Add option LP_USE_SUDO_VALIDATE to change sudo credential testing

Merged Johann Dreo requested to merge github/fork/Mice7R/feature/sudo-v into master

Created by: Mice7R

Validation of sudo credentials is done by invoking a command (true).

This means that, if the user has sudo credentials, a root session is opened and then closed. Potentially generating two PAM messages plus the sudo line for true being executed as root:

sudo:     user : TTY=pts/4 ; PWD=/home/user/Projects/liquidprompt ; USER=root ; COMMAND=/usr/bin/true
sudo: pam_unix(sudo:session): session opened for user root(uid=0) by user(uid=1000)
sudo: pam_unix(sudo:session): session closed for user root

This makes filtering this messages rather complex. Specially the pam ones that cannot be distinguished form other sudo commands.

This commit adds an option to use the validate command (sudo -v) to test for credentials. The difference is that validate does not generate any log on success. ie. If the user has cached credentials.

In case the user does not have cached credentials, or not in sudoers, it has the same behaviour as before: error line:

sudo:     user : a password is required ; TTY=pts/7 ; PWD=/home/user/Projects/liquidprompt; USER=root ; COMMAND=validate
sudo:     nobody : command not allowed ; TTY=pts/3 ; PWD=/home/user/Projects/liquidprompt ; USER=root ; COMMAND=validate

However, this lines are easy to filter out by searching COMMAND=validate

I've opted for adding LP_USE_SUDO_VALIDATE instead of replacing the default behaviour because I'm not sure if -v is on every system. The default value is 0: using the old behaviour.

Merge request reports