Unverified Commit d159831d authored by Mice7R's avatar Mice7R
Browse files

Add option LP_USE_SUDO_VALIDATE

Validation of sudo credentials is done by invoking a command (true).
This means that, if the user has sudo credentials, a root session is
opened and then closed. Potentially generating two PAM messages plus the
sudo line for true being executed as root.

This commit adds an option to use the validate command (sudo -v) to test
for credentials.
Validate command DOES NOT open a session and does not log anything on
success.
It still logs "a password is required" in case of failure but those
lines are easier to filter out searching for COMMAND=validate.

I've opted for adding LP_USE_SUDO_VALIDATE instead of replacing the
default behaviour because I'm not sure if -v is on every system.
The default value is 0: using the old behaviour (execute true).
parent 10cd6af1
......@@ -551,7 +551,17 @@ Features
run ``sudo`` once each prompt. This is likely to make your sysadmin hate
you.
See also: :attr:`LP_COLOR_MARK_SUDO`.
See also: :attr:`LP_COLOR_MARK_SUDO`, :attr:`LP_USE_SUDO_VALIDATE`.
.. attribute:: LP_USE_SUDO_VALIDATE
:type: bool
:value: 0
Use sudo validate command ``sudo -v`` to check for valid credentials.
:attr:`LP_ENABLE_SUDO` must be enabled for this to have any effect.
See also: :attr:`LP_ENABLE_SUDO`.
.. attribute:: LP_ENABLE_SVN
:type: bool
......
......@@ -251,6 +251,7 @@ __lp_source_config() {
LP_ENABLE_FQDN=${LP_ENABLE_FQDN:-0}
LP_DISABLED_VCS_PATHS=( ${LP_DISABLED_VCS_PATHS[@]+"${LP_DISABLED_VCS_PATHS[@]}"} )
LP_ENABLE_SUDO=${LP_ENABLE_SUDO:-0}
LP_USE_SUDO_VALIDATE=${LP_USE_SUDO_VALIDATE:-0}
LP_ENABLE_COLOR=${LP_ENABLE_COLOR:-1}
LP_ENABLE_ERROR=${LP_ENABLE_ERROR:-1}
LP_ENABLE_DIRSTACK=${LP_ENABLE_DIRSTACK:-0}
......@@ -1331,9 +1332,14 @@ _lp_username_color() {
# Test the code with the commands:
# sudo id # sudo, enter your credentials
# sudo -K # revoke your credentials
# sudo -v # return non-zero when no credentials are cached
_lp_sudo_active() {
(( LP_ENABLE_SUDO )) || return 2
\sudo -n true 2>/dev/null || return 1
if (( LP_USE_SUDO_VALIDATE )); then
\sudo -nv 2>/dev/null || return 1
else
\sudo -n true 2>/dev/null || return 1
fi
}
_lp_sudo_active_color() {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment