1 static struct def_values def_data_lecture[] = {
2     { "never", never },
3     { "once", once },
4     { "always", always },
5     { NULL, 0 },
6 };
7 
8 static struct def_values def_data_listpw[] = {
9     { "never", never },
10     { "any", any },
11     { "all", all },
12     { "always", always },
13     { NULL, 0 },
14 };
15 
16 static struct def_values def_data_verifypw[] = {
17     { "never", never },
18     { "all", all },
19     { "any", any },
20     { "always", always },
21     { NULL, 0 },
22 };
23 
24 struct sudo_defs_types sudo_defs_table[] = {
25     {
26 	"syslog", T_LOGFAC|T_BOOL,
27 	"Syslog facility if syslog is being used for logging: %s",
28 	NULL,
29     }, {
30 	"syslog_goodpri", T_LOGPRI,
31 	"Syslog priority to use when user authenticates successfully: %s",
32 	NULL,
33     }, {
34 	"syslog_badpri", T_LOGPRI,
35 	"Syslog priority to use when user authenticates unsuccessfully: %s",
36 	NULL,
37     }, {
38 	"long_otp_prompt", T_FLAG,
39 	"Put OTP prompt on its own line",
40 	NULL,
41     }, {
42 	"ignore_dot", T_FLAG,
43 	"Ignore '.' in $PATH",
44 	NULL,
45     }, {
46 	"mail_always", T_FLAG,
47 	"Always send mail when sudo is run",
48 	NULL,
49     }, {
50 	"mail_badpass", T_FLAG,
51 	"Send mail if user authentication fails",
52 	NULL,
53     }, {
54 	"mail_no_user", T_FLAG,
55 	"Send mail if the user is not in sudoers",
56 	NULL,
57     }, {
58 	"mail_no_host", T_FLAG,
59 	"Send mail if the user is not in sudoers for this host",
60 	NULL,
61     }, {
62 	"mail_no_perms", T_FLAG,
63 	"Send mail if the user is not allowed to run a command",
64 	NULL,
65     }, {
66 	"tty_tickets", T_FLAG,
67 	"Use a separate timestamp for each user/tty combo",
68 	NULL,
69     }, {
70 	"lecture", T_TUPLE|T_BOOL,
71 	"Lecture user the first time they run sudo",
72 	def_data_lecture,
73     }, {
74 	"lecture_file", T_STR|T_PATH|T_BOOL,
75 	"File containing the sudo lecture: %s",
76 	NULL,
77     }, {
78 	"authenticate", T_FLAG,
79 	"Require users to authenticate by default",
80 	NULL,
81     }, {
82 	"root_sudo", T_FLAG,
83 	"Root may run sudo",
84 	NULL,
85     }, {
86 	"log_host", T_FLAG,
87 	"Log the hostname in the (non-syslog) log file",
88 	NULL,
89     }, {
90 	"log_year", T_FLAG,
91 	"Log the year in the (non-syslog) log file",
92 	NULL,
93     }, {
94 	"shell_noargs", T_FLAG,
95 	"If sudo is invoked with no arguments, start a shell",
96 	NULL,
97     }, {
98 	"set_home", T_FLAG,
99 	"Set $HOME to the target user when starting a shell with -s",
100 	NULL,
101     }, {
102 	"always_set_home", T_FLAG,
103 	"Always set $HOME to the target user's home directory",
104 	NULL,
105     }, {
106 	"path_info", T_FLAG,
107 	"Allow some information gathering to give useful error messages",
108 	NULL,
109     }, {
110 	"fqdn", T_FLAG,
111 	"Require fully-qualified hostnames in the sudoers file",
112 	NULL,
113     }, {
114 	"insults", T_FLAG,
115 	"Insult the user when they enter an incorrect password",
116 	NULL,
117     }, {
118 	"requiretty", T_FLAG,
119 	"Only allow the user to run sudo if they have a tty",
120 	NULL,
121     }, {
122 	"env_editor", T_FLAG,
123 	"Visudo will honor the EDITOR environment variable",
124 	NULL,
125     }, {
126 	"rootpw", T_FLAG,
127 	"Prompt for root's password, not the users's",
128 	NULL,
129     }, {
130 	"runaspw", T_FLAG,
131 	"Prompt for the runas_default user's password, not the users's",
132 	NULL,
133     }, {
134 	"targetpw", T_FLAG,
135 	"Prompt for the target user's password, not the users's",
136 	NULL,
137     }, {
138 	"use_loginclass", T_FLAG,
139 	"Apply defaults in the target user's login class if there is one",
140 	NULL,
141     }, {
142 	"set_logname", T_FLAG,
143 	"Set the LOGNAME and USER environment variables",
144 	NULL,
145     }, {
146 	"stay_setuid", T_FLAG,
147 	"Only set the effective uid to the target user, not the real uid",
148 	NULL,
149     }, {
150 	"env_reset", T_FLAG,
151 	"Reset the environment to a default set of variables",
152 	NULL,
153     }, {
154 	"preserve_groups", T_FLAG,
155 	"Don't initialize the group vector to that of the target user",
156 	NULL,
157     }, {
158 	"loglinelen", T_UINT|T_BOOL,
159 	"Length at which to wrap log file lines (0 for no wrap): %d",
160 	NULL,
161     }, {
162 	"timestamp_timeout", T_INT|T_BOOL,
163 	"Authentication timestamp timeout: %d minutes",
164 	NULL,
165     }, {
166 	"passwd_timeout", T_UINT|T_BOOL,
167 	"Password prompt timeout: %d minutes",
168 	NULL,
169     }, {
170 	"passwd_tries", T_UINT,
171 	"Number of tries to enter a password: %d",
172 	NULL,
173     }, {
174 	"umask", T_MODE|T_BOOL,
175 	"Umask to use or 0777 to use user's: 0%o",
176 	NULL,
177     }, {
178 	"logfile", T_STR|T_BOOL|T_PATH,
179 	"Path to log file: %s",
180 	NULL,
181     }, {
182 	"mailerpath", T_STR|T_BOOL|T_PATH,
183 	"Path to mail program: %s",
184 	NULL,
185     }, {
186 	"mailerflags", T_STR|T_BOOL,
187 	"Flags for mail program: %s",
188 	NULL,
189     }, {
190 	"mailto", T_STR|T_BOOL,
191 	"Address to send mail to: %s",
192 	NULL,
193     }, {
194 	"mailsub", T_STR,
195 	"Subject line for mail messages: %s",
196 	NULL,
197     }, {
198 	"badpass_message", T_STR,
199 	"Incorrect password message: %s",
200 	NULL,
201     }, {
202 	"timestampdir", T_STR|T_PATH,
203 	"Path to authentication timestamp dir: %s",
204 	NULL,
205     }, {
206 	"timestampowner", T_STR,
207 	"Owner of the authentication timestamp dir: %s",
208 	NULL,
209     }, {
210 	"exempt_group", T_STR|T_BOOL,
211 	"Users in this group are exempt from password and PATH requirements: %s",
212 	NULL,
213     }, {
214 	"passprompt", T_STR,
215 	"Default password prompt: %s",
216 	NULL,
217     }, {
218 	"runas_default", T_STR,
219 	"Default user to run commands as: %s",
220 	NULL,
221 	set_runaspw,
222     }, {
223 	"editor", T_STR|T_PATH,
224 	"Path to the editor for use by visudo: %s",
225 	NULL,
226     }, {
227 	"listpw", T_TUPLE|T_BOOL,
228 	"When to require a password for 'list' pseudocommand: %s",
229 	def_data_listpw,
230     }, {
231 	"verifypw", T_TUPLE|T_BOOL,
232 	"When to require a password for 'verify' pseudocommand: %s",
233 	def_data_verifypw,
234     }, {
235 	"noexec", T_FLAG,
236 	"Preload the dummy exec functions contained in 'noexec_file'",
237 	NULL,
238     }, {
239 	"noexec_file", T_STR|T_PATH,
240 	"File containing dummy exec functions: %s",
241 	NULL,
242     }, {
243 	"env_check", T_LIST|T_BOOL,
244 	"Environment variables to check for sanity:",
245 	NULL,
246     }, {
247 	"env_delete", T_LIST|T_BOOL,
248 	"Environment variables to remove:",
249 	NULL,
250     }, {
251 	"env_keep", T_LIST|T_BOOL,
252 	"Environment variables to preserve:",
253 	NULL,
254     }, {
255 	"ignore_local_sudoers", T_FLAG,
256 	"If LDAP directory is up, do we ignore local sudoers file",
257 	NULL,
258     }, {
259 	NULL, 0, NULL
260     }
261 };
262