Add intercept_authenticate sudoers option, defaults to false.

By default, sudoers will not require authentication of commands run via an intercepted session. To require authenticaton of subsequent commands, enable intercept_authenticate in sudoers.
2021-08-09 15:50:26 -06:00
parent 13b89e9103
commit 788708c9ff
9 changed files with 68 additions and 3 deletions
--- a/plugins/sudoers/def_data.h
+++ b/plugins/sudoers/def_data.h
@@ -272,6 +272,8 @@
 #define def_log_children        (sudo_defs_table[I_LOG_CHILDREN].sd_un.flag)
 #define I_LOG_EXIT_STATUS       135
 #define def_log_exit_status     (sudo_defs_table[I_LOG_EXIT_STATUS].sd_un.flag)
+#define I_INTERCEPT_AUTHENTICATE 136
+#define def_intercept_authenticate (sudo_defs_table[I_INTERCEPT_AUTHENTICATE].sd_un.flag)

 enum def_tuple {
    never,