@foo@/bar> s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g; + +# Try to deal sensibly with password_timeout being set to 0 by default +s/([^ ]*\@password_timeout\@[^ ]* minutes.$)/\n.ie \\n(PT $1\n.el unlimited./; diff --git a/doc/sudo.pod b/doc/sudo.pod index 2ae1ae41c..5dc77b0f7 100644 --- a/doc/sudo.pod +++ b/doc/sudo.pod @@ -79,10 +79,10 @@ is implied. B determines who is an authorized user by consulting the file F<@sysconfdir@/sudoers>. By running B with the B<-v> option, -a user can update the time stamp without running a I. The -password prompt itself will also time out if the user's password -is not entered within C<@password_timeout@> minutes (unless overridden -via I). +a user can update the time stamp without running a I. If +a password is required, B will exit if the user's password +is not entered within a configurable time limit. The default +password prompt timeout is C<@password_timeout@> minutes. If a user who is not listed in the I file tries to run a command via B, mail is sent to the proper authorities, as -- 2.40.0