From c86a6a23ad9e315eb8622cb54603a15d8939d0fb Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 16 Feb 2017 09:58:18 -0700 Subject: [PATCH] Add a command line option to specify the command timeout, as long as sudoers does not specify a shorter time limit. --- doc/sudo.cat | 15 +++++--- doc/sudo.man.in | 15 ++++++-- doc/sudo.mdoc.in | 14 ++++++-- doc/sudoers.cat | 14 +++++++- doc/sudoers.man.in | 18 +++++++++- doc/sudoers.mdoc.in | 17 ++++++++- plugins/sudoers/def_data.c | 4 +++ plugins/sudoers/def_data.h | 2 ++ plugins/sudoers/def_data.in | 3 ++ plugins/sudoers/policy.c | 20 +++++++++-- plugins/sudoers/sudoers.c | 9 ++++- plugins/sudoers/sudoers.h | 2 ++ src/parse_args.c | 70 +++++++++++++++++++++---------------- src/sudo_usage.h.in | 7 ++-- 14 files changed, 162 insertions(+), 48 deletions(-) diff --git a/doc/sudo.cat b/doc/sudo.cat index b0feef113..76607c17e 100644 --- a/doc/sudo.cat +++ b/doc/sudo.cat @@ -9,10 +9,10 @@ SSYYNNOOPPSSIISS ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r] [--uu _u_s_e_r] [_c_o_m_m_a_n_d] ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] - [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [_V_A_R=_v_a_l_u_e] [--ii | --ss] - [_c_o_m_m_a_n_d] + [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--TT _t_i_m_e_o_u_t] [--uu _u_s_e_r] [_V_A_R=_v_a_l_u_e] + [--ii | --ss] [_c_o_m_m_a_n_d] ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] - [--pp _p_r_o_m_p_t] [--uu _u_s_e_r] _f_i_l_e _._._. + [--pp _p_r_o_m_p_t] [--TT _t_i_m_e_o_u_t] [--uu _u_s_e_r] _f_i_l_e _._._. DDEESSCCRRIIPPTTIIOONN ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or @@ -293,6 +293,13 @@ DDEESSCCRRIIPPTTIIOONN _s_u_d_o_e_r_s policy only allows root or a user with the ALL privilege on the current host to use this option. + --TT _t_i_m_e_o_u_t, ----ccoommmmaanndd--ttiimmeeoouutt=_t_i_m_e_o_u_t + Used to set a timeout for the command. If the timeout + expires before the command has exited, the command will be + terminated. The security policy may restrict the ability to + set command timeouts. The _s_u_d_o_e_r_s policy requires that user- + specified timeouts be explicitly enabled. + --uu _u_s_e_r, ----uusseerr=_u_s_e_r Run the command as a user other than the default target user (usually _r_o_o_t). The _u_s_e_r may be either a user name or a @@ -621,4 +628,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.19 January 19, 2016 Sudo 1.8.19 +Sudo 1.8.20 February 16, 2017 Sudo 1.8.20 diff --git a/doc/sudo.man.in b/doc/sudo.man.in index 927b46d9f..c4e6d38fb 100644 --- a/doc/sudo.man.in +++ b/doc/sudo.man.in @@ -1,7 +1,7 @@ .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDO" "8" "January 19, 2016" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" +.TH "SUDO" "8" "February 16, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .nh .if n .ad l .SH "NAME" @@ -66,6 +66,7 @@ [\fB\-p\fR\ \fIprompt\fR] [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR] +[\fB\-T\fR\ \fItimeout\fR] [\fB\-u\fR\ \fIuser\fR] [\fIVAR\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] @@ -80,6 +81,7 @@ [\fB\-g\fR\ \fIgroup\fR] [\fB\-h\fR\ \fIhost\fR] [\fB\-p\fR\ \fIprompt\fR] +[\fB\-T\fR\ \fItimeout\fR] [\fB\-u\fR\ \fIuser\fR] \fIfile\ ...\fR .PD @@ -564,6 +566,15 @@ policy only allows root or a user with the \fRALL\fR privilege on the current host to use this option. .TP 12n +\fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR +Used to set a timeout for the command. +If the timeout expires before the command has exited, the +command will be terminated. +The security policy may restrict the ability to set command timeouts. +The +\fIsudoers\fR +policy requires that user-specified timeouts be explicitly enabled. +.TP 12n \fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR Run the command as a user other than the default target user (usually diff --git a/doc/sudo.mdoc.in b/doc/sudo.mdoc.in index 0c8c299cb..727b40445 100644 --- a/doc/sudo.mdoc.in +++ b/doc/sudo.mdoc.in @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016 +.\" Copyright (c) 1994-1996, 1998-2005, 2007-2017 .\" Todd C. Miller .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd January 19, 2016 +.Dd February 16, 2017 .Dt SUDO @mansectsu@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -57,6 +57,7 @@ .Op Fl p Ar prompt .Op Fl r Ar role .Op Fl t Ar type +.Op Fl T Ar timeout .Op Fl u Ar user .Op Ar VAR Ns = Ns Ar value .Op Fl i | s @@ -69,6 +70,7 @@ .Op Fl g Ar group .Op Fl h Ar host .Op Fl p Ar prompt +.Op Fl T Ar timeout .Op Fl u Ar user .Ar .Sh DESCRIPTION @@ -507,6 +509,14 @@ The policy only allows root or a user with the .Li ALL privilege on the current host to use this option. +.It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout +Used to set a timeout for the command. +If the timeout expires before the command has exited, the +command will be terminated. +The security policy may restrict the ability to set command timeouts. +The +.Em sudoers +policy requires that user-specified timeouts be explicitly enabled. .It Fl u Ar user , Fl -user Ns = Ns Ar user Run the command as a user other than the default target user (usually diff --git a/doc/sudoers.cat b/doc/sudoers.cat index ccdbf2c7a..7ff015220 100644 --- a/doc/sudoers.cat +++ b/doc/sudoers.cat @@ -1419,6 +1419,18 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS this option will make that impossible. This flag is _o_f_f by default. + user_command_timeouts + If set, the user may specify a timeout on the command + line. If the timeout expires before the command has + exited, the command will be terminated. If a timeout + is specified both in the _s_u_d_o_e_r_s file and on the + command line, the smaller of the two timeouts will be + used. See the Timeout_Spec section for a description + of the timeout syntax. This flag is _o_f_f by default. + + This setting is only supported by version 1.8.20 or + higher. + utmp_runas If set, ssuuddoo will store the name of the runas user when updating the utmp (or utmpx) file. By default, ssuuddoo stores the name of the invoking user. This flag is _o_f_f @@ -2713,4 +2725,4 @@ DDIISSCCLLAAIIMMEERR file distributed with ssuuddoo or https://www.sudo.ws/license.html for complete details. -Sudo 1.8.20 February 14, 2017 Sudo 1.8.20 +Sudo 1.8.20 February 16, 2017 Sudo 1.8.20 diff --git a/doc/sudoers.man.in b/doc/sudoers.man.in index a2c0bc1b9..b7fb617a2 100644 --- a/doc/sudoers.man.in +++ b/doc/sudoers.man.in @@ -21,7 +21,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.TH "SUDOERS" "5" "February 14, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual" +.TH "SUDOERS" "5" "February 16, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .nh .if n .ad l .SH "NAME" @@ -2978,6 +2978,22 @@ This flag is \fIoff\fR by default. .TP 18n +user_command_timeouts +If set, the user may specify a timeout on the command line. +If the timeout expires before the command has exited, the +command will be terminated. +If a timeout is specified both in the +\fIsudoers\fR +file and on the command line, the smaller of the two timeouts will be used. +See the +\fRTimeout_Spec\fR +section for a description of the timeout syntax. +This flag is +\fIoff\fR +by default. +.sp +This setting is only supported by version 1.8.20 or higher. +.TP 18n utmp_runas If set, \fBsudo\fR diff --git a/doc/sudoers.mdoc.in b/doc/sudoers.mdoc.in index be3a18ba1..281ee7e15 100644 --- a/doc/sudoers.mdoc.in +++ b/doc/sudoers.mdoc.in @@ -19,7 +19,7 @@ .\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" -.Dd February 14, 2017 +.Dd February 16, 2017 .Dt SUDOERS @mansectform@ .Os Sudo @PACKAGE_VERSION@ .Sh NAME @@ -2795,6 +2795,21 @@ Use of this option will make that impossible. This flag is .Em off by default. +.It user_command_timeouts +If set, the user may specify a timeout on the command line. +If the timeout expires before the command has exited, the +command will be terminated. +If a timeout is specified both in the +.Pa sudoers +file and on the command line, the smaller of the two timeouts will be used. +See the +.Li Timeout_Spec +section for a description of the timeout syntax. +This flag is +.Em off +by default. +.Pp +This setting is only supported by version 1.8.20 or higher. .It utmp_runas If set, .Nm sudo diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c index 3ac51d7e9..501d7804e 100644 --- a/plugins/sudoers/def_data.c +++ b/plugins/sudoers/def_data.c @@ -453,6 +453,10 @@ struct sudo_defs_types sudo_defs_table[] = { "command_timeout", T_TIMEOUT|T_BOOL, N_("Time in seconds after which the command will be terminated: %u"), NULL, + }, { + "user_command_timeouts", T_FLAG, + N_("Allow the user to specify a timeout on the command line"), + NULL, }, { NULL, 0, NULL } diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h index 3a5f5c660..2f749b53b 100644 --- a/plugins/sudoers/def_data.h +++ b/plugins/sudoers/def_data.h @@ -210,6 +210,8 @@ #define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag) #define I_COMMAND_TIMEOUT 105 #define def_command_timeout (sudo_defs_table[I_COMMAND_TIMEOUT].sd_un.ival) +#define I_USER_COMMAND_TIMEOUTS 106 +#define def_user_command_timeouts (sudo_defs_table[I_USER_COMMAND_TIMEOUTS].sd_un.flag) enum def_tuple { never, diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index f6fa6c733..b5fb4d92e 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -332,3 +332,6 @@ ignore_unknown_defaults command_timeout T_TIMEOUT|T_BOOL "Time in seconds after which the command will be terminated: %u" +user_command_timeouts + T_FLAG + "Allow the user to specify a timeout on the command line" diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 857601fec..f10f25afc 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -35,6 +35,7 @@ #include "sudoers.h" #include "sudoers_version.h" #include "interfaces.h" +#include "parse.h" /* for parse_timeout() */ /* * Info passed in from the sudo front-end. @@ -256,6 +257,18 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) remhost = *cur + sizeof("remote_host=") - 1; continue; } + if (MATCHES(*cur, "timeout=")) { + p = *cur + sizeof("timeout=") - 1; + user_timeout = parse_timeout(p); + if (user_timeout == -1) { + if (errno == ERANGE) + sudo_warnx(U_("%s: %s"), p, U_("timeout value too large")); + else + sudo_warnx(U_("%s: %s"), p, U_("invalid timeout value")); + goto bad; + } + continue; + } #ifdef ENABLE_SUDO_PLUGIN_API if (MATCHES(*cur, "plugin_dir=")) { path_plugin_dir = *cur + sizeof("plugin_dir=") - 1; @@ -580,8 +593,11 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, if ((command_info[info_len++] = sudo_new_key_val("iolog_group", def_iolog_group)) == NULL) goto oom; } - if (def_command_timeout != 0) { - if (asprintf(&command_info[info_len++], "timeout=%u", def_command_timeout) == -1) + if (def_command_timeout > 0 || user_timeout > 0) { + int timeout = def_command_timeout; + if (timeout <= 0 || user_timeout < timeout) + timeout = user_timeout; + if (asprintf(&command_info[info_len++], "timeout=%u", timeout) == -1) goto oom; } if (cmnd_umask != ACCESSPERMS) { diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 539177a17..4bc397d62 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -476,10 +476,17 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], goto bad; } + /* If user specified a timeout make sure sudoers allows it. */ + if (!def_user_command_timeouts && user_timeout > 0) { + /* XXX - audit/log? */ + sudo_warnx(U_("sorry, you are not allowed set a command timeout")); + goto bad; + } + /* If user specified env vars make sure sudoers allows it. */ if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) { - /* XXX - audit? */ + /* XXX - audit/log? */ sudo_warnx(U_("sorry, you are not allowed to preserve the environment")); goto bad; } else { diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index cfd5abb70..a9774b537 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -103,6 +103,7 @@ struct sudo_user { int cols; int flags; int max_groups; + int timeout; mode_t umask; uid_t uid; uid_t gid; @@ -214,6 +215,7 @@ struct sudo_user { #define user_closefrom (sudo_user.closefrom) #define runas_privs (sudo_user.privs) #define runas_limitprivs (sudo_user.limitprivs) +#define user_timeout (sudo_user.timeout) #ifdef __TANDEM # define ROOT_UID 65535 diff --git a/src/parse_args.c b/src/parse_args.c index b6dd2b87a..1f774e677 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2015 Todd C. Miller + * Copyright (c) 1993-1996, 1998-2017 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -101,7 +101,9 @@ static struct sudo_settings sudo_settings[] = { { "plugin_dir" }, #define ARG_REMOTE_HOST 21 { "remote_host" }, -#define NUM_SETTINGS 22 +#define ARG_TIMEOUT 22 + { "timeout" }, +#define NUM_SETTINGS 23 { NULL } }; @@ -118,7 +120,7 @@ static struct sudo_settings sudo_settings[] = { * Note that we must disable arg permutation to support setting environment * variables and to better support the optional arg of the -h flag. */ -static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:Sst:U:u:Vv"; +static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:SsT:t:U:u:Vv"; static struct option long_opts[] = { { "askpass", no_argument, NULL, 'A' }, { "auth-type", required_argument, NULL, 'a' }, @@ -142,6 +144,7 @@ static struct option long_opts[] = { { "stdin", no_argument, NULL, 'S' }, { "shell", no_argument, NULL, 's' }, { "type", required_argument, NULL, 't' }, + { "command-timeout",required_argument, NULL, 'T' }, { "other-user", required_argument, NULL, 'U' }, { "user", required_argument, NULL, 'u' }, { "version", no_argument, NULL, 'V' }, @@ -332,6 +335,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, sudo_settings[ARG_SELINUX_TYPE].value = optarg; break; #endif + case 'T': + sudo_settings[ARG_TIMEOUT].value = optarg; + break; case 'S': SET(tgetpass_flags, TGP_STDIN); break; @@ -588,7 +594,7 @@ static void help(void) { struct sudo_lbuf lbuf; - const int indent = 30; + const int indent = 32; const char *pname = getprogname(); debug_decl(help, SUDO_DEBUG_ARGS) @@ -602,67 +608,69 @@ help(void) usage(0); sudo_lbuf_append(&lbuf, _("\nOptions:\n")); - sudo_lbuf_append(&lbuf, " -A, --askpass %s\n", + sudo_lbuf_append(&lbuf, " -A, --askpass %s\n", _("use a helper program for password prompting")); #ifdef HAVE_BSD_AUTH_H - sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n", + sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n", _("use specified BSD authentication type")); #endif - sudo_lbuf_append(&lbuf, " -b, --background %s\n", + sudo_lbuf_append(&lbuf, " -b, --background %s\n", _("run command in the background")); - sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n", + sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n", _("close all file descriptors >= num")); #ifdef HAVE_LOGIN_CAP_H - sudo_lbuf_append(&lbuf, " -c, --login-class=class %s\n", + sudo_lbuf_append(&lbuf, " -c, --login-class=class %s\n", _("run command with the specified BSD login class")); #endif - sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", + sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", _("preserve user environment when running command")); - sudo_lbuf_append(&lbuf, " -e, --edit %s\n", + sudo_lbuf_append(&lbuf, " -e, --edit %s\n", _("edit files instead of running a command")); - sudo_lbuf_append(&lbuf, " -g, --group=group %s\n", + sudo_lbuf_append(&lbuf, " -g, --group=group %s\n", _("run command as the specified group name or ID")); - sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", + sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", _("set HOME variable to target user's home dir")); - sudo_lbuf_append(&lbuf, " -h, --help %s\n", + sudo_lbuf_append(&lbuf, " -h, --help %s\n", _("display help message and exit")); - sudo_lbuf_append(&lbuf, " -h, --host=host %s\n", + sudo_lbuf_append(&lbuf, " -h, --host=host %s\n", _("run command on host (if supported by plugin)")); - sudo_lbuf_append(&lbuf, " -i, --login %s\n", + sudo_lbuf_append(&lbuf, " -i, --login %s\n", _("run login shell as the target user; a command may also be specified")); - sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", + sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", _("remove timestamp file completely")); - sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n", + sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n", _("invalidate timestamp file")); - sudo_lbuf_append(&lbuf, " -l, --list %s\n", + sudo_lbuf_append(&lbuf, " -l, --list %s\n", _("list user's privileges or check a specific command; use twice for longer format")); - sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n", + sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n", _("non-interactive mode, no prompts are used")); - sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", + sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", _("preserve group vector instead of setting to target's")); - sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n", + sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n", _("use the specified password prompt")); #ifdef HAVE_SELINUX - sudo_lbuf_append(&lbuf, " -r, --role=role %s\n", + sudo_lbuf_append(&lbuf, " -r, --role=role %s\n", _("create SELinux security context with specified role")); #endif - sudo_lbuf_append(&lbuf, " -S, --stdin %s\n", + sudo_lbuf_append(&lbuf, " -S, --stdin %s\n", _("read password from standard input")); - sudo_lbuf_append(&lbuf, " -s, --shell %s\n", + sudo_lbuf_append(&lbuf, " -s, --shell %s\n", _("run shell as the target user; a command may also be specified")); #ifdef HAVE_SELINUX - sudo_lbuf_append(&lbuf, " -t, --type=type %s\n", + sudo_lbuf_append(&lbuf, " -t, --type=type %s\n", _("create SELinux security context with specified type")); #endif - sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", + sudo_lbuf_append(&lbuf, " -T, --command-timeout=timeout %s\n", + _("terminate command after the specified time limit")); + sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", _("in list mode, display privileges for user")); - sudo_lbuf_append(&lbuf, " -u, --user=user %s\n", + sudo_lbuf_append(&lbuf, " -u, --user=user %s\n", _("run command (or edit file) as specified user name or ID")); - sudo_lbuf_append(&lbuf, " -V, --version %s\n", + sudo_lbuf_append(&lbuf, " -V, --version %s\n", _("display version information and exit")); - sudo_lbuf_append(&lbuf, " -v, --validate %s\n", + sudo_lbuf_append(&lbuf, " -v, --validate %s\n", _("update user's timestamp without running a command")); - sudo_lbuf_append(&lbuf, " -- %s\n", + sudo_lbuf_append(&lbuf, " -- %s\n", _("stop processing command line arguments")); sudo_lbuf_print(&lbuf); sudo_lbuf_destroy(&lbuf); diff --git a/src/sudo_usage.h.in b/src/sudo_usage.h.in index afd0f05b5..a46dc3bff 100644 --- a/src/sudo_usage.h.in +++ b/src/sudo_usage.h.in @@ -1,5 +1,6 @@ /* - * Copyright (c) 2007-2010, 2013 Todd C. Miller + * Copyright (c) 2007-2010, 2013, 2015, 2017 + * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -26,8 +27,8 @@ #define SUDO_USAGE1 " -h | -K | -k | -V" #define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" #define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" -#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] []" -#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] file ..." +#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] []" +#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ..." /* * Configure script arguments used to build sudo. -- 2.40.0