|
 |
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- b/plugins/sudoers/auth/pam.c
|
|
|
e6a6c6 |
+++ b/plugins/sudoers/auth/pam.c
|
|
|
e6a6c6 |
@@ -210,59 +210,71 @@
|
|
|
e6a6c6 |
sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt)
|
|
|
e6a6c6 |
{
|
|
|
e6a6c6 |
const char *s;
|
|
|
e6a6c6 |
+ int rc, status = AUTH_SUCCESS;
|
|
|
e6a6c6 |
int *pam_status = (int *) auth->data;
|
|
|
e6a6c6 |
debug_decl(sudo_pam_approval, SUDOERS_DEBUG_AUTH)
|
|
|
e6a6c6 |
|
|
|
e6a6c6 |
- *pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
|
|
|
e6a6c6 |
- switch (*pam_status) {
|
|
|
e6a6c6 |
+ rc = pam_acct_mgmt(pamh, PAM_SILENT);
|
|
|
e6a6c6 |
+ switch (rc) {
|
|
|
e6a6c6 |
case PAM_SUCCESS:
|
|
|
e6a6c6 |
- debug_return_int(AUTH_SUCCESS);
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
case PAM_AUTH_ERR:
|
|
|
e6a6c6 |
log_warningx(0, N_("account validation failure, "
|
|
|
e6a6c6 |
"is your account locked?"));
|
|
|
e6a6c6 |
- debug_return_int(AUTH_FATAL);
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
case PAM_NEW_AUTHTOK_REQD:
|
|
|
e6a6c6 |
/* Ignore if user is exempt from password restrictions. */
|
|
|
e6a6c6 |
- if (exempt)
|
|
|
e6a6c6 |
- debug_return_int(AUTH_SUCCESS);
|
|
|
e6a6c6 |
+ if (exempt) {
|
|
|
e6a6c6 |
+ rc = *pam_status;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ }
|
|
|
e6a6c6 |
/* New password required, try to change it. */
|
|
|
e6a6c6 |
log_warningx(0, N_("Account or password is "
|
|
|
e6a6c6 |
"expired, reset your password and try again"));
|
|
|
e6a6c6 |
- *pam_status = pam_chauthtok(pamh,
|
|
|
e6a6c6 |
- PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
|
e6a6c6 |
- if (*pam_status == PAM_SUCCESS)
|
|
|
e6a6c6 |
- debug_return_int(AUTH_SUCCESS);
|
|
|
e6a6c6 |
- if ((s = pam_strerror(pamh, *pam_status)) == NULL)
|
|
|
e6a6c6 |
+ rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
|
e6a6c6 |
+ if (rc == PAM_SUCCESS)
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ if ((s = pam_strerror(pamh, rc)) == NULL)
|
|
|
e6a6c6 |
s = "unknown error";
|
|
|
e6a6c6 |
log_warningx(0,
|
|
|
e6a6c6 |
N_("unable to change expired password: %s"), s);
|
|
|
e6a6c6 |
- debug_return_int(AUTH_FAILURE);
|
|
|
e6a6c6 |
+ status = AUTH_FAILURE;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
case PAM_AUTHTOK_EXPIRED:
|
|
|
e6a6c6 |
/* Ignore if user is exempt from password restrictions. */
|
|
|
e6a6c6 |
- if (exempt)
|
|
|
e6a6c6 |
- debug_return_int(AUTH_SUCCESS);
|
|
|
e6a6c6 |
+ if (exempt) {
|
|
|
e6a6c6 |
+ rc = *pam_status;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ }
|
|
|
e6a6c6 |
/* Password expired, cannot be updated by user. */
|
|
|
e6a6c6 |
log_warningx(0,
|
|
|
e6a6c6 |
N_("Password expired, contact your system administrator"));
|
|
|
e6a6c6 |
- debug_return_int(AUTH_FATAL);
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
case PAM_ACCT_EXPIRED:
|
|
|
e6a6c6 |
log_warningx(0,
|
|
|
e6a6c6 |
N_("Account expired or PAM config lacks an \"account\" "
|
|
|
e6a6c6 |
"section for sudo, contact your system administrator"));
|
|
|
e6a6c6 |
- debug_return_int(AUTH_FATAL);
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
case PAM_AUTHINFO_UNAVAIL:
|
|
|
e6a6c6 |
case PAM_MAXTRIES:
|
|
|
e6a6c6 |
case PAM_PERM_DENIED:
|
|
|
e6a6c6 |
- s = pam_strerror(pamh, *pam_status);
|
|
|
e6a6c6 |
+ s = pam_strerror(pamh, rc);
|
|
|
e6a6c6 |
log_warningx(0, N_("PAM account management error: %s"),
|
|
|
e6a6c6 |
s ? s : "unknown error");
|
|
|
e6a6c6 |
- debug_return_int(AUTH_FAILURE);
|
|
|
e6a6c6 |
+ status = AUTH_FAILURE;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
default:
|
|
|
e6a6c6 |
- s = pam_strerror(pamh, *pam_status);
|
|
|
e6a6c6 |
+ s = pam_strerror(pamh, rc);
|
|
|
e6a6c6 |
log_warningx(0, N_("PAM account management error: %s"),
|
|
|
e6a6c6 |
s ? s : "unknown error");
|
|
|
e6a6c6 |
- debug_return_int(AUTH_FATAL);
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
}
|
|
|
e6a6c6 |
+ *pam_status = rc;
|
|
|
e6a6c6 |
+ debug_return_int(status);
|
|
|
e6a6c6 |
}
|
|
|
e6a6c6 |
|
|
|
e6a6c6 |
int
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- a/doc/sudoers.cat
|
|
|
e6a6c6 |
+++ b/doc/sudoers.cat
|
|
|
e6a6c6 |
@@ -1286,6 +1286,17 @@ S?SU?UD?DO?OE?ER?RS?S O?OP?PT?TI?IO?ON?NS?S
|
|
|
e6a6c6 |
well as the _?P_?r_?e_?v_?e_?n_?t_?i_?n_?g _?s_?h_?e_?l_?l _?e_?s_?c_?a_?p_?e_?s section at the end
|
|
|
e6a6c6 |
of this manual. This flag is _?o_?f_?f by default.
|
|
|
e6a6c6 |
|
|
|
e6a6c6 |
+ pam_acct_mgmt On systems that use PAM for authentication, s?su?ud?do?o will
|
|
|
e6a6c6 |
+ perform PAM account validation for the invoking user by
|
|
|
e6a6c6 |
+ default. The actual checks performed depend on which
|
|
|
e6a6c6 |
+ PAM modules are configured. If enabled, account
|
|
|
e6a6c6 |
+ validation will be performed regardless of whether or
|
|
|
e6a6c6 |
+ not a password is required. This flag is _?o_?n by
|
|
|
e6a6c6 |
+ default.
|
|
|
e6a6c6 |
+
|
|
|
e6a6c6 |
+ This setting is only supported by version 1.8.28 or
|
|
|
e6a6c6 |
+ higher.
|
|
|
e6a6c6 |
+
|
|
|
e6a6c6 |
pam_session On systems that use PAM for authentication, s?su?ud?do?o will
|
|
|
e6a6c6 |
create a new PAM session for the command to be run in.
|
|
|
e6a6c6 |
Disabling _?p_?a_?m_?__?s_?e_?s_?s_?i_?o_?n may be needed on older PAM
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- a/doc/sudoers.man.in
|
|
|
e6a6c6 |
+++ b/doc/sudoers.man.in
|
|
|
e6a6c6 |
@@ -2722,6 +2722,19 @@ This flag is
|
|
|
e6a6c6 |
\fIoff\fR
|
|
|
e6a6c6 |
by default.
|
|
|
e6a6c6 |
.TP 18n
|
|
|
e6a6c6 |
+pam_acct_mgmt
|
|
|
e6a6c6 |
+On systems that use PAM for authentication,
|
|
|
e6a6c6 |
+\fBsudo\fR
|
|
|
e6a6c6 |
+will perform PAM account validation for the invoking user by default.
|
|
|
e6a6c6 |
+The actual checks performed depend on which PAM modules are configured.
|
|
|
e6a6c6 |
+If enabled, account validation will be performed regardless of whether
|
|
|
e6a6c6 |
+or not a password is required.
|
|
|
e6a6c6 |
+This flag is
|
|
|
e6a6c6 |
+\fIon\fR
|
|
|
e6a6c6 |
+by default.
|
|
|
e6a6c6 |
+.sp
|
|
|
e6a6c6 |
+This setting is only supported by version 1.8.28 or higher.
|
|
|
e6a6c6 |
+.TP 18n
|
|
|
e6a6c6 |
pam_session
|
|
|
e6a6c6 |
On systems that use PAM for authentication,
|
|
|
e6a6c6 |
\fBsudo\fR
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- a/doc/sudoers.mdoc.in
|
|
|
e6a6c6 |
+++ b/doc/sudoers.mdoc.in
|
|
|
e6a6c6 |
@@ -2560,6 +2560,18 @@ section at the end of this manual.
|
|
|
e6a6c6 |
This flag is
|
|
|
e6a6c6 |
.Em off
|
|
|
e6a6c6 |
by default.
|
|
|
e6a6c6 |
+.It pam_acct_mgmt
|
|
|
e6a6c6 |
+On systems that use PAM for authentication,
|
|
|
e6a6c6 |
+.Nm sudo
|
|
|
e6a6c6 |
+will perform PAM account validation for the invoking user by default.
|
|
|
e6a6c6 |
+The actual checks performed depend on which PAM modules are configured.
|
|
|
e6a6c6 |
+If enabled, account validation will be performed regardless of whether
|
|
|
e6a6c6 |
+or not a password is required.
|
|
|
e6a6c6 |
+This flag is
|
|
|
e6a6c6 |
+.Em on
|
|
|
e6a6c6 |
+by default.
|
|
|
e6a6c6 |
+.Pp
|
|
|
e6a6c6 |
+This setting is only supported by version 1.8.28 or higher.
|
|
|
e6a6c6 |
.It pam_session
|
|
|
e6a6c6 |
On systems that use PAM for authentication,
|
|
|
e6a6c6 |
.Nm sudo
|
|
|
e6a6c6 |
only in patch2:
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- ./plugins/sudoers/auth/pam.c.pamm 2019-01-11 21:30:17.000000000 +0100
|
|
|
e6a6c6 |
+++ ./plugins/sudoers/auth/pam.c 2019-08-02 15:14:38.980077956 +0200
|
|
|
e6a6c6 |
@@ -214,66 +214,68 @@ sudo_pam_approval(struct passwd *pw, sud
|
|
|
e6a6c6 |
int *pam_status = (int *) auth->data;
|
|
|
e6a6c6 |
debug_decl(sudo_pam_approval, SUDOERS_DEBUG_AUTH)
|
|
|
e6a6c6 |
|
|
|
e6a6c6 |
- rc = pam_acct_mgmt(pamh, PAM_SILENT);
|
|
|
e6a6c6 |
- switch (rc) {
|
|
|
e6a6c6 |
- case PAM_SUCCESS:
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- case PAM_AUTH_ERR:
|
|
|
e6a6c6 |
- log_warningx(0, N_("account validation failure, "
|
|
|
e6a6c6 |
- "is your account locked?"));
|
|
|
e6a6c6 |
- status = AUTH_FATAL;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- case PAM_NEW_AUTHTOK_REQD:
|
|
|
e6a6c6 |
- /* Ignore if user is exempt from password restrictions. */
|
|
|
e6a6c6 |
- if (exempt) {
|
|
|
e6a6c6 |
- rc = *pam_status;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- }
|
|
|
e6a6c6 |
- /* New password required, try to change it. */
|
|
|
e6a6c6 |
- log_warningx(0, N_("Account or password is "
|
|
|
e6a6c6 |
- "expired, reset your password and try again"));
|
|
|
e6a6c6 |
- rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
|
e6a6c6 |
- if (rc == PAM_SUCCESS)
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- if ((s = pam_strerror(pamh, rc)) == NULL)
|
|
|
e6a6c6 |
- s = "unknown error";
|
|
|
e6a6c6 |
- log_warningx(0,
|
|
|
e6a6c6 |
- N_("unable to change expired password: %s"), s);
|
|
|
e6a6c6 |
- status = AUTH_FAILURE;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- case PAM_AUTHTOK_EXPIRED:
|
|
|
e6a6c6 |
- /* Ignore if user is exempt from password restrictions. */
|
|
|
e6a6c6 |
- if (exempt) {
|
|
|
e6a6c6 |
- rc = *pam_status;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- }
|
|
|
e6a6c6 |
- /* Password expired, cannot be updated by user. */
|
|
|
e6a6c6 |
- log_warningx(0,
|
|
|
e6a6c6 |
- N_("Password expired, contact your system administrator"));
|
|
|
e6a6c6 |
- status = AUTH_FATAL;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- case PAM_ACCT_EXPIRED:
|
|
|
e6a6c6 |
- log_warningx(0,
|
|
|
e6a6c6 |
- N_("Account expired or PAM config lacks an \"account\" "
|
|
|
e6a6c6 |
- "section for sudo, contact your system administrator"));
|
|
|
e6a6c6 |
- status = AUTH_FATAL;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- case PAM_AUTHINFO_UNAVAIL:
|
|
|
e6a6c6 |
- case PAM_MAXTRIES:
|
|
|
e6a6c6 |
- case PAM_PERM_DENIED:
|
|
|
e6a6c6 |
- s = pam_strerror(pamh, rc);
|
|
|
e6a6c6 |
- log_warningx(0, N_("PAM account management error: %s"),
|
|
|
e6a6c6 |
- s ? s : "unknown error");
|
|
|
e6a6c6 |
- status = AUTH_FAILURE;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
- default:
|
|
|
e6a6c6 |
- s = pam_strerror(pamh, rc);
|
|
|
e6a6c6 |
- log_warningx(0, N_("PAM account management error: %s"),
|
|
|
e6a6c6 |
- s ? s : "unknown error");
|
|
|
e6a6c6 |
- status = AUTH_FATAL;
|
|
|
e6a6c6 |
- break;
|
|
|
e6a6c6 |
+ if (def_pam_acct_mgmt) {
|
|
|
e6a6c6 |
+ rc = pam_acct_mgmt(pamh, PAM_SILENT);
|
|
|
e6a6c6 |
+ switch (rc) {
|
|
|
e6a6c6 |
+ case PAM_SUCCESS:
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ case PAM_AUTH_ERR:
|
|
|
e6a6c6 |
+ log_warningx(0, N_("account validation failure, "
|
|
|
e6a6c6 |
+ "is your account locked?"));
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ case PAM_NEW_AUTHTOK_REQD:
|
|
|
e6a6c6 |
+ /* Ignore if user is exempt from password restrictions. */
|
|
|
e6a6c6 |
+ if (exempt) {
|
|
|
e6a6c6 |
+ rc = *pam_status;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ }
|
|
|
e6a6c6 |
+ /* New password required, try to change it. */
|
|
|
e6a6c6 |
+ log_warningx(0, N_("Account or password is "
|
|
|
e6a6c6 |
+ "expired, reset your password and try again"));
|
|
|
e6a6c6 |
+ rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
|
e6a6c6 |
+ if (rc == PAM_SUCCESS)
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ if ((s = pam_strerror(pamh, rc)) == NULL)
|
|
|
e6a6c6 |
+ s = "unknown error";
|
|
|
e6a6c6 |
+ log_warningx(0,
|
|
|
e6a6c6 |
+ N_("unable to change expired password: %s"), s);
|
|
|
e6a6c6 |
+ status = AUTH_FAILURE;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ case PAM_AUTHTOK_EXPIRED:
|
|
|
e6a6c6 |
+ /* Ignore if user is exempt from password restrictions. */
|
|
|
e6a6c6 |
+ if (exempt) {
|
|
|
e6a6c6 |
+ rc = *pam_status;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ }
|
|
|
e6a6c6 |
+ /* Password expired, cannot be updated by user. */
|
|
|
e6a6c6 |
+ log_warningx(0,
|
|
|
e6a6c6 |
+ N_("Password expired, contact your system administrator"));
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ case PAM_ACCT_EXPIRED:
|
|
|
e6a6c6 |
+ log_warningx(0,
|
|
|
e6a6c6 |
+ N_("Account expired or PAM config lacks an \"account\" "
|
|
|
e6a6c6 |
+ "section for sudo, contact your system administrator"));
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ case PAM_AUTHINFO_UNAVAIL:
|
|
|
e6a6c6 |
+ case PAM_MAXTRIES:
|
|
|
e6a6c6 |
+ case PAM_PERM_DENIED:
|
|
|
e6a6c6 |
+ s = pam_strerror(pamh, rc);
|
|
|
e6a6c6 |
+ log_warningx(0, N_("PAM account management error: %s"),
|
|
|
e6a6c6 |
+ s ? s : "unknown error");
|
|
|
e6a6c6 |
+ status = AUTH_FAILURE;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ default:
|
|
|
e6a6c6 |
+ s = pam_strerror(pamh, rc);
|
|
|
e6a6c6 |
+ log_warningx(0, N_("PAM account management error: %s"),
|
|
|
e6a6c6 |
+ s ? s : "unknown error");
|
|
|
e6a6c6 |
+ status = AUTH_FATAL;
|
|
|
e6a6c6 |
+ break;
|
|
|
e6a6c6 |
+ }
|
|
|
e6a6c6 |
+ *pam_status = rc;
|
|
|
e6a6c6 |
}
|
|
|
e6a6c6 |
- *pam_status = rc;
|
|
|
e6a6c6 |
debug_return_int(status);
|
|
|
e6a6c6 |
}
|
|
|
e6a6c6 |
|
|
|
e6a6c6 |
only in patch2:
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- ./plugins/sudoers/defaults.c.pamm 2019-08-02 15:14:38.973077882 +0200
|
|
|
e6a6c6 |
+++ ./plugins/sudoers/defaults.c 2019-08-02 15:14:38.987078030 +0200
|
|
|
e6a6c6 |
@@ -642,6 +642,7 @@ init_defaults(void)
|
|
|
e6a6c6 |
if ((def_editor = strdup(EDITOR)) == NULL)
|
|
|
e6a6c6 |
goto oom;
|
|
|
e6a6c6 |
def_set_utmp = true;
|
|
|
e6a6c6 |
+ def_pam_acct_mgmt = true;
|
|
|
e6a6c6 |
def_pam_setcred = true;
|
|
|
e6a6c6 |
def_syslog_maxlen = MAXSYSLOGLEN;
|
|
|
e6a6c6 |
def_case_insensitive_user = true;
|
|
|
e6a6c6 |
only in patch2:
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- ./plugins/sudoers/def_data.c.pamm 2019-08-02 15:14:38.976077914 +0200
|
|
|
e6a6c6 |
+++ ./plugins/sudoers/def_data.c 2019-08-02 15:20:37.592876029 +0200
|
|
|
e6a6c6 |
@@ -502,6 +502,10 @@ struct sudo_defs_types sudo_defs_table[]
|
|
|
e6a6c6 |
N_("Don't fork and wait for the command to finish, just exec it"),
|
|
|
e6a6c6 |
NULL,
|
|
|
e6a6c6 |
}, {
|
|
|
e6a6c6 |
+ "pam_acct_mgmt", T_FLAG,
|
|
|
e6a6c6 |
+ N_("Perform PAM account validation management"),
|
|
|
e6a6c6 |
+ NULL,
|
|
|
e6a6c6 |
+ }, {
|
|
|
e6a6c6 |
NULL, 0, NULL
|
|
|
e6a6c6 |
}
|
|
|
e6a6c6 |
};
|
|
|
e6a6c6 |
only in patch2:
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- ./plugins/sudoers/def_data.h.pamm 2019-08-02 15:14:38.976077914 +0200
|
|
|
e6a6c6 |
+++ ./plugins/sudoers/def_data.h 2019-08-02 15:14:38.987078030 +0200
|
|
|
e6a6c6 |
@@ -230,6 +230,8 @@
|
|
|
e6a6c6 |
#define def_legacy_group_processing (sudo_defs_table[I_LEGACY_GROUP_PROCESSING].sd_un.flag)
|
|
|
e6a6c6 |
#define I_CMND_NO_WAIT 115
|
|
|
e6a6c6 |
#define def_cmnd_no_wait (sudo_defs_table[I_CMND_NO_WAIT].sd_un.flag)
|
|
|
e6a6c6 |
+#define I_PAM_ACCT_MGMT 116
|
|
|
e6a6c6 |
+#define def_pam_acct_mgmt (sudo_defs_table[I_PAM_ACCT_MGMT].sd_un.flag)
|
|
|
e6a6c6 |
|
|
|
e6a6c6 |
enum def_tuple {
|
|
|
e6a6c6 |
never,
|
|
|
e6a6c6 |
only in patch2:
|
|
|
e6a6c6 |
unchanged:
|
|
|
e6a6c6 |
--- ./plugins/sudoers/def_data.in.pamm 2019-08-02 15:14:38.976077914 +0200
|
|
|
e6a6c6 |
+++ ./plugins/sudoers/def_data.in 2019-08-02 15:14:38.987078030 +0200
|
|
|
e6a6c6 |
@@ -363,3 +363,6 @@ legacy_group_processing
|
|
|
e6a6c6 |
cmnd_no_wait
|
|
|
e6a6c6 |
T_FLAG
|
|
|
e6a6c6 |
"Don't fork and wait for the command to finish, just exec it"
|
|
|
e6a6c6 |
+pam_acct_mgmt
|
|
|
e6a6c6 |
+ T_FLAG
|
|
|
e6a6c6 |
+ "Perform PAM account validation management"
|