From b289f738706795b320563968ad8eb8e61da7431b Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 5 Jan 2004 01:12:22 +0000 Subject: [PATCH] Add a new option, lecture_file, that can be used to point to a custom sudo lecture. --- check.c | 10 ++- def_data.c | 3 + def_data.h | 170 +++++++++++++++++++++++++------------------------ def_data.in | 3 + sudoers.man.in | 6 +- sudoers.pod | 4 ++ 6 files changed, 110 insertions(+), 86 deletions(-) diff --git a/check.c b/check.c index b2cf13e25..8c9198448 100644 --- a/check.c +++ b/check.c @@ -134,18 +134,26 @@ static void lecture(status) int status; { + FILE *fp; + char buf[BUFSIZ]; + ssize_t nread; if (def_lecture == never || (def_lecture == once && status != TS_MISSING && status != TS_ERROR)) return; - (void) fputs("\n\ + if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) { + while ((nread = fread(buf, sizeof(char), sizeof(buf), fp)) != 0) + fwrite(buf, nread, 1, stderr); + } else { + (void) fputs("\n\ We trust you have received the usual lecture from the local System\n\ Administrator. It usually boils down to these two things:\n\ \n\ #1) Respect the privacy of others.\n\ #2) Think before you type.\n\n", stderr); + } } /* diff --git a/def_data.c b/def_data.c index 4ec5b29a7..135df092e 100644 --- a/def_data.c +++ b/def_data.c @@ -59,6 +59,9 @@ struct sudo_defs_types sudo_defs_table[] = { "lecture", T_TUPLE|T_BOOL, "Lecture user the first time they run sudo", def_data_lecture, + }, { + "lecture_file", T_STR|T_PATH|T_BOOL, + "Path to a file containing the sudo lecture: %s", }, { "authenticate", T_FLAG, "Require users to authenticate by default", diff --git a/def_data.h b/def_data.h index d51e021d2..3ed1a2f73 100644 --- a/def_data.h +++ b/def_data.h @@ -22,90 +22,92 @@ #define I_TTY_TICKETS 10 #define def_lecture (sudo_defs_table[11].sd_un.tuple) #define I_LECTURE 11 -#define def_authenticate (sudo_defs_table[12].sd_un.flag) -#define I_AUTHENTICATE 12 -#define def_root_sudo (sudo_defs_table[13].sd_un.flag) -#define I_ROOT_SUDO 13 -#define def_log_host (sudo_defs_table[14].sd_un.flag) -#define I_LOG_HOST 14 -#define def_log_year (sudo_defs_table[15].sd_un.flag) -#define I_LOG_YEAR 15 -#define def_shell_noargs (sudo_defs_table[16].sd_un.flag) -#define I_SHELL_NOARGS 16 -#define def_set_home (sudo_defs_table[17].sd_un.flag) -#define I_SET_HOME 17 -#define def_always_set_home (sudo_defs_table[18].sd_un.flag) -#define I_ALWAYS_SET_HOME 18 -#define def_path_info (sudo_defs_table[19].sd_un.flag) -#define I_PATH_INFO 19 -#define def_fqdn (sudo_defs_table[20].sd_un.flag) -#define I_FQDN 20 -#define def_insults (sudo_defs_table[21].sd_un.flag) -#define I_INSULTS 21 -#define def_requiretty (sudo_defs_table[22].sd_un.flag) -#define I_REQUIRETTY 22 -#define def_env_editor (sudo_defs_table[23].sd_un.flag) -#define I_ENV_EDITOR 23 -#define def_rootpw (sudo_defs_table[24].sd_un.flag) -#define I_ROOTPW 24 -#define def_runaspw (sudo_defs_table[25].sd_un.flag) -#define I_RUNASPW 25 -#define def_targetpw (sudo_defs_table[26].sd_un.flag) -#define I_TARGETPW 26 -#define def_use_loginclass (sudo_defs_table[27].sd_un.flag) -#define I_USE_LOGINCLASS 27 -#define def_set_logname (sudo_defs_table[28].sd_un.flag) -#define I_SET_LOGNAME 28 -#define def_stay_setuid (sudo_defs_table[29].sd_un.flag) -#define I_STAY_SETUID 29 -#define def_env_reset (sudo_defs_table[30].sd_un.flag) -#define I_ENV_RESET 30 -#define def_preserve_groups (sudo_defs_table[31].sd_un.flag) -#define I_PRESERVE_GROUPS 31 -#define def_loglinelen (sudo_defs_table[32].sd_un.ival) -#define I_LOGLINELEN 32 -#define def_timestamp_timeout (sudo_defs_table[33].sd_un.ival) -#define I_TIMESTAMP_TIMEOUT 33 -#define def_passwd_timeout (sudo_defs_table[34].sd_un.ival) -#define I_PASSWD_TIMEOUT 34 -#define def_passwd_tries (sudo_defs_table[35].sd_un.ival) -#define I_PASSWD_TRIES 35 -#define def_umask (sudo_defs_table[36].sd_un.mode) -#define I_UMASK 36 -#define def_logfile (sudo_defs_table[37].sd_un.str) -#define I_LOGFILE 37 -#define def_mailerpath (sudo_defs_table[38].sd_un.str) -#define I_MAILERPATH 38 -#define def_mailerflags (sudo_defs_table[39].sd_un.str) -#define I_MAILERFLAGS 39 -#define def_mailto (sudo_defs_table[40].sd_un.str) -#define I_MAILTO 40 -#define def_mailsub (sudo_defs_table[41].sd_un.str) -#define I_MAILSUB 41 -#define def_badpass_message (sudo_defs_table[42].sd_un.str) -#define I_BADPASS_MESSAGE 42 -#define def_timestampdir (sudo_defs_table[43].sd_un.str) -#define I_TIMESTAMPDIR 43 -#define def_timestampowner (sudo_defs_table[44].sd_un.str) -#define I_TIMESTAMPOWNER 44 -#define def_exempt_group (sudo_defs_table[45].sd_un.str) -#define I_EXEMPT_GROUP 45 -#define def_passprompt (sudo_defs_table[46].sd_un.str) -#define I_PASSPROMPT 46 -#define def_runas_default (sudo_defs_table[47].sd_un.str) -#define I_RUNAS_DEFAULT 47 -#define def_editor (sudo_defs_table[48].sd_un.str) -#define I_EDITOR 48 -#define def_env_check (sudo_defs_table[49].sd_un.list) -#define I_ENV_CHECK 49 -#define def_env_delete (sudo_defs_table[50].sd_un.list) -#define I_ENV_DELETE 50 -#define def_env_keep (sudo_defs_table[51].sd_un.list) -#define I_ENV_KEEP 51 -#define def_listpw (sudo_defs_table[52].sd_un.tuple) -#define I_LISTPW 52 -#define def_verifypw (sudo_defs_table[53].sd_un.tuple) -#define I_VERIFYPW 53 +#define def_lecture_file (sudo_defs_table[12].sd_un.str) +#define I_LECTURE_FILE 12 +#define def_authenticate (sudo_defs_table[13].sd_un.flag) +#define I_AUTHENTICATE 13 +#define def_root_sudo (sudo_defs_table[14].sd_un.flag) +#define I_ROOT_SUDO 14 +#define def_log_host (sudo_defs_table[15].sd_un.flag) +#define I_LOG_HOST 15 +#define def_log_year (sudo_defs_table[16].sd_un.flag) +#define I_LOG_YEAR 16 +#define def_shell_noargs (sudo_defs_table[17].sd_un.flag) +#define I_SHELL_NOARGS 17 +#define def_set_home (sudo_defs_table[18].sd_un.flag) +#define I_SET_HOME 18 +#define def_always_set_home (sudo_defs_table[19].sd_un.flag) +#define I_ALWAYS_SET_HOME 19 +#define def_path_info (sudo_defs_table[20].sd_un.flag) +#define I_PATH_INFO 20 +#define def_fqdn (sudo_defs_table[21].sd_un.flag) +#define I_FQDN 21 +#define def_insults (sudo_defs_table[22].sd_un.flag) +#define I_INSULTS 22 +#define def_requiretty (sudo_defs_table[23].sd_un.flag) +#define I_REQUIRETTY 23 +#define def_env_editor (sudo_defs_table[24].sd_un.flag) +#define I_ENV_EDITOR 24 +#define def_rootpw (sudo_defs_table[25].sd_un.flag) +#define I_ROOTPW 25 +#define def_runaspw (sudo_defs_table[26].sd_un.flag) +#define I_RUNASPW 26 +#define def_targetpw (sudo_defs_table[27].sd_un.flag) +#define I_TARGETPW 27 +#define def_use_loginclass (sudo_defs_table[28].sd_un.flag) +#define I_USE_LOGINCLASS 28 +#define def_set_logname (sudo_defs_table[29].sd_un.flag) +#define I_SET_LOGNAME 29 +#define def_stay_setuid (sudo_defs_table[30].sd_un.flag) +#define I_STAY_SETUID 30 +#define def_env_reset (sudo_defs_table[31].sd_un.flag) +#define I_ENV_RESET 31 +#define def_preserve_groups (sudo_defs_table[32].sd_un.flag) +#define I_PRESERVE_GROUPS 32 +#define def_loglinelen (sudo_defs_table[33].sd_un.ival) +#define I_LOGLINELEN 33 +#define def_timestamp_timeout (sudo_defs_table[34].sd_un.ival) +#define I_TIMESTAMP_TIMEOUT 34 +#define def_passwd_timeout (sudo_defs_table[35].sd_un.ival) +#define I_PASSWD_TIMEOUT 35 +#define def_passwd_tries (sudo_defs_table[36].sd_un.ival) +#define I_PASSWD_TRIES 36 +#define def_umask (sudo_defs_table[37].sd_un.mode) +#define I_UMASK 37 +#define def_logfile (sudo_defs_table[38].sd_un.str) +#define I_LOGFILE 38 +#define def_mailerpath (sudo_defs_table[39].sd_un.str) +#define I_MAILERPATH 39 +#define def_mailerflags (sudo_defs_table[40].sd_un.str) +#define I_MAILERFLAGS 40 +#define def_mailto (sudo_defs_table[41].sd_un.str) +#define I_MAILTO 41 +#define def_mailsub (sudo_defs_table[42].sd_un.str) +#define I_MAILSUB 42 +#define def_badpass_message (sudo_defs_table[43].sd_un.str) +#define I_BADPASS_MESSAGE 43 +#define def_timestampdir (sudo_defs_table[44].sd_un.str) +#define I_TIMESTAMPDIR 44 +#define def_timestampowner (sudo_defs_table[45].sd_un.str) +#define I_TIMESTAMPOWNER 45 +#define def_exempt_group (sudo_defs_table[46].sd_un.str) +#define I_EXEMPT_GROUP 46 +#define def_passprompt (sudo_defs_table[47].sd_un.str) +#define I_PASSPROMPT 47 +#define def_runas_default (sudo_defs_table[48].sd_un.str) +#define I_RUNAS_DEFAULT 48 +#define def_editor (sudo_defs_table[49].sd_un.str) +#define I_EDITOR 49 +#define def_env_check (sudo_defs_table[50].sd_un.list) +#define I_ENV_CHECK 50 +#define def_env_delete (sudo_defs_table[51].sd_un.list) +#define I_ENV_DELETE 51 +#define def_env_keep (sudo_defs_table[52].sd_un.list) +#define I_ENV_KEEP 52 +#define def_listpw (sudo_defs_table[53].sd_un.tuple) +#define I_LISTPW 53 +#define def_verifypw (sudo_defs_table[54].sd_un.tuple) +#define I_VERIFYPW 54 enum def_tupple { never, diff --git a/def_data.in b/def_data.in index 66710616e..eadb80358 100644 --- a/def_data.in +++ b/def_data.in @@ -44,6 +44,9 @@ lecture T_TUPLE|T_BOOL "Lecture user the first time they run sudo" never once always +lecture_file + T_STR|T_PATH|T_BOOL + "Path to a file containing the sudo lecture: %s" authenticate T_FLAG "Require users to authenticate by default" diff --git a/sudoers.man.in b/sudoers.man.in index fe82d626c..9f38af1d4 100644 --- a/sudoers.man.in +++ b/sudoers.man.in @@ -167,7 +167,7 @@ .\" ======================================================================== .\" .IX Title "SUDOERS @mansectform@" -.TH SUDOERS @mansectform@ "December 30, 2003" "1.6.8" "MAINTENANCE COMMANDS" +.TH SUDOERS @mansectform@ "January 4, 2004" "1.6.8" "MAINTENANCE COMMANDS" .SH "NAME" sudoers \- list of which users may execute what .SH "DESCRIPTION" @@ -706,6 +706,10 @@ Always lecture the user. .Sp The default value is \fI@lecture@\fR. .RE +.IP "lecture_file" 12 +.IX Item "lecture_file" +Path to a file containing an alternate sudo lecture that will +be used in place of the standard lecture if the named file exists. .IP "logfile" 12 .IX Item "logfile" Path to the \fBsudo\fR log file (not the syslog log file). Setting a path diff --git a/sudoers.pod b/sudoers.pod index 655eae4ff..78edcc0e6 100644 --- a/sudoers.pod +++ b/sudoers.pod @@ -609,6 +609,10 @@ Always lecture the user. The default value is I<@lecture@>. +=item lecture_file + +Path to a file containing an alternate sudo lecture that will +be used in place of the standard lecture if the named file exists. =item logfile -- 2.40.0