isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a command line option to specify the command timeout, as long

Browse Source 
as sudoers does not specify a shorter time limit.
This commit is contained in:
Todd C. Miller
2017-02-16 09:58:18 -07:00
parent 9b0622b58f
commit c86a6a23ad
14 changed files with 162 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
doc/sudo.cat
View File

@@ -9,10 +9,10 @@ SSYYNNOOPPSSIISS
ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r] ssuuddoo --ll [--AAkknnSS] [--aa _t_y_p_e] [--gg _g_r_o_u_p] [--hh _h_o_s_t] [--pp _p_r_o_m_p_t] [--UU _u_s_e_r]
[--uu _u_s_e_r] [_c_o_m_m_a_n_d] [--uu _u_s_e_r] [_c_o_m_m_a_n_d]
ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] ssuuddoo [--AAbbEEHHnnPPSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
[--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--uu _u_s_e_r] [_V_A_R=_v_a_l_u_e] [--ii | --ss] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e] [--TT _t_i_m_e_o_u_t] [--uu _u_s_e_r] [_V_A_R=_v_a_l_u_e]
[_c_o_m_m_a_n_d] [--ii | --ss] [_c_o_m_m_a_n_d]
ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t] ssuuddooeeddiitt [--AAkknnSS] [--aa _t_y_p_e] [--CC _n_u_m] [--cc _c_l_a_s_s] [--gg _g_r_o_u_p] [--hh _h_o_s_t]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r] _f_i_l_e _._._. [--pp _p_r_o_m_p_t] [--TT _t_i_m_e_o_u_t] [--uu _u_s_e_r] _f_i_l_e _._._.
DDEESSCCRRIIPPTTIIOONN DDEESSCCRRIIPPTTIIOONN
ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
@@ -293,6 +293,13 @@ DDEESSCCRRIIPPTTIIOONN
_s_u_d_o_e_r_s policy only allows root or a user with the ALL _s_u_d_o_e_r_s policy only allows root or a user with the ALL
privilege on the current host to use this option. privilege on the current host to use this option.
--TT _t_i_m_e_o_u_t, ----ccoommmmaanndd--ttiimmeeoouutt=_t_i_m_e_o_u_t
Used to set a timeout for the command. If the timeout
expires before the command has exited, the command will be
terminated. The security policy may restrict the ability to
set command timeouts. The _s_u_d_o_e_r_s policy requires that user-
specified timeouts be explicitly enabled.
--uu _u_s_e_r, ----uusseerr=_u_s_e_r --uu _u_s_e_r, ----uusseerr=_u_s_e_r
Run the command as a user other than the default target user Run the command as a user other than the default target user
(usually _r_o_o_t). The _u_s_e_r may be either a user name or a (usually _r_o_o_t). The _u_s_e_r may be either a user name or a
@@ -621,4 +628,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.19 January 19, 2016 Sudo 1.8.19 Sudo 1.8.20 February 16, 2017 Sudo 1.8.20

15
doc/sudo.man.in
View File

@@ -1,7 +1,7 @@
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in .\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in
.\" .\"
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016 .\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
.\" Todd C. Miller <Todd.Miller@courtesan.com> .\" Todd C. Miller <Todd.Miller@courtesan.com>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDO" "8" "January 19, 2016" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" .TH "SUDO" "8" "February 16, 2017" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -66,6 +66,7 @@
[\fB\-p\fR\ \fIprompt\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-r\fR\ \fIrole\fR] [\fB\-r\fR\ \fIrole\fR]
[\fB\-t\fR\ \fItype\fR] [\fB\-t\fR\ \fItype\fR]
[\fB\-T\fR\ \fItimeout\fR]
[\fB\-u\fR\ \fIuser\fR] [\fB\-u\fR\ \fIuser\fR]
[\fIVAR\fR=\fIvalue\fR] [\fIVAR\fR=\fIvalue\fR]
[\fB\-i\fR\ |\ \fB\-s\fR] [\fB\-i\fR\ |\ \fB\-s\fR]
@@ -80,6 +81,7 @@
[\fB\-g\fR\ \fIgroup\fR] [\fB\-g\fR\ \fIgroup\fR]
[\fB\-h\fR\ \fIhost\fR] [\fB\-h\fR\ \fIhost\fR]
[\fB\-p\fR\ \fIprompt\fR] [\fB\-p\fR\ \fIprompt\fR]
[\fB\-T\fR\ \fItimeout\fR]
[\fB\-u\fR\ \fIuser\fR] [\fB\-u\fR\ \fIuser\fR]
\fIfile\ ...\fR \fIfile\ ...\fR
.PD .PD
@@ -564,6 +566,15 @@ policy only allows root or a user with the
\fRALL\fR \fRALL\fR
privilege on the current host to use this option. privilege on the current host to use this option.
.TP 12n .TP 12n
\fB\-T\fR \fItimeout\fR, \fB\--command-timeout\fR=\fItimeout\fR
Used to set a timeout for the command.
If the timeout expires before the command has exited, the
command will be terminated.
The security policy may restrict the ability to set command timeouts.
The
\fIsudoers\fR
policy requires that user-specified timeouts be explicitly enabled.
.TP 12n
\fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR \fB\-u\fR \fIuser\fR, \fB\--user\fR=\fIuser\fR
Run the command as a user other than the default target user Run the command as a user other than the default target user
(usually (usually

14
doc/sudo.mdoc.in
View File

@@ -1,5 +1,5 @@
.\" .\"
.\" Copyright (c) 1994-1996, 1998-2005, 2007-2016 .\" Copyright (c) 1994-1996, 1998-2005, 2007-2017
.\" Todd C. Miller <Todd.Miller@courtesan.com> .\" Todd C. Miller <Todd.Miller@courtesan.com>
.\" .\"
.\" Permission to use, copy, modify, and distribute this software for any .\" Permission to use, copy, modify, and distribute this software for any
@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd January 19, 2016 .Dd February 16, 2017
.Dt SUDO @mansectsu@ .Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -57,6 +57,7 @@
.Op Fl p Ar prompt .Op Fl p Ar prompt
.Op Fl r Ar role .Op Fl r Ar role
.Op Fl t Ar type .Op Fl t Ar type
.Op Fl T Ar timeout
.Op Fl u Ar user .Op Fl u Ar user
.Op Ar VAR Ns = Ns Ar value .Op Ar VAR Ns = Ns Ar value
.Op Fl i | s .Op Fl i | s
@@ -69,6 +70,7 @@
.Op Fl g Ar group .Op Fl g Ar group
.Op Fl h Ar host .Op Fl h Ar host
.Op Fl p Ar prompt .Op Fl p Ar prompt
.Op Fl T Ar timeout
.Op Fl u Ar user .Op Fl u Ar user
.Ar .Ar
.Sh DESCRIPTION .Sh DESCRIPTION
@@ -507,6 +509,14 @@ The
policy only allows root or a user with the policy only allows root or a user with the
.Li ALL .Li ALL
privilege on the current host to use this option. privilege on the current host to use this option.
.It Fl T Ar timeout , Fl -command-timeout Ns = Ns Ar timeout
Used to set a timeout for the command.
If the timeout expires before the command has exited, the
command will be terminated.
The security policy may restrict the ability to set command timeouts.
The
.Em sudoers
policy requires that user-specified timeouts be explicitly enabled.
.It Fl u Ar user , Fl -user Ns = Ns Ar user .It Fl u Ar user , Fl -user Ns = Ns Ar user
Run the command as a user other than the default target user Run the command as a user other than the default target user
(usually (usually

14
doc/sudoers.cat
View File

@@ -1419,6 +1419,18 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
this option will make that impossible. This flag is this option will make that impossible. This flag is
_o_f_f by default. _o_f_f by default.
user_command_timeouts
If set, the user may specify a timeout on the command
line. If the timeout expires before the command has
exited, the command will be terminated. If a timeout
is specified both in the _s_u_d_o_e_r_s file and on the
command line, the smaller of the two timeouts will be
used. See the Timeout_Spec section for a description
of the timeout syntax. This flag is _o_f_f by default.
This setting is only supported by version 1.8.20 or
higher.
utmp_runas If set, ssuuddoo will store the name of the runas user when utmp_runas If set, ssuuddoo will store the name of the runas user when
updating the utmp (or utmpx) file. By default, ssuuddoo updating the utmp (or utmpx) file. By default, ssuuddoo
stores the name of the invoking user. This flag is _o_f_f stores the name of the invoking user. This flag is _o_f_f
@@ -2713,4 +2725,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.20 February 14, 2017 Sudo 1.8.20 Sudo 1.8.20 February 16, 2017 Sudo 1.8.20

18
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "5" "February 14, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "5" "February 16, 2017" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -2978,6 +2978,22 @@ This flag is
\fIoff\fR \fIoff\fR
by default. by default.
.TP 18n .TP 18n
user_command_timeouts
If set, the user may specify a timeout on the command line.
If the timeout expires before the command has exited, the
command will be terminated.
If a timeout is specified both in the
\fIsudoers\fR
file and on the command line, the smaller of the two timeouts will be used.
See the
\fRTimeout_Spec\fR
section for a description of the timeout syntax.
This flag is
\fIoff\fR
by default.
.sp
This setting is only supported by version 1.8.20 or higher.
.TP 18n
utmp_runas utmp_runas
If set, If set,
\fBsudo\fR \fBsudo\fR

17
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd February 14, 2017 .Dd February 16, 2017
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -2795,6 +2795,21 @@ Use of this option will make that impossible.
This flag is This flag is
.Em off .Em off
by default. by default.
.It user_command_timeouts
If set, the user may specify a timeout on the command line.
If the timeout expires before the command has exited, the
command will be terminated.
If a timeout is specified both in the
.Pa sudoers
file and on the command line, the smaller of the two timeouts will be used.
See the
.Li Timeout_Spec
section for a description of the timeout syntax.
This flag is
.Em off
by default.
.Pp
This setting is only supported by version 1.8.20 or higher.
.It utmp_runas .It utmp_runas
If set, If set,
.Nm sudo .Nm sudo

4
plugins/sudoers/def_data.c
View File

@@ -453,6 +453,10 @@ struct sudo_defs_types sudo_defs_table[] = {
"command_timeout", T_TIMEOUT|T_BOOL, "command_timeout", T_TIMEOUT|T_BOOL,
N_("Time in seconds after which the command will be terminated: %u"), N_("Time in seconds after which the command will be terminated: %u"),
NULL, NULL,
}, {
"user_command_timeouts", T_FLAG,
N_("Allow the user to specify a timeout on the command line"),
NULL,
}, { }, {
NULL, 0, NULL NULL, 0, NULL
} }

2
plugins/sudoers/def_data.h
View File

@@ -210,6 +210,8 @@
#define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag) #define def_ignore_unknown_defaults (sudo_defs_table[I_IGNORE_UNKNOWN_DEFAULTS].sd_un.flag)
#define I_COMMAND_TIMEOUT 105 #define I_COMMAND_TIMEOUT 105
#define def_command_timeout (sudo_defs_table[I_COMMAND_TIMEOUT].sd_un.ival) #define def_command_timeout (sudo_defs_table[I_COMMAND_TIMEOUT].sd_un.ival)
#define I_USER_COMMAND_TIMEOUTS 106
#define def_user_command_timeouts (sudo_defs_table[I_USER_COMMAND_TIMEOUTS].sd_un.flag)
enum def_tuple { enum def_tuple {
never, never,

3
plugins/sudoers/def_data.in
View File

@@ -332,3 +332,6 @@ ignore_unknown_defaults
command_timeout command_timeout
T_TIMEOUT|T_BOOL T_TIMEOUT|T_BOOL
"Time in seconds after which the command will be terminated: %u" "Time in seconds after which the command will be terminated: %u"
user_command_timeouts
T_FLAG
"Allow the user to specify a timeout on the command line"

20
plugins/sudoers/policy.c
View File

@@ -35,6 +35,7 @@
#include "sudoers.h" #include "sudoers.h"
#include "sudoers_version.h" #include "sudoers_version.h"
#include "interfaces.h" #include "interfaces.h"
#include "parse.h" /* for parse_timeout() */
/* /*
* Info passed in from the sudo front-end. * Info passed in from the sudo front-end.
@@ -256,6 +257,18 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
remhost = *cur + sizeof("remote_host=") - 1; remhost = *cur + sizeof("remote_host=") - 1;
continue; continue;
} }
if (MATCHES(*cur, "timeout=")) {
p = *cur + sizeof("timeout=") - 1;
user_timeout = parse_timeout(p);
if (user_timeout == -1) {
if (errno == ERANGE)
sudo_warnx(U_("%s: %s"), p, U_("timeout value too large"));
else
sudo_warnx(U_("%s: %s"), p, U_("invalid timeout value"));
goto bad;
}
continue;
}
#ifdef ENABLE_SUDO_PLUGIN_API #ifdef ENABLE_SUDO_PLUGIN_API
if (MATCHES(*cur, "plugin_dir=")) { if (MATCHES(*cur, "plugin_dir=")) {
path_plugin_dir = *cur + sizeof("plugin_dir=") - 1; path_plugin_dir = *cur + sizeof("plugin_dir=") - 1;
@@ -580,8 +593,11 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
if ((command_info[info_len++] = sudo_new_key_val("iolog_group", def_iolog_group)) == NULL) if ((command_info[info_len++] = sudo_new_key_val("iolog_group", def_iolog_group)) == NULL)
goto oom; goto oom;
} }
if (def_command_timeout != 0) { if (def_command_timeout > 0 || user_timeout > 0) {
if (asprintf(&command_info[info_len++], "timeout=%u", def_command_timeout) == -1) int timeout = def_command_timeout;
if (timeout <= 0 || user_timeout < timeout)
timeout = user_timeout;
if (asprintf(&command_info[info_len++], "timeout=%u", timeout) == -1)
goto oom; goto oom;
} }
if (cmnd_umask != ACCESSPERMS) { if (cmnd_umask != ACCESSPERMS) {

9
plugins/sudoers/sudoers.c
View File

@@ -476,10 +476,17 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
goto bad; goto bad;
} }
/* If user specified a timeout make sure sudoers allows it. */
if (!def_user_command_timeouts && user_timeout > 0) {
/* XXX - audit/log? */
sudo_warnx(U_("sorry, you are not allowed set a command timeout"));
goto bad;
}
/* If user specified env vars make sure sudoers allows it. */ /* If user specified env vars make sure sudoers allows it. */
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) { if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
/* XXX - audit? */ /* XXX - audit/log? */
sudo_warnx(U_("sorry, you are not allowed to preserve the environment")); sudo_warnx(U_("sorry, you are not allowed to preserve the environment"));
goto bad; goto bad;
} else { } else {

2
plugins/sudoers/sudoers.h
View File

@@ -103,6 +103,7 @@ struct sudo_user {
int cols; int cols;
int flags; int flags;
int max_groups; int max_groups;
int timeout;
mode_t umask; mode_t umask;
uid_t uid; uid_t uid;
uid_t gid; uid_t gid;
@@ -214,6 +215,7 @@ struct sudo_user {
#define user_closefrom (sudo_user.closefrom) #define user_closefrom (sudo_user.closefrom)
#define runas_privs (sudo_user.privs) #define runas_privs (sudo_user.privs)
#define runas_limitprivs (sudo_user.limitprivs) #define runas_limitprivs (sudo_user.limitprivs)
#define user_timeout (sudo_user.timeout)
#ifdef __TANDEM #ifdef __TANDEM
# define ROOT_UID 65535 # define ROOT_UID 65535

70
src/parse_args.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1993-1996, 1998-2015 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 1993-1996, 1998-2017 Todd C. Miller <Todd.Miller@courtesan.com>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@@ -101,7 +101,9 @@ static struct sudo_settings sudo_settings[] = {
{ "plugin_dir" }, { "plugin_dir" },
#define ARG_REMOTE_HOST 21 #define ARG_REMOTE_HOST 21
{ "remote_host" }, { "remote_host" },
#define NUM_SETTINGS 22 #define ARG_TIMEOUT 22
{ "timeout" },
#define NUM_SETTINGS 23
{ NULL } { NULL }
}; };
@@ -118,7 +120,7 @@ static struct sudo_settings sudo_settings[] = {
* Note that we must disable arg permutation to support setting environment * Note that we must disable arg permutation to support setting environment
* variables and to better support the optional arg of the -h flag. * variables and to better support the optional arg of the -h flag.
*/ */
static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:Sst:U:u:Vv"; static const char short_opts[] = "+Aa:bC:c:D:Eeg:Hh::iKklnPp:r:SsT:t:U:u:Vv";
static struct option long_opts[] = { static struct option long_opts[] = {
{ "askpass", no_argument, NULL, 'A' }, { "askpass", no_argument, NULL, 'A' },
{ "auth-type", required_argument, NULL, 'a' }, { "auth-type", required_argument, NULL, 'a' },
@@ -142,6 +144,7 @@ static struct option long_opts[] = {
{ "stdin", no_argument, NULL, 'S' }, { "stdin", no_argument, NULL, 'S' },
{ "shell", no_argument, NULL, 's' }, { "shell", no_argument, NULL, 's' },
{ "type", required_argument, NULL, 't' }, { "type", required_argument, NULL, 't' },
{ "command-timeout",required_argument, NULL, 'T' },
{ "other-user", required_argument, NULL, 'U' }, { "other-user", required_argument, NULL, 'U' },
{ "user", required_argument, NULL, 'u' }, { "user", required_argument, NULL, 'u' },
{ "version", no_argument, NULL, 'V' }, { "version", no_argument, NULL, 'V' },
@@ -332,6 +335,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv,
sudo_settings[ARG_SELINUX_TYPE].value = optarg; sudo_settings[ARG_SELINUX_TYPE].value = optarg;
break; break;
#endif #endif
case 'T':
sudo_settings[ARG_TIMEOUT].value = optarg;
break;
case 'S': case 'S':
SET(tgetpass_flags, TGP_STDIN); SET(tgetpass_flags, TGP_STDIN);
break; break;
@@ -588,7 +594,7 @@ static void
help(void) help(void)
{ {
struct sudo_lbuf lbuf; struct sudo_lbuf lbuf;
const int indent = 30; const int indent = 32;
const char *pname = getprogname(); const char *pname = getprogname();
debug_decl(help, SUDO_DEBUG_ARGS) debug_decl(help, SUDO_DEBUG_ARGS)
@@ -602,67 +608,69 @@ help(void)
usage(0); usage(0);
sudo_lbuf_append(&lbuf, _("\nOptions:\n")); sudo_lbuf_append(&lbuf, _("\nOptions:\n"));
sudo_lbuf_append(&lbuf, " -A, --askpass %s\n", sudo_lbuf_append(&lbuf, " -A, --askpass %s\n",
_("use a helper program for password prompting")); _("use a helper program for password prompting"));
#ifdef HAVE_BSD_AUTH_H #ifdef HAVE_BSD_AUTH_H
sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n", sudo_lbuf_append(&lbuf, " -a, --auth-type=type %s\n",
_("use specified BSD authentication type")); _("use specified BSD authentication type"));
#endif #endif
sudo_lbuf_append(&lbuf, " -b, --background %s\n", sudo_lbuf_append(&lbuf, " -b, --background %s\n",
_("run command in the background")); _("run command in the background"));
sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n", sudo_lbuf_append(&lbuf, " -C, --close-from=num %s\n",
_("close all file descriptors >= num")); _("close all file descriptors >= num"));
#ifdef HAVE_LOGIN_CAP_H #ifdef HAVE_LOGIN_CAP_H
sudo_lbuf_append(&lbuf, " -c, --login-class=class %s\n", sudo_lbuf_append(&lbuf, " -c, --login-class=class %s\n",
_("run command with the specified BSD login class")); _("run command with the specified BSD login class"));
#endif #endif
sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n", sudo_lbuf_append(&lbuf, " -E, --preserve-env %s\n",
_("preserve user environment when running command")); _("preserve user environment when running command"));
sudo_lbuf_append(&lbuf, " -e, --edit %s\n", sudo_lbuf_append(&lbuf, " -e, --edit %s\n",
_("edit files instead of running a command")); _("edit files instead of running a command"));
sudo_lbuf_append(&lbuf, " -g, --group=group %s\n", sudo_lbuf_append(&lbuf, " -g, --group=group %s\n",
_("run command as the specified group name or ID")); _("run command as the specified group name or ID"));
sudo_lbuf_append(&lbuf, " -H, --set-home %s\n", sudo_lbuf_append(&lbuf, " -H, --set-home %s\n",
_("set HOME variable to target user's home dir")); _("set HOME variable to target user's home dir"));
sudo_lbuf_append(&lbuf, " -h, --help %s\n", sudo_lbuf_append(&lbuf, " -h, --help %s\n",
_("display help message and exit")); _("display help message and exit"));
sudo_lbuf_append(&lbuf, " -h, --host=host %s\n", sudo_lbuf_append(&lbuf, " -h, --host=host %s\n",
_("run command on host (if supported by plugin)")); _("run command on host (if supported by plugin)"));
sudo_lbuf_append(&lbuf, " -i, --login %s\n", sudo_lbuf_append(&lbuf, " -i, --login %s\n",
_("run login shell as the target user; a command may also be specified")); _("run login shell as the target user; a command may also be specified"));
sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n", sudo_lbuf_append(&lbuf, " -K, --remove-timestamp %s\n",
_("remove timestamp file completely")); _("remove timestamp file completely"));
sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n", sudo_lbuf_append(&lbuf, " -k, --reset-timestamp %s\n",
_("invalidate timestamp file")); _("invalidate timestamp file"));
sudo_lbuf_append(&lbuf, " -l, --list %s\n", sudo_lbuf_append(&lbuf, " -l, --list %s\n",
_("list user's privileges or check a specific command; use twice for longer format")); _("list user's privileges or check a specific command; use twice for longer format"));
sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n", sudo_lbuf_append(&lbuf, " -n, --non-interactive %s\n",
_("non-interactive mode, no prompts are used")); _("non-interactive mode, no prompts are used"));
sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n", sudo_lbuf_append(&lbuf, " -P, --preserve-groups %s\n",
_("preserve group vector instead of setting to target's")); _("preserve group vector instead of setting to target's"));
sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n", sudo_lbuf_append(&lbuf, " -p, --prompt=prompt %s\n",
_("use the specified password prompt")); _("use the specified password prompt"));
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
sudo_lbuf_append(&lbuf, " -r, --role=role %s\n", sudo_lbuf_append(&lbuf, " -r, --role=role %s\n",
_("create SELinux security context with specified role")); _("create SELinux security context with specified role"));
#endif #endif
sudo_lbuf_append(&lbuf, " -S, --stdin %s\n", sudo_lbuf_append(&lbuf, " -S, --stdin %s\n",
_("read password from standard input")); _("read password from standard input"));
sudo_lbuf_append(&lbuf, " -s, --shell %s\n", sudo_lbuf_append(&lbuf, " -s, --shell %s\n",
_("run shell as the target user; a command may also be specified")); _("run shell as the target user; a command may also be specified"));
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
sudo_lbuf_append(&lbuf, " -t, --type=type %s\n", sudo_lbuf_append(&lbuf, " -t, --type=type %s\n",
_("create SELinux security context with specified type")); _("create SELinux security context with specified type"));
#endif #endif
sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n", sudo_lbuf_append(&lbuf, " -T, --command-timeout=timeout %s\n",
_("terminate command after the specified time limit"));
sudo_lbuf_append(&lbuf, " -U, --other-user=user %s\n",
_("in list mode, display privileges for user")); _("in list mode, display privileges for user"));
sudo_lbuf_append(&lbuf, " -u, --user=user %s\n", sudo_lbuf_append(&lbuf, " -u, --user=user %s\n",
_("run command (or edit file) as specified user name or ID")); _("run command (or edit file) as specified user name or ID"));
sudo_lbuf_append(&lbuf, " -V, --version %s\n", sudo_lbuf_append(&lbuf, " -V, --version %s\n",
_("display version information and exit")); _("display version information and exit"));
sudo_lbuf_append(&lbuf, " -v, --validate %s\n", sudo_lbuf_append(&lbuf, " -v, --validate %s\n",
_("update user's timestamp without running a command")); _("update user's timestamp without running a command"));
sudo_lbuf_append(&lbuf, " -- %s\n", sudo_lbuf_append(&lbuf, " -- %s\n",
_("stop processing command line arguments")); _("stop processing command line arguments"));
sudo_lbuf_print(&lbuf); sudo_lbuf_print(&lbuf);
sudo_lbuf_destroy(&lbuf); sudo_lbuf_destroy(&lbuf);

7
src/sudo_usage.h.in
View File

@@ -1,5 +1,6 @@
/* /*
* Copyright (c) 2007-2010, 2013 Todd C. Miller <Todd.Miller@courtesan.com> * Copyright (c) 2007-2010, 2013, 2015, 2017
* Todd C. Miller <Todd.Miller@courtesan.com>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@@ -26,8 +27,8 @@
#define SUDO_USAGE1 " -h | -K | -k | -V" #define SUDO_USAGE1 " -h | -K | -k | -V"
#define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]" #define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-u user]"
#define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]" #define SUDO_USAGE3 " -l [-AknS] @BSDAUTH_USAGE@[-g group] [-h host] [-p prompt] [-U user] [-u user] [command]"
#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] [<command>]" #define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-T timeout] [-u user] [VAR=value] [-i|-s] [<command>]"
#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-u user] file ..." #define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C num] @LOGINCAP_USAGE@[-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ..."
/* /*
* Configure script arguments used to build sudo. * Configure script arguments used to build sudo.