o Kill *_MESSAGE and replace with NO_LECTURE

o Add more things to root sudo -V config reporting
1999-08-05 21:38:19 +00:00
parent 61dc1ddf61
commit 7c53b74961
6 changed files with 474 additions and 395 deletions
--- a/7
+++ b/7
@@ -177,10 +177,6 @@ Special features/options:
 	Enable DCE support.  Known to work on HP-UX 9.X and 10.0.  Other
 	platforms may require source code and/or `configure' changes.

-  --with-message=TYPE
-	Set message for first time sudo to be "short", "full", or "none".
-	Default is "short.
-
  --with-logging=TYPE
 	How you want to do your logging.  You may choose "syslog", "file",
 	or "both".  Setting this to "syslog" is nice because you can keep all
@@ -374,6 +370,9 @@ Special features/options:
 	specified by --with-exemptgroup.  If you do not specify a path,
 	"/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.

+  --without-lecture
+	Don't print the lecture the first time a user runs sudo.
+
  --without-interfaces
 	This option keeps sudo from trying to glean the ip address from each
 	attached ethernet interface.  It is only useful on a machine where
--- a/check.c
+++ b/check.c
@@ -126,7 +126,7 @@ check_user()
 static void
 lecture()
 {
-#ifndef NO_MESSAGE
+#ifndef NO_LECTURE
    (void) fputs("\n\
 We trust you have received the usual lecture from the local System\n\
 Administrator. It usually boils down to these two things:\n\
@@ -134,7 +134,7 @@ Administrator. It usually boils down to these two things:\n\
 	#1) Respect the privacy of others.\n\
 	#2) Think before you type.\n\n",
 	stderr);
-#endif /* NO_MESSAGE */
+#endif /* NO_LECTURE */
 }

 /*
--- a/config.h.in
+++ b/config.h.in
@@ -441,9 +441,8 @@
 /* Define if you want "command not allowed" instead of "command not found" */
 #undef DONT_LEAK_PATH_INFO

-/* Define SHORT_MESSAGE for a short lecture or NO_MESSAGE for none.  */
-#undef SHORT_MESSAGE
-#undef NO_MESSAGE
+/* Define if you don't want users to get the lecture the first they user sudo */
+#undef NO_LECTURE

 /* Define SEND_MAIL_WHEN_NO_USER to send mail when user not in sudoers file */
 #undef SEND_MAIL_WHEN_NO_USER
--- a/722
+++ b/722
--- a/configure.in
+++ b/configure.in
@@ -268,7 +268,7 @@ AC_ARG_WITH(authenticate, [  --with-authenticate     enable AIX general authenti
    yes)	AC_DEFINE(HAVE_AUTHENTICATE)
 		AC_MSG_CHECKING(whether to use AIX general authentication)
 		AC_MSG_RESULT(yes)
-		AUTH_OBJS="aix_auth.o"
+		AUTH_OBJS="authenticate.o"
 		;;
    no)		;;
    *)		echo "Sorry, --with-authenticate does not take an argument."
@@ -315,22 +315,18 @@ AC_ARG_WITH(DCE, [  --with-DCE              enable DCE support],
 		;;
 esac])

-AC_MSG_CHECKING(which message/lecture type sudo should use)
-AC_ARG_WITH(message, [  --with-message          short, full, or none],
-[case $with_message in  
-    yes|short)	AC_DEFINE(SHORT_MESSAGE)
-		AC_MSG_RESULT(short)
+AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
+AC_ARG_WITH(lecture, [  --without-lecture       don't print lecture for first-time sudoer],
+[case $with_lecture in  
+    yes|short)	AC_MSG_RESULT(yes)
 		;;
-    no|none)	AC_DEFINE(NO_MESSAGE)
-		AC_MSG_RESULT(none)
+    no|none)	AC_DEFINE(NO_LECTURE)
+		AC_MSG_RESULT(no)
 		;;
-    full)	echo "Using long sudo message/lecture for new users"
-		AC_MSG_RESULT(full)
-		;;
-    *)		echo "Unknown argument to --with-message: $with_message"
+    *)		echo "Unknown argument to --with-lecture: $with_lecture"
 		exit 1
 		;;
-esac], [AC_DEFINE(SHORT_MESSAGE) AC_MSG_RESULT(short)])
+esac], [AC_MSG_RESULT(yes)])

 AC_MSG_CHECKING(whether sudo should log via syslog or to a file)
 AC_ARG_WITH(logging, [  --with-logging          log via syslog, file, or both],
--- a/version.c
+++ b/version.c
@@ -53,6 +53,7 @@

 #include "sudo.h"
 #include "version.h"
+#include "auth/sudo_auth.h"

 #ifndef lint
 static const char rcsid[] = "$Sudo$";
@@ -68,6 +69,8 @@ static char *num_to_name __P((int, CODE *));
 void
 print_version()
 {
+    extern sudo_auth auth_switch[];
+    sudo_auth *auth;

    (void) printf("Sudo version %s\n", version);

@@ -75,7 +78,18 @@ print_version()
     * Print compile-time options if root.
     */
    if (getuid() == 0) {
-	(void) fputs("\nLogging:\n", stdout);
+#ifdef WITHOUT_PASSWD
+	(void) puts("\nNo Authentication configured\n");
+#else
+	(void) fputs("\nAuthentication methods:", stdout);
+	for (auth = auth_switch; auth->name; auth++) {
+	    (void) putchar(' ');
+	    (void) fputs(auth->name, stdout);
+	}
+	(void) putchar('\n');
+#endif
+
+	(void) fputs("Logging:\n", stdout);
 #if (LOGGING & SLOG_SYSLOG)
 # ifdef HAVE_SYSLOG_NAMES
 	printf("    syslog: facility %s, failures to %s, success to %s\n",
@@ -83,23 +97,104 @@ print_version()
 	    num_to_name(PRI_FAILURE, prioritynames),
 	    num_to_name(PRI_SUCCESS, prioritynames));
 # else
-	printf("    syslog: facility %d, failures to %d, success to %d\n",
+	printf("    syslog: facility #%d, failures to #%d, success to #%d\n",
 	    LOGFAC, PRI_FAILURE, PRI_SUCCESS);
 # endif /* HAVE_SYSLOG_NAMES */
 #endif /* SLOG_SYSLOG */
 #if (LOGGING & SLOG_FILE)
-	printf("    log file: %s", _PATH_SUDO_LOGFILE);
+	(void) printf("    log file: %s", _PATH_SUDO_LOGFILE);
 # ifdef HOST_IN_LOG
-	fputs(", host in log", stdout);
+	(void) fputs(", host in log", stdout);
 # endif
 # ifdef WRAP_LOG
-	printf(", lines wrap after %d characters", MAXLOGFILELEN);
+	(void) printf(", lines wrap after %d characters", MAXLOGFILELEN);
 # endif
-	putchar('\n');
+	(void) putchar('\n');
 #endif /* SLOG_FILE */

-    /* XXX - add more */
+#ifdef USE_TTY_TICKETS
+	(void) puts("Timestamp type: userdir/tty");
+#else
+	(void) puts("Timestamp type: userdir");
+#endif

+#if TIMEOUT
+	(void) printf("Ticket file timeout: %d minutes\n", TIMEOUT);
+#endif
+
+#ifdef USE_INSULTS
+	(void) fputs("Insult types:", stdout);
+# ifdef CLASSIC_INSULTS
+	(void) fputs(" classic", stdout);
+# endif
+# ifdef CSOPS_INSULTS
+	(void) fputs(" CSOps", stdout);
+# endif
+# ifdef HAL_INSULTS
+	(void) fputs(" hal", stdout);
+# endif
+# ifdef GOONS_INSULTS
+	(void) fputs(" goons", stdout);
+# endif
+	(void) putchar('\n');
+#endif
+
+#ifdef SUDO_UMASK
+	(void) printf("Umask to enforce: 0%o\n", SUDO_UMASK);
+#endif
+
+#if !defined(WITHOUT_PASSWD) && PASSWORD_TIMEOUT
+	(void) printf("Password timeout: %d minutes\n", PASSWORD_TIMEOUT);
+#endif
+
+	(void) printf("Password attempts allowed: %d\n", TRIES_FOR_PASSWORD);
+
+	(void) printf("Default user to run commands as: %s\n", RUNAS_DEFAULT);
+
+#ifdef FQDN
+	(void) puts("Fully qualified hostnames required in sudoers");
+#endif
+
+#ifdef NO_ROOT_SUDO
+	(void) puts("Root may not run sudo");
+#endif
+
+#ifdef EXEMPTGROUP
+	(void) printf("Users in group %s are exempt from password and PATH requirements\n", EXEMPTGROUP);
+#endif
+
+#ifdef ENV_EDITOR
+	(void) printf("Default editor for visudo: %s\n", EDITOR);
+#else
+	(void) printf("Editor for visudo: %s\n", EDITOR);
+#endif
+
+#ifdef SECURE_PATH
+	(void) printf("Secure PATH: %s\n", SECURE_PATH);
+#endif
+
+#ifdef _PATH_SENDMAIL
+	(void) printf("Mailer path: %s\n", _PATH_SENDMAIL);
+	(void) printf("Send mail to: %s\n", ALERTMAIL);
+	(void) printf("Mail subject: %s\n", MAILSUBJECT);
+#endif
+
+	(void) printf("Default password prompt: %s\n", PASSPROMPT);
+
+	(void) fputs("Lecture user the first time they run sudo? ", stdout);
+#ifndef NO_LECTURE
+	(void) puts("yes");
+#else
+	(void) puts("no");
+#endif
+
+/* stopped at INCORRECT_PASSWORD */
+
+    /* XXX - more */
+
+/*
+-D_PATH_SUDO_SUDOERS=\"/etc/sudoers\" -D_PATH_SUDO_STMP=\"/etc/stmp\" -DSUDOERS_UID=0 -DSUDOERS_GID=0 -DSUDOERS_MODE=0440
+*/
    }
 }