Annotation of src/usr.bin/sudo/def_data.c, Revision 1.7
1.2 millert 1: static struct def_values def_data_lecture[] = {
2: { "never", never },
3: { "once", once },
4: { "always", always },
5: { NULL, 0 },
6: };
7:
8: static struct def_values def_data_listpw[] = {
9: { "never", never },
10: { "any", any },
11: { "all", all },
12: { "always", always },
13: { NULL, 0 },
14: };
15:
16: static struct def_values def_data_verifypw[] = {
17: { "never", never },
1.3 millert 18: { "all", all },
1.2 millert 19: { "any", any },
20: { "always", always },
21: { NULL, 0 },
22: };
23:
1.1 millert 24: struct sudo_defs_types sudo_defs_table[] = {
25: {
26: "syslog", T_LOGFAC|T_BOOL,
1.2 millert 27: "Syslog facility if syslog is being used for logging: %s",
28: NULL,
1.1 millert 29: }, {
30: "syslog_goodpri", T_LOGPRI,
1.2 millert 31: "Syslog priority to use when user authenticates successfully: %s",
32: NULL,
1.1 millert 33: }, {
34: "syslog_badpri", T_LOGPRI,
1.2 millert 35: "Syslog priority to use when user authenticates unsuccessfully: %s",
36: NULL,
1.1 millert 37: }, {
38: "long_otp_prompt", T_FLAG,
1.2 millert 39: "Put OTP prompt on its own line",
40: NULL,
1.1 millert 41: }, {
42: "ignore_dot", T_FLAG,
1.2 millert 43: "Ignore '.' in $PATH",
44: NULL,
1.1 millert 45: }, {
46: "mail_always", T_FLAG,
1.2 millert 47: "Always send mail when sudo is run",
48: NULL,
1.1 millert 49: }, {
50: "mail_badpass", T_FLAG,
1.2 millert 51: "Send mail if user authentication fails",
52: NULL,
1.1 millert 53: }, {
54: "mail_no_user", T_FLAG,
1.2 millert 55: "Send mail if the user is not in sudoers",
56: NULL,
1.1 millert 57: }, {
58: "mail_no_host", T_FLAG,
1.2 millert 59: "Send mail if the user is not in sudoers for this host",
60: NULL,
1.1 millert 61: }, {
62: "mail_no_perms", T_FLAG,
1.2 millert 63: "Send mail if the user is not allowed to run a command",
64: NULL,
1.1 millert 65: }, {
66: "tty_tickets", T_FLAG,
1.2 millert 67: "Use a separate timestamp for each user/tty combo",
68: NULL,
1.1 millert 69: }, {
1.2 millert 70: "lecture", T_TUPLE|T_BOOL,
71: "Lecture user the first time they run sudo",
72: def_data_lecture,
73: }, {
74: "lecture_file", T_STR|T_PATH|T_BOOL,
75: "File containing the sudo lecture: %s",
76: NULL,
1.1 millert 77: }, {
78: "authenticate", T_FLAG,
1.2 millert 79: "Require users to authenticate by default",
80: NULL,
1.1 millert 81: }, {
82: "root_sudo", T_FLAG,
1.2 millert 83: "Root may run sudo",
84: NULL,
1.1 millert 85: }, {
86: "log_host", T_FLAG,
1.2 millert 87: "Log the hostname in the (non-syslog) log file",
88: NULL,
1.1 millert 89: }, {
90: "log_year", T_FLAG,
1.2 millert 91: "Log the year in the (non-syslog) log file",
92: NULL,
1.1 millert 93: }, {
94: "shell_noargs", T_FLAG,
1.2 millert 95: "If sudo is invoked with no arguments, start a shell",
96: NULL,
1.1 millert 97: }, {
98: "set_home", T_FLAG,
1.2 millert 99: "Set $HOME to the target user when starting a shell with -s",
100: NULL,
1.1 millert 101: }, {
102: "always_set_home", T_FLAG,
1.2 millert 103: "Always set $HOME to the target user's home directory",
104: NULL,
1.1 millert 105: }, {
106: "path_info", T_FLAG,
1.2 millert 107: "Allow some information gathering to give useful error messages",
108: NULL,
1.1 millert 109: }, {
110: "fqdn", T_FLAG,
1.2 millert 111: "Require fully-qualified hostnames in the sudoers file",
112: NULL,
1.1 millert 113: }, {
114: "insults", T_FLAG,
1.2 millert 115: "Insult the user when they enter an incorrect password",
116: NULL,
1.1 millert 117: }, {
118: "requiretty", T_FLAG,
1.2 millert 119: "Only allow the user to run sudo if they have a tty",
120: NULL,
1.1 millert 121: }, {
122: "env_editor", T_FLAG,
1.2 millert 123: "Visudo will honor the EDITOR environment variable",
124: NULL,
1.1 millert 125: }, {
126: "rootpw", T_FLAG,
1.2 millert 127: "Prompt for root's password, not the users's",
128: NULL,
1.1 millert 129: }, {
130: "runaspw", T_FLAG,
1.2 millert 131: "Prompt for the runas_default user's password, not the users's",
132: NULL,
1.1 millert 133: }, {
134: "targetpw", T_FLAG,
1.2 millert 135: "Prompt for the target user's password, not the users's",
136: NULL,
1.1 millert 137: }, {
138: "use_loginclass", T_FLAG,
1.2 millert 139: "Apply defaults in the target user's login class if there is one",
140: NULL,
1.1 millert 141: }, {
142: "set_logname", T_FLAG,
1.2 millert 143: "Set the LOGNAME and USER environment variables",
144: NULL,
1.1 millert 145: }, {
146: "stay_setuid", T_FLAG,
1.2 millert 147: "Only set the effective uid to the target user, not the real uid",
148: NULL,
1.1 millert 149: }, {
150: "preserve_groups", T_FLAG,
1.2 millert 151: "Don't initialize the group vector to that of the target user",
152: NULL,
1.1 millert 153: }, {
154: "loglinelen", T_UINT|T_BOOL,
1.2 millert 155: "Length at which to wrap log file lines (0 for no wrap): %d",
156: NULL,
1.1 millert 157: }, {
158: "timestamp_timeout", T_INT|T_BOOL,
1.2 millert 159: "Authentication timestamp timeout: %d minutes",
160: NULL,
1.1 millert 161: }, {
162: "passwd_timeout", T_UINT|T_BOOL,
1.2 millert 163: "Password prompt timeout: %d minutes",
164: NULL,
1.1 millert 165: }, {
166: "passwd_tries", T_UINT,
1.2 millert 167: "Number of tries to enter a password: %d",
168: NULL,
1.1 millert 169: }, {
170: "umask", T_MODE|T_BOOL,
1.2 millert 171: "Umask to use or 0777 to use user's: 0%o",
172: NULL,
1.1 millert 173: }, {
174: "logfile", T_STR|T_BOOL|T_PATH,
1.2 millert 175: "Path to log file: %s",
176: NULL,
1.1 millert 177: }, {
178: "mailerpath", T_STR|T_BOOL|T_PATH,
1.2 millert 179: "Path to mail program: %s",
180: NULL,
1.1 millert 181: }, {
182: "mailerflags", T_STR|T_BOOL,
1.2 millert 183: "Flags for mail program: %s",
184: NULL,
1.1 millert 185: }, {
186: "mailto", T_STR|T_BOOL,
1.2 millert 187: "Address to send mail to: %s",
188: NULL,
1.1 millert 189: }, {
190: "mailsub", T_STR,
1.2 millert 191: "Subject line for mail messages: %s",
192: NULL,
1.1 millert 193: }, {
194: "badpass_message", T_STR,
1.2 millert 195: "Incorrect password message: %s",
196: NULL,
1.1 millert 197: }, {
198: "timestampdir", T_STR|T_PATH,
1.2 millert 199: "Path to authentication timestamp dir: %s",
200: NULL,
1.1 millert 201: }, {
202: "timestampowner", T_STR,
1.2 millert 203: "Owner of the authentication timestamp dir: %s",
204: NULL,
1.1 millert 205: }, {
206: "exempt_group", T_STR|T_BOOL,
1.2 millert 207: "Users in this group are exempt from password and PATH requirements: %s",
208: NULL,
1.1 millert 209: }, {
210: "passprompt", T_STR,
1.2 millert 211: "Default password prompt: %s",
212: NULL,
1.1 millert 213: }, {
1.6 millert 214: "passprompt_override", T_FLAG,
215: "If set, passprompt will override system prompt in all cases.",
216: NULL,
217: }, {
1.1 millert 218: "runas_default", T_STR,
1.2 millert 219: "Default user to run commands as: %s",
220: NULL,
221: set_runaspw,
1.1 millert 222: }, {
223: "editor", T_STR|T_PATH,
1.2 millert 224: "Path to the editor for use by visudo: %s",
225: NULL,
226: }, {
227: "listpw", T_TUPLE|T_BOOL,
228: "When to require a password for 'list' pseudocommand: %s",
229: def_data_listpw,
230: }, {
231: "verifypw", T_TUPLE|T_BOOL,
232: "When to require a password for 'verify' pseudocommand: %s",
233: def_data_verifypw,
234: }, {
235: "noexec", T_FLAG,
236: "Preload the dummy exec functions contained in 'noexec_file'",
237: NULL,
238: }, {
239: "noexec_file", T_STR|T_PATH,
240: "File containing dummy exec functions: %s",
241: NULL,
1.1 millert 242: }, {
1.5 millert 243: "ignore_local_sudoers", T_FLAG,
244: "If LDAP directory is up, do we ignore local sudoers file",
245: NULL,
246: }, {
247: "setenv", T_FLAG,
248: "Allow users to set arbitrary environment variables",
249: NULL,
250: }, {
251: "env_reset", T_FLAG,
252: "Reset the environment to a default set of variables",
253: NULL,
254: }, {
1.1 millert 255: "env_check", T_LIST|T_BOOL,
1.2 millert 256: "Environment variables to check for sanity:",
257: NULL,
1.1 millert 258: }, {
259: "env_delete", T_LIST|T_BOOL,
1.2 millert 260: "Environment variables to remove:",
261: NULL,
1.1 millert 262: }, {
263: "env_keep", T_LIST|T_BOOL,
1.2 millert 264: "Environment variables to preserve:",
1.4 millert 265: NULL,
266: }, {
1.7 ! millert 267: "role", T_STR,
! 268: "SELinux role to use in the new security context: %s",
! 269: NULL,
! 270: }, {
! 271: "type", T_STR,
! 272: "SELinux type to use in the new security context: %s",
! 273: NULL,
! 274: }, {
1.1 millert 275: NULL, 0, NULL
276: }
277: };