Add intercept_authenticate sudoers option, defaults to false.

By default, sudoers will not require authentication of commands run
via an intercepted session.  To require authenticaton of subsequent
commands, enable intercept_authenticate in sudoers.

plugins/sudoers/sudoers.h

@@ -194,6 +194,10 @@ struct sudo_user {
 #define MODE_PRESERVE_ENV	0x00400000
 #define MODE_NONINTERACTIVE	0x00800000
 #define MODE_IGNORE_TICKET	0x01000000
+#define MODE_POLICY_INTERCEPTED	0x02000000
+
+/* Mode bits allowed for intercepted commands. */
+#define MODE_INTERCEPT_MASK	(MODE_RUN|MODE_NONINTERACTIVE|MODE_IGNORE_TICKET|MODE_POLICY_INTERCEPTED)
 
 /*
  * Used with set_perms()